For those who don't already know, Snappy is a distribution agnostic package manager for Linux developed by Canonical.
Snap packages are self-contained archives with all required dependencies included.
Applications run in a secure sandbox environment isolated from the main system, using such technology as
Linux namespaces, seccomp and AppArmor.
I've recently created snap package for i2pd, and very excited to share my experience.
Snaps are sandboxed and isolated from your main system. Applications can only have access to system resources allowed by package developer.
For example, those are system resources allowed to i2pd package:
i2pd can only access network, bind ports and use it's own virtual filesystem, everything else will be denied by kernel.
In theory, one could even run untrusted proprietary code safely.
Snaps are simple archives, which can be downloaded and installed by hand as regular deb/rpm ones.
Read more ...