Apologies, somehow we (reviewers) missed seeing this request come in… Can you please detail why each interface is required and for what purpose they are used? Thanks.
Sorry, I need to go back and run some scenarios, but I’m working on a couple of things rn. This might take a couple of days.
Background: we’ve recently moved from relying on the container flavor of the greengrass-support interface to a much more limited process flavor. The container flavor has a lot of permissions that either aren’t necessary anymore (now that we only support process-mode greengrass) or now exist in other interfaces.
I can say off the bat that hardware-observe and hugepages-control have some of the permissions that the original container flavor of greengrass-support already had.
When we carried over some permissions from the container flavor to the process flavor, we got this comment on the PR:
We’ve been moving away from relying on greengrass-support for permissions we need. We want to substitute as much of the greengrass-support interface with built-in interfaces as possible.
+1 from me on these interfaces, I worked with the AWS developers on the new process variant of the greengrass-support interface with the understanding that aws-iot-greengrass would be provided these other interfaces in lieu of using the more privileged greengrass-support interface variant.
(note I am not formally a reviewer and thus my vote should not be counted, but just to provide context as a snapd developer)