Snap install modes
A snap can be installed with the following optional arguments, typically used to help test a snap under development, troubleshoot interface issues, or debug application crashes:
--classic: classic confinement for full system access
--dangerous: dangerous mode for testing local unsigned snaps
--devmode: developer mode for testing and viewing log output
--jailmode: forces a snap to be installed with strict confinement
See Check snap install mode for how to check the install mode status of any installed snaps.
Without further command line arguments, a default snap installation will attempt to install a snap as strictly confined.
Strict confinement is used by the majority of snaps, enabling them to run their applications and services in complete isolation with a minimal access level that’s always deemed safe.
Certain snaps, however, require unfettered access to the system, and these are packaged as classic snaps. Installing a snap that requires classic access will prompt the user to use the additional
$ sudo snap install snapcraft --classic
Only classic snaps can be installed with the
--classic argument. However, while the argument is silently accepted when installing a strict snap, it won’t make any difference to its confinement. The snap will still be strictly confined.
See Snap confinement for more details on confinement levels.
--dangerous argument will install a local snap without validating or checking its assertions or signatures. These signatures are used to link a snap to its publisher and store, and to ensure that a snap remains unchanged during delivery and storage.
This option is useful when testing snaps shared through a trusted channel, and for testing snaps built locally, before eventually being published to the store.
This mode is intended to help snap developers identify the interfaces an application needs.
--devmode argument to the snap installation command will permit full access to system resources but will also report each access when no appropriate interface has been specified. This report is sent to the system log.
This feature allows developers to iterate over their snap, selectively adding interfaces to their application before switching to strict mode after all necessary interfaces have been specified.
The validity of a snap’s signed assertions will also be checked, linking a snap to its developer and store, but the installation will progress even when the validity cannot be verified. In this case, the devmode snap is additionally equivalent to being installed with
--dangerous (see above).
A strictly confined snap running in devmode will generate log and AppArmor profile output associated with the snap, helping snap developers and testers understand access issues and other confinement problems.
The devmode argument is also a requirement if a snap has been built and published with
confinement: devmode in its snapcraft.yaml. These snaps are built for testing and cannot be released to their respective stable channels. See Choosing a security model for further details.
Additionally, snaps running in development mode will not be updated. This is because it’s assumed the snap developer wishes to test, and continue testing, a specific release. To update a snap, it will first need to be removed and reinstalled without
Installing a snap with
--jailmode will install the snap into a strictly confined environment.
Only non-classic snaps can be installed with jailmode. This can be useful when testing how a snap published with devmode (see above) will behave when strictly confined, and is usually a precursor to a snap being published as confined and stable after a period of testing.
Check snap install mode
snap list command will include the install mode status in the Notes column for each respective snap:
Name Version Rev Tracking Publisher Notes liquidctl 1.7.1-11-g6295354 1 latest/stable morrisong devmode snapcraft 5.0 6751 latest/stable canonical✓ classic
Last updated 2 days ago.