Snap is a softwarepackaging anddeployment system developed byCanonical foroperating systems that use theLinux kernel and thesystemdinit system. The packages, calledsnaps, and the tool for using them,snapd, work across a range ofLinux distributions[3] and allowupstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system.
Applications in a Snap run in a container with limited access to the host system. UsingInterfaces, users can give an application mediated access to additional features of the host such as recording audio, accessing USB devices and recording video.[4][5][6] These interfaces mediate regular Linux APIs so that applications can function in the sandbox without needing to be rewritten. Desktop applications can also use the XDG Desktop Portals, a standardized API originally created by theFlatpak project (originally called xdg-app) to give sandboxed desktop applications access to host resources.[7][8] These portals often provide a better user experience compared to the native Linux APIs because they prompt the user for permission to use resources such as a webcam at the time the application uses them. The downside is that applications and toolkits need to be rewritten in order to use these newer APIs.
The Snap sandbox also supports sharing data andUnix sockets between Snaps.[9] This is often used to share common libraries and application frameworks between Snaps to reduce the size of Snaps by avoiding duplication.[10][11]
The Snap sandbox heavily relies on theAppArmor Linux Security Module from the upstreamLinux kernel. Because only one "major"Linux Security Module (LSM) can be active at the same time,[12] the Snap sandbox is much less secure when another major LSM is enabled. As a result, on distributions such asFedora which enableSELinux by default, the Snap sandbox is heavily degraded. Although Canonical is working with many other developers and companies to make it possible for multiple LSMs to run at the same time, this solution is still[when?] a long time away.[13][12][14]
Multiple times a day, snapd checks for available updates of all Snaps and installs them in the background using anatomic operation. Updates can be reverted[15][16] and usedelta encoding to reduce their download size.[17][18][19]
Publishers can release and update multiple versions of their software in parallel usingchannels. Each channel has a specifictrack andrisk, which indicate theversion andstability of the software released on that channel. When installing an application, Snap defaults to using thelatest/stable channel, which will automatically update to new major releases of the software when they become available. Publishers can create additional channels to give users the possibility to stick to specific major releases of their software. For example, a2.0/stable channel would allow users to stick to the 2.0 version of the software and only get minor updates without the risk of backwards incompatible changes. When the publisher releases a new major version in a new channel, users can manually update to the next version when they choose.[20][21][22][23]
The schedule, frequency and timing of automatic updates can be configured by users. Users can also pause automatic updates for a certain period of time, or indefinitely.[24][25][26] Updates are automatically paused on metered connections.[27][28]
Snapcraft is a tool for developers to package their programs in the Snap format.[31] It runs on any Linux distribution supported by Snap,macOS[32] andMicrosoft Windows.[33] Snapcraft builds the packages in aVirtual Machine using Multipass,[34] in order to ensure the result of a build is the same, regardless of which distribution or operating system it is built on.[35] Snapcraft supports multiple build tools and programming languages, such asGo,Java,JavaScript,Python,C/C++ andRust. It also allows importing application metadata from multiple sources such asAppStream,git, shell scripts andsetup.py files.[32][36]
The Snap Store allows developers to publish their snap-packaged applications.[37] All apps uploaded to the Snap Store undergo automatic testing, including amalware scan. However, the scan does not catch all issues. In one case in May 2018, two applications by the same developer were found to contain acryptocurrency miner which ran in the background during application execution. In 2024, fake cryptocurrency wallets were uploaded that would steal the user's funds, and then when taken down by Canonical, simply reuploaded by a new account.[38] Although the Snap sandbox attempts to reduce the impact of a malicious app, multiple exploits have been found that allow malicious Snaps to escape the sandbox and gain direct access to the user's data.[39][40] Canonical recommends users only install Snaps from publishers trusted by the user.[41][42]
Snaps areself-contained packages that work across a range ofLinux distributions. This is unlike traditional Linux package management approaches, which require specifically adapted packages for each Linux distribution.[43][44]
The commandsnap list here shows thatSkype andIntelliJ IDEA have been installed
The snapfile format is a single compressedfilesystem using theSquashFS format with the extension.snap. This filesystem contains the application, libraries it depends on, and declarative metadata. This metadata is interpreted by snapd to set up an appropriately shaped securesandbox for that application. After installation, the snap is mounted by the host operating system and decompressed on the fly when the files are used.[45][23] Although this has the advantage that snaps use less disk space, it also means some large applications start more slowly.[46][47]
Snap supports any class of Linux application such as desktop applications, server tools, IoT apps and even system services such as the printer driver stack.[48][49] To ensure this, Snap relies onsystemd for features such as running socket-activated system services in a Snap.[50] This causes Snap to work best only on distributions that can adopt thatinit system.[51]
Screenshot ofSpotify-EasyRPM installation script running onopenSUSE Tumbleweed, the script downloaded the Spotify Linux Snap package from snapcraft.io, processed and converted the package intoRPM, and installed the RPM into the system
Snap initially only supported the all-SnapUbuntu Core distribution, but in June 2016, it was ported to a wide range of Linux distributions to become a format for universal Linux packages.[52] Snap requiresSystemd which is available in most, but not all, Linux distributions. OtherUnix-like systems (e.g.FreeBSD) are not supported.[53]ChromeOS does not support Snap directly, only through Linux distributions installed in it that support Snap, such asGallium OS.[54]
Ubuntu and its official derivatives pre-install Snap by default, as well as other Ubuntu-based distributions such asKDE Neon, andZorin OS.[55]Solus have currently planned to drop Snap, to reduce the burden of maintaining AppArmor patches needed for strict Snap confinement.[56]Zorin OS have removed Snap as a default package in the Zorin OS 17 release.[57] While other official Ubuntu derivatives such asKubuntu,Xubuntu, andUbuntu MATE have also shipped with the competingFlatpak as a complement, they will no longer do so beginning with Ubuntu 23.04, meaning that it must be installed manually by the user.[58]
Snap has received mixed reaction from the developer community. On Snap's promotional site,Heroku praised Snap's auto-update as it fits their fast release schedule well.Microsoft mentions its ease of use and Snap beingYAML-based, as well as it being distribution-agnostic.JetBrains says the Snap Store gives their tools more exposure,[74][better source needed] although some users claim launching the tools takes much longer when it's installed from the Snap Store than when it's installed another way.[75][unreliable source]
Others have objected to the closed-source nature of the Snap Store. Clément Lefèbvre (Linux Mint founder and project leader[76][77]) has written that Snap is biased and has a conflict of interest. The reasons he cited include it being governed by Canonical and locked to their store, and also that Snap works better on Ubuntu than on other distributions.[78] He later announced that the installing of Snap would be blocked byAPT in Linux Mint,[79][80] although a way to disable this restriction would be documented.[81]
On recent versions of Ubuntu, Canonical has migrated certain packages exclusively to Snap, such asChromium andFirefox[82] web browsers.[83][37] The replacement of Firefox led to mixed reception from users due to performance issues with the Snap version, especially on startup.[82]
^Lefèbvre, Clément (June 2020)."Monthly News – May 2020".The Linux Mint Blog. The Mint Team.Archived from the original on 10 June 2020. Retrieved10 June 2020.
