Ensure an auto-connected interface is not connected

device
1

Hi,

What’s the best way to ensure that an interface which is connected by default is disconnected permanently.

My use case the disabling the privileged support in the docker snap. By default the following are connected:

docker-support               docker:privileged                            :docker-support            -
docker-support               docker:support                               :docker-support            -

Wondering if that’s possible.

Obviously I can use the gadget snap to define connections, but it seems not “dis-connections” :slight_smile:

Cheers, Just

2

I’m not sure that we have such a capability right now other than to have an agent with snapd-control connected do a POST to /v2/interfaces to disconnect the interface.

The only other way today would be to issue a new snap declaration for the docker snap which does not auto-connect the privileged interface, such that new installs would not have it auto-connected, but existing installs which have it connected would not be disconnected.

Eventually we will have snap declarations that are able to be scoped to specific stores/models, so in this world you could have a snap declaration for the docker snap which for your specific brand store / model does not have the auto-connection in the snap declaration and when installing on your devices the docker snap would not have that auto-connected. I’m not sure we have a bug for that but it is on our generic roadmap of things to do “sometime”, so if you want to file a bug we will keep that updated with our progress on implementing that feature.

3

Thanks for the info, good to know.

We are doing some interactions with snapd, so I’ll consider that option if we decide it’s a must have.

Cheers,
Just

1 Like
4

we have this feature already

2 Likes