I work on some parts of snapd at Canonical, so thought I'd weigh in. I've got a few of points to add:
1. In the "snap debug confinement" output, it says "policy:downgraded". This indicates that snapd didn't detect enough AppArmor features to enforce the full "strict confinement" sandbox, so it switches to a permissive policy. This was done because the generated policies would sometimes malfunction on such systems. We do have a system to prevent the downgrade on some systems where we've verified that the sandbox behaves correctly: https://github.com/snapcore/snapd/blob/cc398c14fe13c70d14b9cb2eef9873cd4b8eda1e/interfaces/apparmor/backend.go#L614-L629 I suspect current Debian probably meets this standard, so we should add it to the exceptions list. 2. As for why Debian is not being considered for "full" support, I suspect this is down to the out-of-tree patches to enable access control for unix domain sockets. This will likely resolve itself when snapd moves to use the new AppArmor 3.0 network features (which does not rely on out of tree patches). 3. Even on systems where the full strict confined sandbox is enabled, acess to the root directory is granted in the base template: https://github.com/snapcore/snapd/blob/3173439195f62eacd6493cd49f257480811ed7a7/interfaces/apparmor/template.go#L444-L445 Note however that the root directory as seen within a snap's sandbox is not the same as the root directory of the host system. Instead, the contents of the "base snap" used by the snap. In the case of the "hello-world" snap, the base is "core". For example, this is the output on my system: james@scruffy:/$ ls bin cdrom etc lib lib64 lost+found mnt proc run snap sys usr boot dev home lib32 libx32 media opt root sbin srv tmp var james@scruffy:/$ snap run --shell hello-world To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. james@scruffy:/$ ls bin dev home lib64 meta opt root sbin srv tmp var boot etc lib media mnt proc run snap sys usr writable You should find that the non-AppArmor parts of the sandbox are still in effect. James.