Generic devices in confined mode


Is there any way to request for a generic device permissions to be added for a confined Snap? In particular, we have a few devices listed under /dev/, say /dev/dev1 and /dev/dev2, and a Snap in the strict mode wants to have RW access to these char devices. The problem is how the permissions should be passed to it. Is there any sort of plug for that?

have a look at:

Do I need to create a gadget Snap, or could I simply add both the plug and slot definitions to my app Snap?

@ogra I followed up on the documentation and observed that it creates the right AppArmor profile for my device, yet the device cgroup is not issued correctly. Further investigation revealed the udev rules are not proper. Using udev-tagging property of the plug is not applicable to my scenario (or at least I don’t understand how) because it requires KERNEL attribute. My device is connected over PCIe and hence the KERNEL value for it is something like 0000:02:00.0 and this is not accepted by Snapcraft (it gives me a warning on the installation of the Snap). Could you please share more information regarding this with me?