How to install snapd

Hi,

Is there any way we can use the snapd applications

Can we install snapd in Clear linux?

Thanks

2 Likes

No, you’d have to compile it from source. We currently support flatpak and appimage, but not snapd.

Also, let us know what applications you’re looking for. If we can package it in Clear Linux natively that is generally preferable.

Is there a technical reason to not do this? We’d have a Firefox with codecs, chromium, as well as a bunch of other applications people might want/need that can never be packaged in Clear (vscode, etc.).

5 Likes

Yes We’re need Snapd soooooo deep!

I also agree. There are a lot more browsers available as snaps. In fact a lot more programmes in general…

2 Likes

Is there a way to package MySQL Workbench on Clear Linux?

I have compiled snapd.
But snapd refuses to work without snap-seccomp (required selinux to compile and work);
clear dont have support for selinux nor apparmor too;
and looks impossible for me to install selinux.
Any idea how to get snapd working?

snap compiled with --disable-apparmor --disable-selinux

snapd
AppArmor status: apparmor not enabled
2020/08/30 08:45:12.163691 daemon.go:343: started snapd/unknown (series 16; classic; devmode) clear-linux-os/33660 (amd64) linux/5.7.15-977.native.
2020/08/30 08:45:12.181160 daemon.go:436: adjusting startup timeout by 30s (pessimistic estimate of 30s plus 5s per snap)
cannot run daemon: state startup errors: [cannot obtain snap-seccomp version information: fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory]

man snap-confine

Seccomp profiles

snap-confine looks for the /var/lib/snapd/seccomp/bpf/$SECURITY_TAG.bin file. This file is mandatory and snap-confine will refuse to run without it. This file contains the seccomp bpf binary program that is loaded into the kernel by snap-confine.

The file is generated with the /usr/lib/snapd/snap-seccomp compiler from the $SECURITY_TAG.src file that uses a custom syntax that describes the set of allowed system calls and optionally their arguments. The profile is then used to confine the started application.

As a security precaution disallowed system calls cause the started application executable to be killed by the kernel. In the future this restriction may be lifted to return EPERM instead.