Limit a snap to only access specific usb device

For super control, we want our snap to be only able to access a usb device with specific Vendor ID and Product ID. We also want to know when that specific device connects.

What are our options today, and how can we achieve that ?

To add more details we want our snap to flash a a firmware to a usb dongle when its connected over USB, this will make automation much easier for us.

Is raw USB constrained to a specific device vendor:product pair sufficient?

1 Like

you probably also want hardware-observe to watch plug events (via udevadm monitor, dbus or some code hooking into libudev) …

1 Like

Yes, that would in principle help our situation largely and allow our snap to have the least authority.

1 Like

We may have to work with something lower level than dbus, not sure. Our environment will be a yocto based image running snapd on top for apps etc.

well, as long as you have udev … but indeed you could also screen-scrape dmesg with a script or something similar insane :wink:

1 Like

Should that be tracked as a bug on launchpad or is it fine here ?

Probably best to file a bug on launchpad about it