Request to allow use of an additional system-files plug for canonical-livepatch

Hello, the canonical-livepatch snap has added a new system-files plug - hostfs-dpkg-data. Please review and allow the use of this plug.

The purpose of this plug is to allow read-only access to the following files: /var/lib/snapd/hostfs/var/lib/dpkg and /etc/dpkg.

These files link in the following layout:

  /usr/share/dpkg:
    bind: $SNAP/usr/share/dpkg
  /usr/bin/dpkg:
    symlink: $SNAP/dpkg
  /etc/dpkg/dpkg.cfg:
    bind-file: $SNAP/etc/dpkg/dpkg.cfg
  /var/lib/dpkg/status:
    symlink: $SNAP/dpkg-status-file

This is so that the livepatch-client can read the list of kernel images installed on the host machine.


  • name: canonical-livepatch
  • description: Canonical Livepatch patches high and critical linux kernel vulnerabilities removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering. The Canonical Livepatch Client is an application that runs on your machine and periodically checks for patches. See our docs at https://ubuntu.com/security/livepatch/docs/livepatch
  • snapcraft: PRIVATE
  • upstream: PRIVATE
  • upstream-relation: Canonical owned and developed snap, I am an engineer working on this project
  • interfaces:
    • system-files:
      • request-type: installation
      • reasoning: read the list of kernel images installed on the host machine (please see above)

This request has been added to the queue for review by the @reviewers team.