Auto-connect request for aws-iot-greengrass snap

zjoseal · November 11, 2020, 5:51am

On top of the plugs that already have auto-connect enabled, the aws-iot-greengrass snap requires these plugs to work correctly:

* hardware-observe
* hugepages-control
* log-observe
* mount-observe

Could we automatically connect these plugs in the aws-iot-greengrass snap?

zjoseal · November 25, 2020, 7:40pm

Did I miss any information?

These interfaces are required for the snap to work.

alexmurray · November 25, 2020, 8:06pm

Apologies, somehow we (reviewers) missed seeing this request come in… Can you please detail why each interface is required and for what purpose they are used? Thanks.

msalvatore · December 2, 2020, 2:27pm

@zjoseal - ping, can you please provide the requested information?

zjoseal · December 2, 2020, 9:18pm

Sorry, I need to go back and run some scenarios, but I’m working on a couple of things rn. This might take a couple of days.

Background: we’ve recently moved from relying on the container flavor of the greengrass-support interface to a much more limited process flavor. The container flavor has a lot of permissions that either aren’t necessary anymore (now that we only support process-mode greengrass) or now exist in other interfaces.

I can say off the bat that hardware-observe and hugepages-control have some of the permissions that the original container flavor of greengrass-support already had.

When we carried over some permissions from the container flavor to the process flavor, we got this comment on the PR:

This is already allowed in hardware-observe.

We’ve been moving away from relying on greengrass-support for permissions we need. We want to substitute as much of the greengrass-support interface with built-in interfaces as possible.

ijohnson · December 2, 2020, 9:34pm

+1 from me on these interfaces, I worked with the AWS developers on the new process variant of the greengrass-support interface with the understanding that aws-iot-greengrass would be provided these other interfaces in lieu of using the more privileged greengrass-support interface variant.

(note I am not formally a reviewer and thus my vote should not be counted, but just to provide context as a snapd developer)

jdstrand · December 3, 2020, 12:15am

+1 on all of these interfaces. I’ve worked with @ijohnson on the greengrass-support interface and discussed the recent changes.

alexmurray · January 6, 2021, 4:00am

+2 votes for, 0 votes against auto-connect of hardware-observe, hugepages-control, log-observe, mount-observe. This is now live.