As I understand it, we maintain a list of default interface policies in the snapd base declaration. These policies can be overridden per snap by the store. The decisions of what to automatically connect by default are totally sane, but not all users agree with them for their particular use. For example, while I understand why x11 and home are automatically connected (lots of apps would have a poor experience otherwise), I’d like to override that for my own machine: upon install, I’d prefer if such interfaces weren’t automatically connected, and I could connect them if I wanted to.
That sounds like a really good idea. Have a configuration file or system allowing the user to specify their own autoconnection white and black lists. These should then get merged with what the store offers by default where the user’s decisions take precedence if they’ve been, and ONLY if they’ve been, customised manually.
Earlier we had a way to prevent snapd from automatically re-connecting an interface that is automatically connected but the user has explicitly disconnected it.
I think that as we look more closely at connection APIs recently this is something we should being back, perhaps in re-designed and improved form.
@zyga-snapd that’s not quite the same. Some of these interfaces (e.g. X) can be utilized in undesired ways immediately upon connection. I would like to be able to say “please never autoconnect these interfaces” and have it apply to all future installs, not have to check interfaces every time I install or update (because plugs can be added in updates, as well).
I like the idea as something an admin could do. I think we should do what @zyga-snapd said too though. To do this well, I think it would need to be configurable via snapd (snap set core …?) and I think snapd would need to be vocal that the overrides or previous disconnect is being used instead of the base/snap declaration.
I’d like something like this too. I suggest an easy solution might be snap install --no-auto-connect ..., which would leave all interfaces disconnected ready for my manual selection.
I don’t know what happens when a snap refresh finds new autoconnections. If I used --no-auto-connect, i’d expect that to be completely sticky, including for refreshes, so the fact that I used it might need to be persisted somehow.
