Hi @till.kamppeter, from my proposal above, you don’t need to provide access to /var/snap/cups/common/run/cups.sock to client app snaps wishing to print via the cups interface. Instead in my proposal you would have definitions like this:
cups snap snapcraft.yaml (approximate)
slots:
cups-socket:
interface: content
content: cups-socket
source:
write:
- $SNAP_COMMON/cups.sock
apps:
cupsd:
slots:
- cups-control
cups-print-only-test:
environment:
CUPS_SOCKET: /var/lib/cups/cups.sock
plugs: {} # empty because it doesn't need any special permissions -
# it can access the socket hence it can print
cups-admin-test:
environment:
CUPS_SOCKET: /var/lib/cups/cups.sock
plugs:
- cups-control # here we need to use cups-control since this test app
# needs to do more than just print, it needs admin things too
client snap wanting to print
plugs:
cups-socket:
interface: content
content: cups-socket
default-provider: cups # this line ensures that if the system installing this snap does not
# already have cups snap installed, it will get automatically installed
target: /var/lib/cups/cups.sock # or wherever is convenient
environment:
CUPS_SOCKET: /var/lib/cups/cups.sock
Under this situation as I described above, we don’t actually need to use the cups interface verbatim at all, we can resort to using only the cups-control interface and the cups-socket content interface.
Hopefully this helps.