I noticed an unexpected behavior with snap applications and cgroups. When running snap applications as child processes from a system service (daemon), the processes do not run inside
system.slice but in
user.slice instead. To be more precise: Snap creates a dedicated “scope” for each application inside
app.slice. It has been quite hard for me to find information on this topic.
Which role does
snap-confine play here? Does this behavior apply to “classic snaps”, too?