Hi 
We are moving the OEM installer to a new stack, making use of a Flutter Snap for the front end called ubuntu-desktop-init. (OpenID transaction in progress)
There are a number of system-files interfaces we are making use of:
run-provd-socket: Needs read/write access to /run/gnome-initial-setup/desktop-provision/init.socket to communicate with the backend.
usr-share-desktop-provision: Used to read from /var/lib/snapd/hostfs/usr/share/desktop-provision. This is where flavors can place .yaml files to configure the installer and OEM’s can place EULA documents for us to display. (There was a discussion on MM in the snappy channel on Feb 27 started by dloose about filing a ticket in the future for this to be its own interface, but it was decided to use system-files with a sed patch for the time being as we just need read access)
var-log-installer: Log output is written to /var/log/installer.
Please do let me know if you require any more details/clarifications for this request 
Kind regards,
Matt
Hi @matthew-hagemann
First, as a general comment, personal-files and system-files write permissions also grants read. So you can remove duplicated read entries for run-provd-socket and tmp interfaces to make it easier to read.
Regarding the interfaces themself:
run-provd-socket: It looks fine to me. The name convention does not match the convention we usually follows, but the socket path is quite long, so probably is fine. @alexmurray what do you think?tmp: it should be renamed to hostfs-tmp to make it clear that it refers to hosts tmp folder and not the snap specific one. Could you also explain why access to host /tmp is needed?usr-share-desktop-provision: should be renamed to hostfs-usr-share-desktop-provision as for the previous interfacevar-log-installer: looks fine
Thanks
Hi @jslarraz
I’ve made the requested changes.
Apologies for the tmp interface, we no longer need it so I’ve removed it.
I don’t have access to the original store submission, I know the builds are sync’d to LP, but let me know if I need to ask for any updates to the store submission for the changes I’ve made now to sync.
Thanks,
Matt
Hi @matthew-hagemann
The changes look fine to me. Thus, +1 from me for granting ubuntu-desktop-init auto-connection to /run/gnome-initial-setup/desktop-provision/init.socket, /var/lib/snapd/hostfs/usr/share/desktop-provision and /var/log/installer via the system-files mentioned above
Thanks
+1 from me as well for auto-connection granting ‘system-files’ interface to above-mentioned files for snap ubuntu-desktop-init
thanks
+2 votes for, 0 votes against, publisher is vetted, this is now live
