As part of their fundamental, security-driven design, snaps are meant to run isolated from the underlying system. In most cases, the idea works well, and granular access to system resources using the mechanism of interfaces allows snap developers to ship their applications packaged with strict confinement.
However, there are some scenarios where even the liberal use of interface plugs cannot fully satisfy all of the functional requirements of specific applications. Certain programs need system-wide access to directories and files, and others may need to execute arbitrary binaries as part of their run. To that end, snaps can also be installed in the “classic” confinement mode, which gives them access similar to what the application would have if installed in the traditional way. The solution works, but now, there are proposals to make the classic mode even more robust and efficient.
The clash of shared libraries
The problem with classic confinement is that it takes away some of…
