On Monday, 17 June 2024 16:43:04 BST Nikos Chantziaras wrote:
So Skype for Linux isn't updated anymore other than its Snap version. So
I tried to install that by following the instructions here:
https://wiki.gentoo.org/wiki/Snap
As well as here for AppArmor:
https://wiki.gentoo.org/wiki/Security_Handbook/Linux_Security_Modules/AppArm or
After I did everything and emerged snapd with +apparmor -forced-devmode,
the snapd system service fails to start, and the log says:
====================
systemd[1]: Starting Snap Daemon...
snapd[1781]: panic: USE=forced-devmode is disabled
snapd[1781]: goroutine 1 [running]:
snapd[1781]: github.com/snapcore/snapd/sandbox.ForceDevMode()
snapd[1781]: github.com/snapcore/snapd/sandbox/forcedevmode.go:40 +0x59 snapd[1781]: github.com/snapcore/snapd/snapdenv.SetUserAgentFromVersion({0x56276eefc947, 0x4}, 0x56276f335708, {0x0, 0x0, 0x0})
snapd[1781]: github.com/snapcore/snapd/snapdenv/useragent.go:41 +0xec snapd[1781]: main.run(0xc000287740)
snapd[1781]: github.com/snapcore/snapd/cmd/snapd/main.go:108 +0x85 snapd[1781]: main.main()
snapd[1781]: github.com/snapcore/snapd/cmd/snapd/main.go:60 +0xd3 systemd[1]: snapd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: snapd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Snap Daemon.
systemd[1]: snapd.service: Triggering OnFailure= dependencies.
systemd[1]: Starting Failure handling of the snapd snap...
systemd[1]: snapd.failure.service: Deactivated successfully.
systemd[1]: Finished Failure handling of the snapd snap.
====================
I have not tried with +forced-devmode because I just don't want to do
that if I can avoid it. Is it a hard requirement?
Skype is quite 'intrusive', accessing and auto-adjusting your audio/video, activating and accessing sockets, launching/using gnome keyring, etc.
I interpret the following conditional statement from eix to mean: if you have disabled forced-devmode, then you need systemd (to allow socket activation by the Skype application) and apparmor (to somewhat contain this access):
["!forced-devmode? ( apparmor ) systemd"]
See below:
$ eix -l snapd
* app-containers/snapd
Available versions:
2.58 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
2.61 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
~ 2.63 ^s [apparmor +forced-devmode gtk kde systemd]
["!forced-devmode? ( apparmor ) systemd"]
Homepage:
http://snapcraft.io/
You could run Skype in a dedicated/temporary OS installation separate to your system and data, or in a firejail from a different user's account. I don't know how well it would work and if any features will be hobbled in firejail.
I suspect running Skype would be a trade-off between security/privacy and convenience.
There's also the option to avoid installing a desktop application for Skype
and run it as a web app, using websockets:
https://www.skype.com/en/features/skype-web/
Again you can try this using e.g. Firefox, within a firejail.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmZxTL4ACgkQseqq9sKV Zxk3eQ/+KpOAhjzmbpf+yJ+nhpVrgNX4j5SsGtqO5xByh6dpmu7YVZULAQS+elFg UhvkHIr+XbzAnNhWs+E33uhU1ItsE/IcNUb7jDNu4AlyUkGUdLVXW4MX0w3hJGG1 3Ly8C9uzsF0I1Lu1+u5PzXddkcqJNe5jAcjyU7Y2/6aNLQrnc5vL/mO3JGaucKsg 5YeV+0C4kLXBbsu8TrbJRDtCFz+YqA2U1xmdl5weekCgceNpwtyUAns+ZudFtNR+ YMlJB1KCmM5B2iVC1Wnbt+QGH7rJD40DF8ILDBlcpkuJe5HQJ/DPmyDy3Hgl4hlS UEnWggrOSYGtF8Z6oyD7KJXYdS330G4g7q3h0WRpES5ThchRp3plfk5XbvQ8OQlZ xIFaAz9gIGCek5wY10BIedBL7VtYKGxNQGcxQrjIVrWjkpNBYEn4yYHUl3Ow7MEO 7LppP5BABBYXk48shTMni/q1wf+vzH6Payx8HMNJrJiFPxhIyGh87MsAOZNToJ+V boVaiZ03dBj1G7EOOZw/8JX/VsqbTMF2Z1aaL5tlTg45+b1E1AnZBbjjgFcEZSHM PYClzZwqScNgmhGv62/w3LuyP+BL0Ozw8sL3jzvbyeWt7Vm1z7TlH5PaB9ZY4amu YvEtcxgafWYsqhC/5mLt+1HUTNn5Te+aeES0P/4WPHmx5e5hRg0=
=nk13
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)