Disabling autoconnections


#1

Hello,

In general I’d like my snap to be completely constrained, but it is possible that a user might want to have it access their home directory. If I don’t declare plugins: [home], then there is no way for them to do that. If I do declare plugins: [home], then it is autoconnected. Is it possible to declare the home slot, but not have it connected automatically?

I see the comment here: The home interface about using all making it not autoconnect, but that doesn’t sound like the right solution.

Cheers,

Roger


#2

Yes, it is possible. A snap declaration can be granted which denies auto-connection.

As a side note, the home interface is only auto-connected on classic distro and not all-snaps systems like Ubuntu Core.


#3

Is it possible to declare this in the snap.yaml or snapcraft.yaml or is this only allowed through the cloud side of the snap store?


#4

Snap declarations are granted via the store. There is no mechanism for a snap to declare it wants an interface available but not auto-connected at this time.


Request home interface deny autoconnection for mosquitto
#5

If I asked for this for one of my snaps, would it persist when I update the snap?

Can I ask it to be applied to a snap which does not yet declare the home interface, so it will be automatically denied when I update the snap to include that interface?


#6

Yes, store assertions apply from the moment they’re enabled in the store for all subsequent installs and refreshes.

I think we need you to have specified the interface in the snap first. However you could upload and not publish it, so nobody ever gets the interface autoconnected.


#7

Thanks Alan. Unfortunately it’ll be automatically published after it is built. I’m not very keen for home to be connected without explicit user consent, even if it is just for a moment.


#8

Hm, good point. A bit convoluted, but you could kick a build, make the snap private to prevent auto refreshes to that version while it builds. Then once the build has landed in the store, release an older version and make it public.

Unless @jdstrand says it’s okay to set the assertion in the store without you defining it.


#9

A snap declaration can be granted before the snap uses the interface.