Hello Classic

This repository contains the raw source code of the first snap using classic confinement.

About classic confinement

Classic confinement is a new feature that is under development for snapd 2.19. It allows snaps coming from trusted sources to execute both without the security sandbox and without the pivot_root to the core snap (aka kind-of chroot).

Building and testing

Ensure that you have snapcraft version at least 2.24 (run snapcraft --version to check). To build the snap just run snapcraft.

Installation

Install this snap just as any regular snap. If built locally please use snap install --dangerous --classic hello-classic_*.snap. Note the presence of --classic switch. This switch tells snapd that you allow this snap to be installed with classic confinement.

Exploration

After you install the snap please inspect the file in /snap/hello-classic/current/hello-classic with ldd. It is also useful to use snap run --shell hello-classic and see what you can do from there and how the classic environment looks like.

Theory

This snap contains one dynamically linked C executable, hello-classic. The executable uses the dynamic linker and runtime libraries from the core snap. It is totally independent of the classic distribution with the exception that the kernel and provided snapd need to be recent enough to support this construct.

Unlike regular snaps the classic snap has full access to the file system of the classic distribution.

Ideas

You can use classic snaps to package your shell, your toolchain, your brand new tool or your clunky internal script that you've been sharing with your colleagues.