Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system.

Applications in a Snap run in a container with limited access to the host system. Using Interfaces, users can give an application mediated access to additional features of the host such as recording audio, accessing USB devices and recording video. These interfaces mediate regular Linux APIs so that applications can function in the sandbox without needing to be rewritten. Desktop applications can also use the XDG Desktop Portals, a standardized API originally created by the Flatpak project (originally called xdg-app) to give sandboxed desktop applications access to host resources. These portals often provide a better user experience compared to the native Linux APIs because they prompt the user for permission to use resources such as a webcam at the time the application uses them. The downside is that applications and toolkits need to be rewritten in order to use these newer APIs.

The Snap sandbox also supports sharing data and Unix sockets between Snaps. This is often used to share common libraries and application frameworks between Snaps to reduce the size of Snaps by avoiding duplication.

The Snap sandbox heavily relies on the AppArmor Linux Security Module from the upstream Linux kernel. Because only one "major" Linux Security Module (LSM) can be active at the same time, the Snap sandbox is much less secure when another major LSM is enabled. As a result, on distributions such as Fedora which enable SELinux by default, the Snap sandbox is heavily degraded. Although Canonical is working with many other developers and companies to make it possible for multiple LSMs to run at the same time, in 2020 this solution was still a long time away.

Multiple times a day, snapd checks for available updates of all Snaps and installs them in the background using an atomic operation. Updates can be reverted and use delta encoding to reduce their download size.

Publishers can release and update multiple versions of their software in parallel using channels. Each channel has a specific track and risk, which indicate the version and stability of the software released on that channel. When installing an application, Snap defaults to using the latest/stable channel, which will automatically update to new major releases of the software when they become available. Publishers can create additional channels to give users the possibility to stick to specific major releases of their software. For example, a 2.0/stable channel would allow users to stick to the 2.0 version of the software and only get minor updates without the risk of backwards incompatible changes. When the publisher releases a new major version in a new channel, users can manually update to the next version when they choose.

The schedule, frequency and timing of automatic updates can be configured by users. Users can also pause automatic updates for a certain period of time, or indefinitely. Updates are automatically paused on metered connections.

Snapcraft is a tool for developers to package their programs in the Snap format. It runs on any Linux distribution supported by Snap, macOS and Microsoft Windows. Snapcraft builds the packages in a Virtual Machine using Multipass, in order to ensure the result of a build is the same, regardless of which distribution or operating system it is built on. Snapcraft supports multiple build tools and programming languages, such as Go, Java, JavaScript, Python, C/C++ and Rust. It also allows importing application metadata from multiple sources such as AppStream, git, shell scripts and setup.py files.