Perform a reboot from a snap with strict confinement
Some applications or services have use cases that require them to perform a reboot or shutdown. This is possible to achieve even when they are packaged as snaps with strict confinement.
See the snapcraft-docs/reboot-example repository for the code shown in this guide.
The shutdown interface
Snaps use interfaces to access resources on the host system and those provided by other snaps. The shutdown interface is used to restart or shutdown the system.
The snapcraft.yaml file for a snap that uses the shutdown interface will contain a plugs declaration that includes the shutdown interface, as in the example snap:
apps:
reboot:
command: usr/bin/reboot
environment:
PYTHONPATH: $SNAP/usr/lib/python3/dist-packages:$PYTHONPATH
plugs:
- shutdown
This potentially allows the snap to perform a restart or shutdown by making a D-Bus call via a mediated interface. The example snap uses a Python script to perform a reboot by invoking a method on a system D-Bus interface. Implementations using other languages will also use the same D-Bus interface.
The shutdown interface is not automatically enabled for snaps, which means that the example snap will not be able to perform a reboot unless certain additional actions are taken.
Snaps published in the snap store will need to have auto-connection approved by the store security team. However, as a developer, you can install and test the snap in the usual way for development snaps:
sudo snap install reboot-test_0.1_amd64.snap --dangerous
The shutdown interface needs to be enabled before the snap can be used:
sudo snap connect reboot-example:shutdown
Finally, the snap can be used to reboot the system:
sudo reboot-example.reboot
Summary
Snaps with strict confinement can be used to perform a system reboot, restart or shutdown. This is enabled by the use of the shutdown interface which is not auto-connected by default.
Developers can test the feature by connecting the interface manually, or by using some other way to automate the step, and running the snap’s command using sudo. Published snaps need to have the auto-connection approved by the snap store’s security team.