this post was submitted on 16 Jul 2025
15 points (100.0% liked)
Ubuntu Linux
1970 readers
1 users here now
Linux for Human Beings.
Ubuntu is a popular Linux operating system for PC / mobile devices, etc.
Developed by Canonical & based on Debian (another older Linux OS) which is known for it's rock solid stability.
Ubuntu is trusted everywhere computing by professionals and common users alike.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
By far the worst part about Ubuntu is snap. Canonical has failed its community and the wider Linux community with it in so many ways.
For Ubuntu users
For wider community
There are other smaller controversies, like Mir, Unity, and Upstart, but none are as bad as snap.
But how much is anyone forced to use snaps, outside of maybe a few core applications that might define ubuntu? Flatpak can be installed on ubuntu and I'd say most of the important stuff seems to be from the apt repos. Granted that may be an argument for Debian alone but I'm just trying to make sense of it.
This is a bit outside my zone. Could you please explain this?
I didn't say people were forced to use snap, just that they're the default. But if they're to be made the default, they should be a good experience.
As for the sandboxing stuff. Ubuntu using AppArmor, a Mandatory Access Control (MAC) that is used to make the system more secure by creating profiles used to confine certain pieces of software. If they try to do something the profile doesn't allow them to do, it gets blocked.
Snap uses AppArmor to manage the sandbox of snaps. However, AppArmor isn't the only MAC around. Fedora and OpenSUSE use something else called SELinux, which has a similar purpose. But snap doesn't speak SELinux, it only speaks AppArmor. So none of the fancy AppArmor profiles used to contain snaps actually work on those distros, the sandbox it does have is so weak it's insignificant. Canonical could have addressed this by adding SELinux support to snap, but they haven't, they pretty much only care about Ubuntu and Debian. And as I mentioned before, Ubuntu patches AppArmor to add more functionality. But they have failed to upstream these patches, so only Ubuntu (and maybe Debian?) have access to the strongest sandboxing snap can offer.
On the other hand, flatpak uses bubblewrap to sandbox its applications. Bubblewrap uses standard Linux security features to sandbox apps rather than a specific MAC. That means the flatpak sandbox is strong regardless of which distro you are using. Although it does have some downsides. Flatpak doesn't speak to either MAC, which can be a problem since the MAC can confine the flatpak application more than is expected. For example, OpenSUSE ships some SELinux policies that allows Wine/Proton to function as expected. However, these policies don't get installed when you use Steam or any other launcher as a flatpak. It's something you have to do manually. Meanwhile if flatpak actually talked to the MAC (like snap does with AppArmor), then this wouldn't be a problem.