At first glance, the title of this article may sound like an oxymoron. However, what it highlights is the introduction of a rather useful feature that will enable a far more robust and elegant handling of the /dev/shm implementation inside the snap sandbox. This will make snap development easier, more secure, and reduce potential bugs in browser-like apps.
A little bit of history and reasoning for the status quo
Snaps are self-contained application archives, isolated from the underlying operating system (as a security and robustness measure). To make snaps practical, granular access to specific system resources is available through a mechanism of interfaces. Snap developers can declare one or more plugs to different interfaces in their snapcraft.yaml file during the build process, and at runtime, the snapd service will connect these plugs to their corresponding slots for the declared interfaces, and allow the required functionality.
More recent versions of snapd also support the <a…
