128

In recent c't (sadly paywalled) there is an article about Snap and Flatpak.

enter image description here

This sounds very similar to Docker, lots of concepts are the same. Now my question what's the difference between Snap and Docker? Are those different use cases?

Sybil
  • 2,107

1 Answers1

155

You might find Mark Shuttleworth's talk "Why we need a different container purely for apps" at Container Camp relevant to your question. He talks generally about VMs, containers and Docker at the start, continuing on to snaps and how they fit in about nine minutes in. Here's my summary:

  • Different types of containers look the same but are used for different purposes.
  • Containers don't really exist at the kernel level. Different sorts of illusions are possible. Independently we can create illusions about what users, network, disk and processes a container sees.
  • Different types of containers are really about different classes of the illusions that are created.
  • Snaps are:
    • Immutable, but still part of the base system.
    • Integrated in terms of network, so share the system IP address, unlike Docker, where each container gets its own IP address.
    • In other words, Docker gives us a thing there. Snaps gives us a thing here. For example, on a desktop, a snap provides an app right on it.
    • A snap can't pollute the rest of the system. It's in its own box. But it can still see (read-only) the rest of the system, which allows it to talk and integrate with the system.

You asked about different use cases compared to Docker. Here's one that snaps can do, but Docker cannot: desktop apps. Third parties can ship desktop apps using snaps, and users can easily install and update them. A Docker container can't (easily) interact with the user graphically on the screen, load documents from the user's home directory, or provide video conferencing via the user's webcam. Snaps can (once given permission).

You might ask how this is better than using PPAs. But in comparison to Docker, that's like asking how Docker is better than installing dependencies on a system by hand. It's better, but exactly how would probably be best answered in a separate, non-Docker-specific question.

Robie Basak
  • 15,670
  • 3
    This sounds like Sandboxie for windows. Sandboxed programs can open dialogs, access all local files, but when they write, they just write into their sandbox. – feedc0de Jan 24 '18 at 13:24
  • 8
    This is not true. Docker can interact with desktop applications (once given permission). https://github.com/jamrizzi/docker-gtk – Clay Risser Jan 19 '18 at 03:21
  • 2
    What does that tool you link to do differently than a normal docker? You can mount your x11 socket into the docker without any special docker version. – feedc0de Jan 24 '18 at 13:25
  • 1
    It's not a tool, it's a demonstration – Clay Risser Feb 14 '18 at 20:54
  • I get your points about mounting X11 socket into docker, but you still have to install/update the X server outside of Docker, correct?

    In this case, you can use apt-get but snaps have an advantage supporting noninteractive updating. Or am I missing something?

     – Roman Gaufman May 03 '18 at 16:21
  • 1
    @jamrizzi It looks like what you do is simply giving docker access to the X11 socket in a script. This is quite far from having the user involved in anyway in this process (where is the "Docker wants to access the Display. Cancel or Allow?" dialogue?) – Thorbjørn Ravn Andersen May 08 '18 at 14:46
  • I think the "non-Docker-specific question" of "how this is better than using PPAs" mentioned in the answer could be this one https://askubuntu.com/questions/618471/ – Organic Addict Jul 12 '18 at 23:07
  • 1
    NB that it can't see/modify the rest of the system, but it can be made to see/modify user/mounted media files on the system: https://askubuntu.com/questions/1033344/how-to-give-snaps-access-to-somedir – rogerdpack Jan 18 '22 at 17:44
  • It's very possible that snap is far more important for the Canonical Business Model than snap is for actual users or even administrators. Docker is more mature and easier to use for sandboxing server apps. PodMan is also an interesting, more open docker alternative. AppImage is much less troublesome way to package and sandbox desktop apps. – erwin Jan 27 '23 at 10:25