Canonical Snaps and Approach to Linux Packaging

Concept of Snaps and Why Its Useful

When running wsl in Windows (with Ubuntu) you will eventually come across the concept of snaps. 

Snaps are a package management feature that offer an alternative to the usual sudo apt-get (or sudo apt install, which is a wrapper over apt-get).

Snaps was developed by Canonical for security (via sandboxing, or in Canonical language "confinement") and convenience (an "all-in-one" snap removes the need to download and install individual dependencies).

The security side aims to guarantee safe execution of software by mandating packages abide by the principle of least privilege (this is diluted however by the option of classic confinement).

Concrete Example: Installing emacs edito

Trying to run emacs at the command line, you find it is not installed. You may see:

Command 'emacs' not found, but can be installed with
sudo snap install emacs # version 30.2

This is achieved by placing the package in a sandbox with snapd mediating all access to host system resources. 

The snap's confinement level controls the degree of isolation from the user's system.

• Strict confinement - abide by sandbox rules
• Classic confinement - liberal / "laissez-faire" (but needs explicit user approval on install)

Searching for Pre-Created Snaps using Canonical's Search Engine

There is a search engine for Snaps on Canonical's website. Canonical are calling it the "app store" for Linux.