HOWTO: How to snap timg (text image viewer)
James Henstridge
james.henstridge at canonical.com
Wed Mar 1 10:51:41 UTC 2017
On 1 March 2017 at 07:13, Michi Henning <michi.henning at canonical.com> wrote:
>
>> Upon further thinking, I believe that I did not have to use a fresh
>> LXD container, because the "strict" confinement would preclude anyway
>> the snap from using any of my desktop's existing system libraries.
>> Isn't that indeed the case?
>
> I don’ think so. System libraries are visible even with strict confinement, as far as I know.
That's not true. When a command or daemon in a strict mode snap gets
executed, it runs in a different mount namespace where the file system
root is the contents of the "core" snap. You can verify this by
executing the following:
snap run --shell command_name
.. and use that shell to inspect the file system as seen by that
particular command.
James.
More information about the Snapcraft
mailing list