We have discussed the idea of being able to constraint auto-connection (or connection or installation) on actual plug names or slot names.
Plugs of superprivileged interfaces that don’t need parameters/attributes should have names that match the interface name. This is good style and makes it clearer what they are about. The feature would allow to enforce this when granting them.
When we grant something like system-files/personal-files we want to enforce again a good plug name that describes within reason what is being given access to.
In case of gadget snaps or snaps designed for one or a given set of models (so from a brand store) and assuming well chosen names for slots, this feature might help disambiguate auto-connection situations where other means would not be enough.
Parallel to similar constraints like
slot-attributes we would introduce
Their value to check would be a list of strings, interpreted as regular expressions (implicitly wrapped in
^$). The constraint would succeed if any of the expression matches. It should be noted that any valid plug or slot name is a valid regular expression matching itself.
Further we would also allow for the strings the special value
$INTERFACE which matches the interface name of the rule.
(There’s a less clear case for
SLOT_NAME special values).
snapd-control: allow-installation: plug-names: - $INTERFACE allow-auto-connection: true
personal-files: allow-auto-connection : true allow-installation: plug-names: - home-dot-bar plug-attributes: read: \\$HOME/\\.bar
gpio: allow-auto-connection: slot-names: - alert-led
personal-files: allow-auto-connection : true allow-installation: - plug-names: - home-dot-bar plug-attributes: read: \\$HOME/\\.bar - plug-names: - home-dot-foo plug-attributes: read: \\$HOME/\\.foo