🐧 Is starting snaps directly from their installation folder fine when you don't care about sandboxing? (e.g starting chromium snap directly from /snap/chromium/current/usr/lib/chromium-browser/chrome)
Nachrichtenbereich: 🐧 Linux Tipps
🔗 Quelle: reddit.com
Hey all,
first a bit of background info why I want to discuss this (just scroll down to the last paragraph if you don't care). I recently switched from using the chromium flatpak on my Ubuntu 22.04 to using the chromium snap. The reason I'm doing this is that don't like one thing about flathub: I don't really know who is maintaining/taking care of the flatpak I'm using. I don't know if anyone is slipping malicious stuff into it or if it's updated properly. At least I'm not aware of any curation. Unfortunately there is no official PPA or flatpak for chromium that I can use so I fall back to the snap.
One thing that I like about the snapcraft store is the publisher verification. That little check mark that tells me that chromium is from Canonical or that pycharm is from JetBrains gives me some trust.
Don't get me wrong. From a technical point of view I really love flatpaks and I wasn't a fan of snaps in the past for the several well known reasons (always uninstalled snapd and installed flatpak) but the curation is a killer feature for me.
So I tried the chromium snap from Canonical and ran into two issues:
- I have to replug my yubikey for u2f to work when using the snap. Everytime I restart the browser I have to do this. Super annoying as I have a yubikey nano. Here is a link to the bug tracker: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1884759
- The "Create shortcut" or PWA function in the chromium snap not really work as there are two issues with it:
- The .desktop files generated are not correct: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1732482 (can be fixed manually not a big deal)
- Separate icons for the PWAs/Desktop Shortcuts and for different profiles (I do this using --user-data-dir and --class) in Gnome doesn't work. The reason why I use PWAs is that I like to have dedicated icons for several web applications like MS Teams or Outlook for example. I also have separate task bar icons using different profiles for each of my bigger customers. Here is the bug tracker link about this and from here I got the following workaround that I want to discuss: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1891649
From the this bug tracker link I got the workaround to just start chromium directly from the snap installation directory "/snap/chromium/current/usr/lib/chromium-browser/chrome". When I do this, all of the issues described above are not existent. As far as I understand, directly starting chromium from the snap installation folder will start chromium without any sandboxing (at least it then creates its config directly in ~/.config/chromium). Now I want to ask you: Do you see any problems doing this when I don't care about sandboxing? For me it seems fine as I would be also fine with using a official PPA over the snap for chromium and there I would also not have any sandboxing. For me this looks like a good thing: I can use snapcraft as I trusted source for installing/updating the application binaries and if I have any problems caused by the snap sandbox I just start it like a usual application.
Any opinions on this?
[link] [comments] ...
🐧 Fedora 40 Plans To Unify /usr/bin & /usr/sbin
📈 34.33 Punkte
🐧 Linux Tipps
🐧 Sandboxing a folder
📈 30.12 Punkte
🐧 Linux Tipps
🐧 Sandboxing system app, Snap or Flatpak?
📈 28.14 Punkte
🐧 Linux Tipps