This is something that has been a bit confusing for me as from my understanding flatpak has a sandbox where everything needed or dependencies are all included within the sandbox. What I don’t get is snap does the same thing so looking at things from an actual programing stand point which one would be better to use? (If you were to look at System resources ect which would come out as being better.)
Taken from the Snapcraft site: Snaps are containerised software packages that are simple to create and install. They auto-update and are safe to run. And because they bundle their dependencies, they work on all major Linux systems without modification.
Well from my understanding flatpak calls this a ‘sandbox’ environment so what would the differences be then.
Don’t bother with snap, it’s totally broken on non-ubuntu distro’s.
Use flatpak instead.
This has been stated mid 2025 here in Ask Fedora. I do not know how it looks today.
So that is why I propose it to move it to the watercooler if you still like to discuss.
Containerization and sandboxing are different things.
Snaps and flatpaks are fundamentally different. They are both containerized formats but they are very different otherwise. When you consider security, you really need to look into both of them and decide which matches your needs.
On Fedora, where apparmor doesn’t exist by default, flatpaks are definitely the simpler solution to get sandboxing.
In either case, please don’t count on complete sandboxing or full isolation. They both have permissions systems that need to be carefully managed and neither solution is perfect.
Snaps are more interesting technologically but are severely hampered by Canonical’s handling of the Snap Store, poor quality control, and lack of user control (ie to reconfigure the app’s permissions).
And as mentioned, snaps only work 100% as intended on Ubuntu. Full sandboxing relies on AppArmor and downstream AppArmor patches. So there’s very limited sandboxing on non-AppArmor distros like Fedora and “okay” sandboxing on AppArmor distros that lack patches, like Debian.