![](https://seccdn.libravatar.org/avatar/1486e8317b9d75b8f77c569cc28e6d66.jpg?s=120&d=mm&r=g)
IIRC the snaps talk at osc'17 last week ( https://www.slideshare.net/zk rynicki/snaps-on-open-suse/41), there are also some apparmor patches (which have been sent to upstream) which are needed to have proper security. Is it on your todo list ?
Yeah, there are people working on pushing all necessary patches for AppArmor to the upstream Linux kernel so we can have proper AppArmor confinement with a pure upstream kernel soon. However I am not sure where we are with this at the moment, but last I've heard was that we just miss a few smaller things after 4.12 is out. For now we will keep snapd on openSUSE in the so called forced-devmode which will deactivate strict confinement via AppArmor but just keeps the seccomp part enabled. Hope that helps. If you have any further questions, please let me know. regards, Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org