Snap: Support snapshot feature

[gaui]

Currently VSCode Snap is created with Snap's classic confinement, which means that Snapcraft doesn't handle application or user state, making the snapshot feature useless.

When creating a Snap with strict confinement (default), Snapcraft sandboxes the application and runs in an isolated secure environment, and overrides various environment variables. With classic confinement, this is not the case.

Classic
Allows access to your system’s resources in much the same way traditional packages do. To safeguard against abuse, publishing a classic snap requires manual approval, and installation requires the --classic command line argument.

All application/user data created with Snap applications using strict confinement can be manipulated with the Snapcraft snapshot feature. Why isn't Code under strict confinement?

See examples for Code (classic) and ngrok (strict) below.

VSCode (code) has the following CLI arguments: --user-data-dir and --extensions-dir so this can be set/overridden, but the user of the Snap cannot set these. Unless doing something like this:

$ snap run --shell code
$ code
$ code --user-data-dir=$SNAP_USER_DATA

I saw this issue which could possibly relate to this in some way: #3884

• VSCode Version: 1.35.1 c7d83e57cd18f18026a8162d042843bda1bcf21f x64
• OS Version: Linux Mint 19.1 (Ubuntu); 4.15.0-51-generic

Steps to Reproduce:

1. Install code snap (snap install code --classic)
2. Change user settings (~/.config/Code/User/settings.json)
3. Save state of snap (snap save code)
4. Change user settings again (~/.config/Code/User/settings.json)
5. Restore previous user settings (snap restore 1)

Previous version of settings.json is not restored.

Does this issue occur when all extensions are disabled?: Yes

Example: code (classic confinement)

$ snap run --shell code
$ export | grep -E ' (USER|PATH|HOME|(SNAP|NODE)_.+)=".+"$'

declare -x HOME="/home/gaui"
declare -x PATH="/home/gaui/.nvm/versions/node/v11.10.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/home/gaui/go/bin:/home/gaui/go/bin"
declare -x SNAP_ARCH="amd64"
declare -x SNAP_COMMON="/var/snap/code/common"
declare -x SNAP_CONTEXT="Ljl4wyHRmyxMyJXHw1PDFmxTSY3cVHPYsKHnxymY6C8L"
declare -x SNAP_COOKIE="Ljl4wyHRmyxMyJXHw1PDFmxTSY3cVHPYsKHnxymY6C8L"
declare -x SNAP_DATA="/var/snap/code/9"
declare -x SNAP_INSTANCE_NAME="code"
declare -x SNAP_LIBRARY_PATH="/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void"
declare -x SNAP_NAME="code"
declare -x SNAP_REVISION="9"
declare -x SNAP_USER_COMMON="/home/gaui/snap/code/common"
declare -x SNAP_USER_DATA="/home/gaui/snap/code/9"
declare -x SNAP_VERSION="c7d83e57"
declare -x USER="gaui"

Example: ngrok (strict confinement)

$ snap run --shell ngrok
$ export | grep -E ' (USER|PATH|HOME|(SNAP|NODE)_.+)=".+"$'

declare -x HOME="/home/gaui/snap/ngrok/13"
declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
declare -x SNAP_ARCH="amd64"
declare -x SNAP_COMMON="/var/snap/ngrok/common"
declare -x SNAP_CONTEXT="DPGlHy5JTBsW1Vdc84k6mjJJtX4sprMDB0Gy0vCclJKH"
declare -x SNAP_COOKIE="DPGlHy5JTBsW1Vdc84k6mjJJtX4sprMDB0Gy0vCclJKH"
declare -x SNAP_DATA="/var/snap/ngrok/13"
declare -x SNAP_INSTANCE_NAME="ngrok"
declare -x SNAP_LIBRARY_PATH="/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void"
declare -x SNAP_NAME="ngrok"
declare -x SNAP_REVISION="13"
declare -x SNAP_USER_COMMON="/home/gaui/snap/ngrok/common"
declare -x SNAP_USER_DATA="/home/gaui/snap/ngrok/13"
declare -x SNAP_VERSION="2.3.27"
declare -x USER="gaui"

[gaui]

If you want to see how strict confinement should work, install my test app:

snap install gaui-counter

[joaomoreno]

We have no plans to use strict confinement for now.

[gaui]

@joaomoreno ok, but is it possible to allow the user to choose where to save user data, so the snapshot feature in Snap can be utilised (snap save code) ?

[gaui]

How about this...

bash -c "snap run --shell code <(echo XDG_DATA_HOME=$\SNAP_USER_DATA/Code XDG_CONFIG_HOME=$\SNAP_USER_DATA code --user-data-dir=$\SNAP_USER_DATA/Code --extensions-dir=$\SNAP_USER_DATA/Code/extensions)"

Resulting in this:

{
    "_": [],
    "verbose": true,
    "user-data-dir": "/home/gaui/snap/code/9/Code",
    "extensions-dir": "/home/gaui/snap/code/9/Code/extensions",
    "appRoot": "/snap/code/9/usr/share/code/resources/app",
    "machineId": "81cfbab93df75bd844527d28ba7bf1abf9547b741edf1d028a0e933cb8c5b46b",
    "nodeCachedDataDir": "/home/gaui/snap/code/9/Code/CachedData/c7d83e57cd18f18026a8162d042843bda1bcf21f",
    "mainPid": 26885,
    "execPath": "/snap/code/9/usr/share/code/code",
    "userEnv": {
        "VSCODE_IPC_HOOK": "/run/user/1000/snap.code/vscode-614a82a5-1.35.1-main.sock",
        "VSCODE_NLS_CONFIG": "{\"locale\":\"en-us\",\"availableLanguages\":{},\"_languagePackSupport\":true}",
        "VSCODE_LOGS": "/home/gaui/snap/code/9/Code/logs/20190624T024121"
    },
    "isInitialStartup": true,
    "backupPath": "/home/gaui/snap/code/9/Code/Backups/1561343819058",
    "windowId": 1,
    "logLevel": 0,
    "zoomLevel": 0,
    "frameless": true,
    "perfEntries": [
        "main:started",
        1561344081183,
        "main:appReady",
        1561344081243,
        "willLoadMainBundle",
        1561344081246,
        "didLoadMainBundle",
        1561344081298,
        "main:loadWindow",
        1561344081441
    ],
    "partsSplashPath": "/home/gaui/snap/code/9/Code/rapid_render.json"
}

[joaomoreno]

It seems that's a great workaround, you can create an alias for it.

[shreepads]

We have no plans to use strict confinement for now.

Well that's unfortunate, as per https://snapcraft.io/docs/snap-confinement strict confinement is "Used by the majority of snaps"
Could you explain why you have no plans to use strict confinement - it would make VS Code a lot more acceptable to Linux users

[gaui]

And also classic confinement doesn't use sandboxing so configs are in ~/.config/ - making snapshots in Snap useless to commit state of user and data directories and restoring to that particular state.

[vscodebot]

This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 20 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

[condekind]

It would be quite nice to see vscode moving away from --classic confinement

[vscodebot]

This feature request has not yet received the 20 community upvotes it takes to make to our backlog. 10 days to go. To learn more about how we handle feature requests, please see our documentation.

Happy Coding

[vscodebot]

This feature request has not yet received the 20 community upvotes it takes to make to our backlog. 10 days to go. To learn more about how we handle feature requests, please see our documentation.

Happy Coding

[vscodebot]

🙁 In the last 60 days, this feature request has received less than 20 community upvotes and we closed it. Still a big Thank You to you for taking the time to create this issue! To learn more about how we handle feature requests, please see our documentation.

Happy Coding!