On Monday, 17 June 2024 16:43:04 BST Nikos Chantziaras wrote: > So Skype for Linux isn't updated anymore other than its Snap version. So > I tried to install that by following the instructions here: > > https://wiki.gentoo.org/wiki/Snap > > As well as here for AppArmor: > > > https://wiki.gentoo.org/wiki/Security_Handbook/Linux_Security_Modules/AppArm > or > > After I did everything and emerged snapd with +apparmor -forced-devmode, > the snapd system service fails to start, and the log says: > > ==================== > systemd[1]: Starting Snap Daemon... > snapd[1781]: panic: USE=forced-devmode is disabled > snapd[1781]: goroutine 1 [running]: > snapd[1781]: github.com/snapcore/snapd/sandbox.ForceDevMode() > snapd[1781]: github.com/snapcore/snapd/sandbox/forcedevmode.go:40 +0x59 > snapd[1781]: > github.com/snapcore/snapd/snapdenv.SetUserAgentFromVersion({0x56276eefc947, > 0x4}, 0x56276f335708, {0x0, 0x0, 0x0}) > snapd[1781]: github.com/snapcore/snapd/snapdenv/useragent.go:41 +0xec > snapd[1781]: main.run(0xc000287740) > snapd[1781]: github.com/snapcore/snapd/cmd/snapd/main.go:108 +0x85 > snapd[1781]: main.main() > snapd[1781]: github.com/snapcore/snapd/cmd/snapd/main.go:60 +0xd3 > systemd[1]: snapd.service: Main process exited, code=exited, > status=2/INVALIDARGUMENT > systemd[1]: snapd.service: Failed with result 'exit-code'. > systemd[1]: Failed to start Snap Daemon. > systemd[1]: snapd.service: Triggering OnFailure= dependencies. > systemd[1]: Starting Failure handling of the snapd snap... > systemd[1]: snapd.failure.service: Deactivated successfully. > systemd[1]: Finished Failure handling of the snapd snap. > ==================== > > I have not tried with +forced-devmode because I just don't want to do > that if I can avoid it. Is it a hard requirement?
Skype is quite 'intrusive', accessing and auto-adjusting your audio/video,
activating and accessing sockets, launching/using gnome keyring, etc.
I interpret the following conditional statement from eix to mean: if you have
disabled forced-devmode, then you need systemd (to allow socket activation by
the Skype application) and apparmor (to somewhat contain this access):
["!forced-devmode? ( apparmor ) systemd"]
See below:
$ eix -l snapd
* app-containers/snapd
Available versions:
2.58 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
2.61 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
~ 2.63 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
Homepage: http://snapcraft.io/
You could run Skype in a dedicated/temporary OS installation separate to your
system and data, or in a firejail from a different user's account. I don't
know how well it would work and if any features will be hobbled in firejail.
I suspect running Skype would be a trade-off between security/privacy and
convenience.
There's also the option to avoid installing a desktop application for Skype
and run it as a web app, using websockets:
https://www.skype.com/en/features/skype-web/
Again you can try this using e.g. Firefox, within a firejail.
signature.asc
Description: This is a digitally signed message part.
