Bug #1809708 “Allow snaps to query interface connection status directly from snapd”

Detecting whether certain security confinement interface is connected to the snap is not a trivial task:

  • Sometimes certain access is granted by multiple interfaces, whether it’s available or not didn’t indicate whether a certain interface is connected
  • One must have a certain level of Apparmor profile knowledge and check out the source code at https://github.com/snapcore/snapd/blob/master/interfaces/builtin to determine the test criterion, not all potential packagers has this kind of experience
  • The testing of the connection will trigger security denials in the system log, which may be considered “abnormal” or even “malicious” by the users

As the connection info is already in snapd I would suggest exposing them directly via the snapctl command so one can simply write:

if ! snapctl is-connected _interface_name_; then
    echo "_interface_name_ is not connected!" >&2

without caring much the implementation details.

1 Like

+1 please. If users have to manually connect plugs, it makes sense for there to be an easy way for snaps to detect for themselves whether the interfaces they’re expecting are connected or not and inform users accordingly.


Please vote on the bug on Launchpad to escalate the proposal.

This proposal has been implemented since snapd 2.43 :fireworks::