-
Notifications
You must be signed in to change notification settings - Fork 594
Interfaces
Interfaces allow snaps to communicate or share resources according to the protocol established by the interface.
Each connection has two ends, a "plug" (consumer) and a "slot" (provider). A plug and a slot can be connected if they use the same interface name. The connection grants necessary permissions for snaps to operate according to the protocol.
Slots may support multiple connections to plugs. For example the core snap
exposes the network
slot and all applications that can talk over the
network connect their plugs there.
The availability of an interface depends on a number of factors and
may be provided by the core snap or via snaps providing the slot. The
available interfaces on a given system can be seen with snap interfaces
.
Most interfaces are designed for strong application isolation and user control such that auto-connected interfaces are considered safe and users choose what applications to trust and to what extent via manually connected interfaces.
Some interfaces are considered transitional to support traditional Linux desktop environments and these transitional interfaces typically are auto-connected. Since many of the underlying technologies in these environments were not designed with strong application isolation in mind, users should only install applications using these interfaces from trusted sources. Transitional interfaces will be deprecated as replacement or modified technologies that enforce strong application isolation are available.
Interfaces may either be auto-connected on install or manually connected after install.
To list the available connectable interfaces and connections:
$ snap interfaces
To make a connection:
$ snap connect <snap>:<plug interface> <snap>:<slot interface>
To disconnect snaps:
$ snap disconnect <snap>:<plug interface> <snap>:<slot interface>
Consider a snap foo
that uses plugs: [ log-observe ]
. Since
log-observe
is not auto-connected, foo
will not have access to the
interface upon install:
$ sudo snap install foo
$ snap interfaces
Slot Plug
:log-observe -
- foo:log-observe
You may manually connect using snap connect
:
$ sudo snap connect foo:log-observe core:log-observe
$ snap interfaces
Slot Plug
:log-observe foo:log-observe
and disconnect using snap disconnect
:
$ sudo snap disconnect foo:log-observe core:log-observe
$ snap interfaces # shows they are disconnected
Slot Plug
:log-observe -
- foo:log-observe
On the other hand, bar
could use plugs: [ network ]
and since
network
is auto-connected, bar
has access to the interface upon
install:
$ sudo snap install bar
$ snap interfaces
Slot Plug
:network bar:network
You may disconnect an auto-connected interface:
$ sudo snap disconnect bar:network core:network
$ snap interfaces
Slot Plug
:network -
- bar:network
Whether the slot is provided by the core snap or not doesn't matter in terms of
snap interfaces except that if the slot is provided by a snap, a snap that
implements the slot must be installed for it to be connectable. Eg, the
bluez
interface is not provided by the core snap so a snap author
implementing the bluez service might use slots: [ bluez ]
. Then after
install, the bluez interface shows up as available:
$ sudo snap install foo-blue
$ snap interfaces
Slot Plug
foo-blue:bluez -
Now install and connect works like before (eg, baz
uses
plugs: [ bluez ]
):
$ sudo snap install baz
$ snap interfaces
Slot Plug
foo-blue:bluez -
- baz:bluez
$ sudo snap connect baz:bluez foo-blue:bluez
$ snap interfaces
Slot Plug
foo-blue:bluez baz:bluez
Can add users and change password. Suitable for administration tools.
- Auto-Connect: no
Can access all video cameras. Suitable for programs wanting to use webcams.
- Auto-Connect: no
Providing snaps implementing a DBus API may be accessed via their well-known DBus connection name (2.20+).
- Auto-Connect: no
- Attributes:
- name (slot): well-known DBus connection name for the service (eg,
org.foo.bar
) - bus (slot): DBus bus to use (ie,
session
orsystem
) - name (plug): well-known DBus connection name of the service from the providing snap
- bus (plug): DBus bus to use for providing snap
- name (slot): well-known DBus connection name for the service (eg,
Snaps that want to communicate via a well-known DBus connection name
need to have matching bus
and name
attributes and then be connected
via snap connect
. Snaps specifying bus: system
will have a default
DBus bus policy that allows root
to own the name and anyone to send
to a destination that matches the well-known name (eg, org.foo.bar
).
Once connected, the consuming snap may communicate with the providing
snap via:
- the specified well-known DBus connection name (eg,
org.foo.bar
) - a unique DBus connection name using a matching DBus interface
(eg,
org.foo.bar.baz
) or DBus path (eg,/org/foo/bar/norf
)
This interface is particularly well-suited for leaf-style applications from GNOME, KDE, etc to integrate into the desktop session. Future versions of snapd may allow greater flexibility for bus policy, DBus interfaces and DBus paths and also support session services and DBus activation.
Note: when developing snaps using devmode for DBus system services, the slot implementation must use this interface so that snapd may adjust the DBus bus policy so the snap may use the system bus.
Can access basic desktop graphical resources (2.28+). This interface is designed to be used with other interfaces, such as wayland.
- Auto-Connect: yes
Can access desktop legacy methods such as a11y and input methods which gives privileged access to sensitive information and does not prevent eavesdropping or apps interfering with each other (2.28+).
- Auto-Connect: yes
- Transitional: yes
Can access global gsettings of the user's session which gives privileged access to sensitive information stored in gsettings and allows adjusting settings of other applications.
- Auto-Connect: yes
- Transitional: yes
Can access non-hidden files in user's $HOME
and gvfs mounted directories
owned by the user to read/write/lock.
- Auto-Connect: yes on classic (traditional distributions), no otherwise
- Transitional: yes
- Attributes:
- read (plug): optional, when set to 'all' allow reading non-hidden files in home directories of all users as traditional file permissions allow.
Providing snaps implementing the Media Player Remote Interfacing Specification (mpris) may be accessed via their well-known DBus name.
Consuming snaps can access media players implementing mpris via the providing snap's well-known DBus name.
- Auto-Connect: no
- Attributes:
- name (slot): optional, media player name to use for DBus well-known name
(ie,
org.mpris.MediaPlayer2.$name
). If omitted, use the snap's name.
- name (slot): optional, media player name to use for DBus well-known name
(ie,
Can access the network as a client.
- Auto-Connect: yes
Can access the network as a server.
- Auto-Connect: yes
Can access OpenGL hardware.
- Auto-Connect: yes
Can access the first optical drive. Suitable for CD/DVD playback (write
added in (2.33+).
- Auto-Connect: by default, yes; when
write: true
, no - Attributes:
- write: true|false (defaults to
false
)
- write: true|false (defaults to
Can access global password manager services provided by popular Desktop Environment (eg, Secret Service and KWallets) which gives privileged access to sensitive information stored in the user's session (2.27+).
- Auto-Connect: no
- Transitional: yes
Can access the PulseAudio sound server which allows for sound playback in games and media application. Recording not supported but will be in a future release.
- Auto-Connect: yes
Can access files from removable media in /media and /run/media. This can be used to give an app access to mounted USB sticks and external hard drives on a desktop.
- Auto-Connect: no
Can access desktop session manager screen inhibit and uninhibit functionality.
- Auto-Connect: yes
Can control the system power state and rebooting, powering off or halting the system.
- Auto-Connect: no
Can access Unity7. Unity 7 runs on X and requires access to various DBus services. This interface grants privileged access to the user's session since the Unity 7 environment does not prevent eavesdropping or apps interfering with one another.
- Auto-Connect: yes
- Transitional: yes
Can access compositors providing the wayland protocol (2.28+).
- Auto-Connect: yes
Can access snaps providing the X server which typically gives privileged access to the user's session since X does not prevent eavesdropping or apps interfering with one another.
- Auto-Connect: yes
- Transitional: yes
Can create and delete non-system extra users and change the password for non-system extra users (2.22+).
- Auto-Connect: no
Can directly access ALSA devices in /dev/snd.
- Auto-Connect: no
Can be introspected by autopilot (2.24+).
- Auto-Connect: no
Can access and control snaps providing Avahi mDNS/DNS-SD services on the network which gives privileged access to the service (2.28+).
- Auto-Connect: no
Can access snaps providing Avahi to browse for mDNS/DNS-SD services on the network.
- Auto-Connect: no
Allow to manage the kernel side Bluetooth stack.
- Auto-Connect: no
Can access snaps providing the bluez interface which gives privileged access to bluetooth.
- Auto-Connect: no
Can access broadcom-asic devices and sysfs interfaces (2.28+).
- Auto-Connect: no
Can access files and IPC needed by modern browsers. This interface is
intended to be used when using an embedded Chromium Content API or using the
sandboxes in major browsers from vendors like Google and Mozilla. The
allow-sandbox
attribute may be used to give the necessary access to use
the browser's sandbox functionality.
- Auto-Connect: no when
allow-sandbox: true
, yes otherwise - Attributes:
- allow-sandbox: true|false (defaults to
false
)
- allow-sandbox: true|false (defaults to
Note: for webapps that use electron or Oxide, it is often useful to disable the
internal sandbox and rely on strict confinement so that the snap uses
allow-sandbox: false
. To do this:
- for electron, specify
--no-sandbox
on the command line for your app - for Oxide webviews, export
OXIDE_NO_SANDBOX=1
Allows resources necessary for running as classic dimension snap which gives
device ownership to the snap. This interface is reserved for the classic
snap (2.23).
Auto-Connect: no
Can access content from the providing snap from within the consuming snap's filesystem area.
Consult dedicated page about the content interface
- Auto-Connect: yes for snaps from same publisher, no otherwise
- Attributes:
- read (slot): read-only paths from providing snap to expose to the consuming snap
- write (slot): read-write paths from providing snap to expose to the consuming snap
- content (slot): reference to plug side of connection. Defaults to local slot name
- default-provider (plug): name and slot of preferred providing snap (
<SNAP>:<SLOT>
) - target (plug): path in consuming snap to find providing snap's files
- content (plug): reference to slot side of connection. Defaults to local plug name
Read, write and target can start with either $SNAP
, $SNAP_DATA
or
$SNAP_COMMON
to refer to the designated directory. The content attribute
specified of the consuming snap (plug) must have a content attribute match in
the providing snap (slot).
Can control all aspects of systemd via the systemctl command, update rsyslog
configuration, update systemd-timesyncd configuration and update/apply
sysctl configuration which gives privileged access to the system
(2.22+). Reserved for core
snaps (type: os
).
- Auto-Connect: no
Can access cups control socket which gives privileged access to configure printing.
- Auto-Connect: no
Can interact with the Dell Systems Management Base Driver which provides a sysfs interface for systems management software such as Dell OpenManage to perform system management interrupts and host control actions (system power cycle or power off after OS shutdown) on certain Dell systems.
- Auto-Connect: no
Can access snaps providing the docker interface which gives privileged access to the system.
- Auto-Connect: no
Can access resources and syscalls necessary to run Docker application
containers. The privileged-containers
attribute may be used to give the
necessary access to run privileged containers. Providing snaps specifying this
interface currently may only be established with the Docker project.
- Auto-Connect: no
- Attributes:
- privileged-containers (plug): true|false (defaults to
false
)
- privileged-containers (plug): true|false (defaults to
Can configure network firewalling giving privileged access to networking.
- Auto-Connect: no
Can use the universal framebuffer (/dev/fb[0-9]*, (2.22+)).
- Auto-Connect: no
Can mount fuse filesystems (as root only).
- Auto-Connect: no
Can access snaps providing the fwupd interface which gives privileged access to update UEFI capsule format firmware.
- Auto-Connect: no
Can read GnuPG user configuration, public and private keys (2.31+).
- Auto-Connect: no
Can read GnuPG non-sensitive user configuration and public keys (2.31+).
- Auto-Connect: no
Can access GPIO devices. This is restricted because it provides privileged access to GPIO hardware.
-
Auto-Connect: no
-
Attributes:
- number (slot): GPIO pin number to export and expose to consuming snaps
Snaps that want to consume a gpio device simply plugs: [ gpio ]
and the gpio
device to connect is specified during interface connection. Available gpio
devices for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via /sys/class/gpio/gpioN
where N
is
the pin number specified by the connected slot.
Can access all GPIO memory via /dev/gpiomem. This is restricted because it provides privileged access to all GPIO devices (2.31+)..
- Auto-Connect: no
Can access resources and syscalls necessary to run Amazon Greengrass services and lambda functions. Providing snaps specifying this interface currently may only be established with the Amazon Greengrass project (2.26+).
- Auto-Connect: no
Can query hardware information from the system.
- Auto-Connect: no
Allow read/write access to /dev/hwrng
(2.25+).
- Auto-Connect: no
Allow read access to /dev/hwrng
(2.25+).
- Auto-Connect: no
Can access hidraw devices. This is restricted because it provides privileged access to hardware devices.
-
Auto-Connect: no
-
Attributes:
Should specify a single path attribute:
- path (slot): path to hidraw device node e.g. /dev/hidraw0
Or three attributes:
- usb-vendor (slot): integer representing the USB Vendor ID, must be in range 0 < vid <= 65535
- usb-product (slot): integer representing the USB Product ID, must be in range 0 <= vid <= 65535
- path (slot): path where a symlink will be created to the device e.g. /dev/hidraw-mydevice
Snaps that want to consume a hidraw device simply plugs: [ hidraw ]
and
the hidraw device to connect is specified during interface connection. Available
hidraw devices for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via the path specified by the connected
slot.
Can access i2c devices. This is restricted because it provides privileged access to hardware devices.
-
Auto-Connect: no
-
Attributes:
- path (slot): path to i2c device node e.g. /dev/i2c-0
Snaps that want to consume an i2c device simply plugs: [ i2c ]
and the i2c
device to connect is specified during interface connection. Available i2c
devices for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via the path specified by the connected
slot.
Can access IIO devices. This is restricted because it provides privileged access to IIO hardware (2.20+).
-
Auto-Connect: no
-
Attributes:
- path (slot): path to IIO device node e.g. /dev/iio:device0
Snaps that want to consume an IIO device simply plugs: [ iio ]
and the IIO
device to connect is specified during interface connection. Available IIO
devices for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via the path specified by the connected
slot.
Can write to /dev/port
to change the I/O port permissions and privilege
level of the calling process and disable interrupts (2.21+).
- Auto-Connect: no
Can access /dev/js*
devices (2.24+).
- Auto-Connect: no
Can insert kernel modules. This interface gives privileged access to the device.
- Auto-Connect: no
Can access resources and syscalls necessary to operate as the Kubernetes service and run application containers (2.25+).
- Auto-Connect: no
Can access /dev/kvm
which gives privileged access to the kvm hypervisor (2.28+).
- Auto-Connect: no
Can access the libvirt control socket, which gives privileged access to control libvirtd on the host. This is commonly used to create and manage QEMU/KVM instances on the host.
- Auto-Connect: no
Can manage locales directly separate from config core
.
- Auto-Connect: no
Can access snaps providing the location-control interface which gives privileged access to configure, observe and use location services.
- Auto-Connect: no
Can access snaps providing the location-observe interface which gives privileged access to query location services.
- Auto-Connect: no
Can read system logs and set kernel log rate-limiting.
- Auto-Connect: no
Can use the LXD API via the socket provided by the "lxd" snap. LXD_DIR must be set to /var/snap/lxd/common/lxd. This interface requires manual connection.
- Auto-Connect: no
Can access all resources and syscalls on the device for LXD to mediate access for its containers. This interface currently may only be established with the upstream LXD project.
- Auto-Connect: no
- Transitional: yes
Can access snaps providing the maliit input interface (2.24+).
- Auto-Connect: no
Can access snaps providing the media-hub interface (2.25+).
- Auto-Connect: yes
Can access snaps providing the mir display server interface.
- Auto-Connect: yes
Can access snaps providing the modem-manager interface which gives privileged access to configure, observe and use modems.
- Auto-Connect: no
Can query system mount information. This is restricted because it gives privileged read access to mount arguments and should only be used with trusted apps.
- Auto-Connect: no
Can communicate via NETLINK_AUDIT (2.26+).
- Auto-Connect: no
Can communicate via NETLINK_CONNECTOR (2.26+).
- Auto-Connect: no
Can configure networking and network namespaces via ip netns
(2.20+) which
gives wide, privileged access to networking.
- Auto-Connect: no
Can access snaps providing the network-manager interface which gives privileged access to configure and observe networking.
- Auto-Connect: no
Can query network status information which gives privileged read-only access to networking information.
- Auto-Connect: no
Can read/write network setup configuration files. This is restricted because it gives access to system network configuration which can container network security details (2.22+).
- Auto-Connect: no
Can read network setup configuration files. This is restricted because it gives access to system network configuration which can contain network security details.
- Auto-Connect: no
Can access snaps providing the NetworkingStatus interface (2.25+).
- Auto-Connect: yes
Can access snaps providing the ofono interface which gives privileged access to configure, observe and use ofono devices.
- Auto-Connect: no
Can access snaps providing the Online Accounts Service interface (2.25+).
- Auto-Connect: yes
Can access the openvswitch control socket, which gives privileged access to control openvswitch on the host (2.20+).
- Auto-Connect: no
Enables kernel support for openvswitch (2.20+).
- Auto-Connect: no
Can write to /dev/mem to access architecture-specific subset of the physical address space for common use cases (eg, X without KMS, dosbox, etc) when kernels are compiled with STRICT_DEVMEM=y (required for certified kernels). With STRICT_DEVMEM=n, can write to all physical memory (2.21+).
- Auto-Connect: no
Can read from /dev/mem to access architecture-specific subset of the physical address space for common use cases (eg, X without KMS, dosbox, etc) when kernels are compiled with STRICT_DEVMEM=y (required for certified kernels). With STRICT_DEVMEM=n, can read from all physical memory (2.21+).
- Auto-Connect: no
Can access Point-to-Point protocol daemon which gives privileged access to configure and observe PPP networking.
- Auto-Connect: no
Can manage processes via signals and nice.
- Auto-Connect: no
Can directly access connected USB devices via a raw interface (2.18+).
- Auto-Connect: no
Can access serial ports. This is restricted because it provides privileged access to configure serial port hardware. Note that the slot is meant to be implemented by a gadget snap (this is not provided by the core snap).
-
Auto-Connect: no
-
Attributes:
Should specify a single path attribute:
- path (slot): path to serial device node e.g. /dev/ttyS1
Or three attributes:
- usb-vendor (slot): integer representing the USB Vendor ID, must be in range 0 < vid <= 65535
- usb-product (slot): integer representing the USB Product ID, must be in range 0 <= vid <= 65535
- path (slot): path where a symlink will be created to the device e.g. /dev/serial-port-mydevice
Snaps that want to consume a serial port simply plugs: [ serial-port ]
and
the serial port to connect is specified during interface connection. Available
serial ports for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via the path specified by the connected
slot.
Can manage snaps via snapd.
- Auto-Connect: no
Can access SPI devices. This is restricted because it provides privileged access to SPI hardware (2.28+).
-
Auto-Connect: no
-
Attributes:
- path (slot): path to SPI device node e.g. /dev/spidev0.0
Snaps that want to consume an SPI device simply plugs: [ spi ]
and the SPI
device to connect is specified during interface connection. Available SPI
devices for the system can be seen with snap interfaces
. Once connected,
the consuming snap can use the device via the path specified by the connected
slot.
Can read SSH user configuration, public and private keys (2.31+).
- Auto-Connect: no
Can read SSH non-sensitive user configuration and public keys (2.31+).
- Auto-Connect: no
Can access snaps providing the Storage Framework Service interface (2.25+).
- Auto-Connect: no
Can query system status information which gives privileged read access to all processes on the system.
- Auto-Connect: no
Can use kernel tracing facilities. This is restricted because it gives privileged access to all processes on the system and should only be used with trusted apps.
- Auto-Connect: no
Can access snaps providing the thumbnailer service interface (2.22+).
- Auto-Connect: no
Can set system time and date and query systemd-timedated for time information.
- Auto-Connect: no
Can manage timeservers via systemd-timedated and directly separate from config core
- Auto-Connect: no
Can manage timezone via systemd-timedated and directly separate from config core
- Auto-Connect: no
Can access the tpm device /dev/tpm0.
- Auto-Connect: no
Can access snaps providing the ubuntu-download-manager interface.
- Auto-Connect: yes
Can access snaps providing the udisks2 interface which gives privileged access to storage on the device
- Auto-Connect: no
Can access /dev/uhid to create kernel hid devices from user-space which gives privileged access to HID transport drivers.
- Auto-Connect: no
Can access Unity8 (2.22+). This interface is in active development and should not yet be used in production and its use is therefore restricted.
- Auto-Connect: yes
Can access snaps providing the Unity8 calendar interface which gives access to the Unity8 global calendar.
- Auto-Connect: no
Can access snaps providing the Unity8 contacts interface which gives access to the Unity8 global contacts list.
- Auto-Connect: no
Can access snaps providing the UPower interface for power devices, history and statistics.
- Auto-Connect: yes
violethaze74 This is the snapd wiki, feel free!