Hey @weLees,
Which specific system files and/or directories this snap needs? I see the latest revision has:
plugs:
enum-devices:
interface: system-files
read:
- /sys/devices
- /dev
- /proc
- /proc/partitions
etc-lvm-backup:
interface: system-files
read:
- /etc/lvm/backup
- /etc
- /etc/visual_lvm
- /dev
write:
- /etc/lvm/backup
- /etc
- /etc/visual_lvm
- /dev/mapper/control
- /proc/sys/vm/drop_caches
- /run/lock/lvm
- /dev
null-device:
interface: system-files
write:
- /dev/nul
But some of those do not look good to me. For example, most of /proc can be achieved by plugging system-observe iface (https://github.com/snapcore/snapd/blob/61b66aaa1beb861f308ea7dd75c2f0c042bf29a3/interfaces/builtin/system_observe.go#L60) and hardware-observe should be enough for files in /sys pertaining to hardware https://github.com/snapcore/snapd/blob/master/interfaces/builtin/hardware_observe.go#L48
Then you are requesting write access to the entire /etc and /dev directories. But also listing specific files inside those as well. Do you really need such wide accesses? Also, write implies read so just keeping write is enough.
I am +1 for block-devices (as I read the previous request which contains further explanation)