== fabulous.systems ==
Welcome to the world of fabulous.systems

Using Snap packages in Gentoo

One of the main advantages of snap packages is the possibility to use them not only on one Linux distribution like ’traditional’ packages, but on a wide variety of distributions without having to modify or rebuild them. Many distributions provide the necessary snapd daemon in their repositories.

It is entirely possible to use snap packages with Gentoo too. Even building new snap packages with snapcraft and multipass or LXD will be possible afterwards.


First and foremost: systemd is a mandatory requirement since snapd is not compatible with OpenRC. Since snapcraft requires elevated privileges, sudo should be installed and properly configured too.

In order to aquire the necessary ressources and permissions on the host system, snapd is using the AppArmor framework. In case you are using your own kernel, it might be necessary to manually enable AppArmor support in its configuration. The binary packages provided by the Gentoo project have AppArmor support already enabled.

I won’t cover the migration of a Gentoo based system to systemd at this point. Since this topic is so extensive, I’ll publish a separate article at a later point in time.

AppArmor and systemd

We need to compile systemd with the USE flags policykit and apparmor enabled, libseccomp with static-libs. Therefore we’ll add the following entries to the /etc/portage/package.use file:

sys-apps/systemd policykit apparmor
sys-libs/libseccomp static-libs

The snapd ebuild is masked by default, so we unmask it in the /etc/portage/package.accept_keywords file:

app-containers/snapd ~amd64

In the next step, we (re-) build systemd and AppArmor.

emerge sys-apps/systemd
emerge sys-apps/apparmor

In order to make AppArmor available right after the system is booted up, it’s necessary to modify the bootloader configuration. We need to add the following line to /etc/default/grub or modify it accordingly:

GRUB_CMDLINE_LINUX_DEFAULT="apparmor=1 security=apparmor"

Afterwards, the GRUB configuration gets rewritten with the command

grub-mkconfig -o /boot/grub/grub.cfg

Reboot the system to apply the chenges. In case you are using a different bootloader, please check the proper documentation.

Installing snapd itself

Finally, we install the snapd package and enable the necessary systemd units:

emerge --ask app-containers/snapd
systemctl enable --now snapd
systemctl enable --now snapd.socket
systemctl enable --now snapd.apparmor

Additional permissions for snapcraft

In case we want to allow unprivileged user accounts to create new snaps with snapcraft, we need to add them to the groups adm or lxd. The adm group is required if you want to use multipass for providing the build VM, lxd in case you want to use LXD instead.

gpasswd --add username adm
gpasswd --add username lxd

That’s it - now you should be able to run all snap packages you want. You can verify that your installation is working by checking out the hello-world snap provided by Canonical.

Do you have any comments or suggestions regarding this article? Please drop an e-mail to feedback@fabulous.systems!