Home / ubuntu / Questions / 1139788
In Process
johnwolf1987
Asked: 2019-05-02 11:39:09 +0800 CST

Is it safe to install using snap --classic?

  • 772

I wanted to install Pycharm Community edition using snap with the following command:

sudo snap install pycharm-community

Unfortunately, I got the following error message:

error: This revision of snap "pycharm-community" was published using classic confinement and thus may perform arbitrary system changes outside of the security sandbox that snaps are usually confined to, which may put your system at risk.
If you understand and want to proceed repeat the command including
--classic.

My question is: is it safe to proceed and install it using --classic as they suggest? What are the risks of doing so? (i.e what kind of "arbitrary system changes" can happen?) And lastly, has anyone tried it and did everything go well?

I previously installed IntelliJ IDEA a few weeks ago and didn't get this problem. Of course, there are certainly other ways to install it, but I found snap to be a convenient tool as then I just need to type the name of the program in the terminal to launch it.

pycharm snap

1 Answers

  1. Short Ans: YES! IT IS COMPLETELY SAFE.

    Long Ans:

    Source: https://snapcraft.io/docs/snap-confinement

    What is Snap Confinement?

    A snap’s confinement level is the degree of isolation it has from your system. There are three levels of snap confinement:

    • Strict

      Used by the majority of snaps. Strictly confined snaps run in complete isolation, up to a minimal access level that’s deemed always safe. Consequently, strictly confined snaps can not access your files, network, processes or any other system resource without requesting specific access via an interface.

    • Classic

      Allows access to your system’s resources in much the same way traditional packages do. To safeguard against abuse, publishing a classic snap requires manual approval, and installation requires the --classic command line argument.

    • Devmode

      A special mode for snap creators and developers. A devmode snap runs as a strictly confined snap with full access to system resources, and produces debug output to identify unspecified interfaces. Installation requires the --devmode command line argument. Devmode snaps cannot be released to the stable channel, do not appear in search results, and do not automatically refresh.

    I think now you understand that to install mostly code IDE(s) through command line interface you have to manually give confinement permission to them with --classic as they have to access files and folders in different spaces located on your machine to update/change/modify etc. But if you install them from GUI software centers then they already have the confinement permission with them and if you install them with browser's help by downloading there .deb files then also they have the same confinement permission so either way they are going to need the --classic permission no matter through what method you install them. eg:

    sudo snap install code --classic

sudo snap install pycharm-community --classic

sudo snap install sublime-text --classic

    What you'll see when you type snap find code:

    What you'll see if you try to install packages from software centers:

    • 0