Interfaces enable resources from one snap to be shared with another and with the system. The table below lists currently supported interfaces, with links to further details for each interface.
The following column names are used:
-
Interface is the syntactical interface name, as used by snaps.
-
Description is a brief overview of what the interface permits. Select the interface name to open the interface-specific page for a more detailed description on each interface.
-
Categories are used to split interfaces into broad types, and also to indicate what kind of access they permit. Video, graphics and audio are typical desktop requirements, for example, while VM, Container, Kernel and Developer imply more specific roles. The Ubuntu Core category is used to denote when an interface is intended for Ubuntu Core, and Super privileged is used when an interface requires extra security scrutiny. See Super-privileged interfaces for more information.
-
Auto-connect indicates that the interface will be connected by default when the snap is first installed, requiring no further user action. If
Auto-connect=no
, an interface can still be automatically connected if the snap developer has requested, and been granted, explicit permission. See Interface connection mechanism for details.
Interface | Description | Categories | Auto-connect |
---|---|---|---|
account-control | add/remove user accounts or change passwords | System, Account | no |
accounts-service | allows communication with the accounts service | System, Account | no |
acrn | allows access to user VMs using the ACRN hypervisor | VM, Hypervisor, Developer | no |
adb-support | allows operating as Android Debug Bridge service | ADB, Developer | no |
allegro-vcu | access the Allegro Video Core Unit | Video, Graphics | no |
alsa | play or record sound | Audio, Media | no |
appstream-metadata | allows access to AppStream metadata | System, Developer, Manage software | no |
audio-playback | allows audio playback via supporting services | Audio, Media, Playback | yes |
audio-record | allows audio recording via supported services | Audio, Media, Record | no |
autopilot-introspection | be controlled by Autopilot software | System, Developer | no |
avahi-control | advertise services over the local network | Network, Local network, Nearby devices | no |
avahi-observe | detect services and devices over the local network | Network, Local network, Nearby devices | no |
block-devices | access to disk block devices | Super privileged, Storage, Low level | no |
bluetooth-control | access Bluetooth hardware directly | Network, Bluetooth, Nearby devices | no |
bluez | use Bluetooth devices | Network, Bluetooth, Nearby devices | no |
bool-file | allows access to specific file with bool semantics | System, Low level, Privileged | no |
broadcom-asic-control | control Broadcom network switches | Network, System | no |
browser-support | use functions essential for Web browsers | Browser, Network | no when allow-sandbox: true, yes otherwise |
calendar-services | allows communication with Evolution Data Server calendar | Personal data, Contacts and calendar | no |
camera | use your camera or webcam | Camera, Media, Personal data | no |
can-bus | allows access to the CAN bus | System, Developer | no |
cifs-mount | allows the mounting and unmounting of CIFS filesystems | Network,Storage | no |
classic-support | enable resource access to classic snap | Super privileged, Ubuntu Core | no |
contacts-service | allows communication with the Evolution Data Server address book | Personal data, Contacts and calendar | no |
content | access resources across snaps | Storage, Files, Attributes | yes for snaps from same publisher, no otherwise |
core-support | deprecated since snap 2.34 | System, Other | no |
cpu-control | set certain CPU values | System, Developer | no |
cups | access to the CUPS socket for printing | Printing | not applicable |
cups-control | print documents | Printing | no |
custom-device | permits access to a specific class of device | Super privileged, Ubuntu Core | no |
daemon-notify | allows sending daemon status changes to service manager | System, Developer | no |
dbus | allow snaps to communicate over D-Bus | System, Developer | no |
dcdbas-control | shut down or restart Dell devices | Developer | no |
desktop | provides access to common desktop elements | Desktop | yes |
desktop-launch | identify and launch desktop apps from other snaps | Super privileged, Desktop | no |
desktop-legacy | enables the use of legacy desktop methods (including input method and accessibility services) | Desktop | yes |
device-buttons | use any device-buttons | Hardware, Developer | no |
display-control | allows configuring display parameters | Display, Graphics | no |
dm-crypt | access encrypted storage devices | Super privileged, Ubuntu Core, Storage | no |
docker | start, stop, or manage Docker containers | Super privileged, Containers | no |
docker-support | allows operating as the Docker daemon | Super privileged, Containers | no |
dsp | enables the control of digital signal processors (DSPs) | Hardware, Developer | no |
dummy | renamed to empty interface | System, Other | no |
dvb | allows access to all DVB devices and APIs | Hardware, Developer, Media | no |
empty | allows testing without additional permissions | System, Other | no |
firewall-control | configure a network firewall | Network | no |
fpga | permits access to an FPGA subsystem | Hardware, Developer | no |
framebuffer | access to universal framebuffer devices | Hardware, Developer | no |
fuse-support | enables access to the FUSE filesystems | Storage | no |
fwupd | allows operating as the fwupd service | System, Security, Firmware | no |
gconf | access the legacy GConf config system | System, Developer, Settings | no |
gpg-keys | read GPG user configuration and keys | GPG, Personal data, Security | no |
gpg-public-keys | read GPG non-sensitive configuration and public keys | GPG, Personal data, Security | no |
gpio | access specific GPIO pins | GPIO, Hardware, Developer | no |
gpio-control | allows to export/unexport and control all GPIOs | Super privileged, GPIO | no |
gpio-memory-control | allows write access to all GPIO memory | GPIO, Hardware, Developer | no |
greengrass-support | allows operating as the Greengrass service | Super privileged, Edge, AWS, Discrete | no |
gsettings | provides access to any GSettings item for current user | System, Developer, Settings | yes |
hardware-observe | access hardware information | System, Hardware | no |
hardware-random-control | provide entropy to hardware random number generator | System, Hardware | no |
hardware-random-observe | use hardware-generated random numbers | System, Hardware | no |
hidraw | access hidraw devices | System | no |
home | access non-hidden files in the home directory | Storage, Personal data | yes on classic (traditional distributions), no otherwise |
hostname-control | allows configuring the system hostname | Network | no |
hugepages-control | control HugePages memory blocks | System, Memory, Kernel | no |
i2c | access iĀ²c devices | System, Hardware | no |
iio | access IIO devices | System, Hardware | no |
intel-mei | access to the Intel MEI management interface | System, Firmware | no |
intel-qat | provides permissions for Intel QAT devices | Hardware | no |
io-ports-control | allows access to all I/O ports | System, | no |
ion-memory-control | access Androidās ION memory allocator | Super privileged, System | no |
jack1 | allows interaction with the JACK audio connection server | Audio, Media | no |
joystick | use any connected joystick | Hardware, Developer | no |
juju-client-observe | read the Juju client configuration | Developer, Discrete | no |
kernel-crypto-api | read and manage kernel supported crypto ciphers | System, Kernel, Security | no |
kernel-firmware-control | permits a custom kernel firmware search path | Super privileged | no |
kernel-module-control | insert, remove and query kernel modules | Super privileged, System, Kernel | no |
kernel-module-load | load, or deny loading, specific kernel modules | Super privileged, System, Kernel | no |
kernel-module-observe | query kernel modules | System, Kernel | no |
kubernetes-support | use functions essential for Kubernetes | Super privileged, Hypervisor, Discrete | no |
kvm | allows access to the kvm device | VM, Hypervisor, Developer | no |
libvirt | provides access to the libvirt service | VM, Hypervisor, Developer | no |
locale-control | change system language and region settings | Language and region, Personalisation | no |
location-control | allows operating as the location service | Location | no |
location-observe | access your location | Location | no |
log-observe | read system logs | System, Developer | no |
login-session-control | allows setup of login sessions and grants privileged access to user sessions | System, Security | no |
login-session-observe | allows reading login and session information | System, Security | no |
lxd | provides access to the LXD socket | Super privileged, Container, Discrete | no |
lxd-support | allows operating as the LXD service | Super privileged, Container, Discrete | no |
maliit | use an on-screen keyboard | Developer | no |
media-control | access media control devices and Video4Linux (V4L) devices | Hardware, Developer, Media, Video | no |
media-hub | access snaps providing the media-hub interface | Developer, Media | yes |
microceph | permits access to the MicroCeph socket, which is used internally by the microceph snap | Super privileged, Container | no |
microceph-support | permits the microceph snap to operate as the MicroCeph service | Super privileged, Container | no |
microovn | used only by the MicroOVN snap for socket access | Network, Super privileged | no |
microstack-support | multiple service access to the Microstack infrastructure | Super privileged, Container, Discrete | no |
mir | enables access to the Mir display service | Display | yes |
modem-manager | use and configure modems | Network | no |
mount-control | mount and unmount transient and persistent filesystem mount points | Super privileged, Storage | no |
mount-observe | read mount table and quota information | Storage | no |
mpris | media key control of music and video players | Sound | no |
multipass-support | multipass-support allows operating as the Multipass service | Super privileged, VM, Discrete | no |
netlink-audit | allows access to kernel audit system through Netlink | Inter-process communication (IPC), Netlink, Developer | no |
netlink-connector | communicate through the kernel Netlink connector | Inter-process communication (IPC), Netlink, Developer | no |
netlink-driver | operate a kernel driver module exposed via Netlink | Inter-process communication (IPC), Netlink, Developer | no |
network | enables network access | Network | yes |
network-bind | operate as a network service | Network | yes |
network-control | change low-level network settings | Network | no |
network-manager | configure and observe networking via NetworkManager | Network | no |
network-manager-observe | allows observing NetworkManager settings | Network | no |
network-observe | query network status information | Network | no |
network-setup-control | change network settings via Netplan | Network | no |
network-setup-observe | read network settings | Network | no |
network-status | access the NetworkStatus service | Network | yes |
nfs-mount | allows the mounting and unmounting of Network File System mount points | Network, Service | no |
nomad-support | enableās HashiCorpās Nomad to access CPU and memory management | System, Containers, Service | no |
nvidia-drivers-support | internally used NVIDIA access | Super privileged, Ubuntu Core | no |
ofono | allows operating as the oFono service | Network, Discrete, Developer | no |
online-accounts-service | access to the Online Accounts service | Service, Developer | yes |
opengl | access OpenGL/GPU hardware | Display, Graphics | yes |
openvswitch | control Open vSwitch hardware | Network, Service, Developer | no |
openvswitch-support | enables kernel support for Open vSwitch | Network, Service, Developer | no |
optical-drive | read/write access to CD/DVD drives | Storage, Hardware, Developer | yes, unless drive can write |
packagekit-control | control the PackageKit service | Super privileged, Packaging | no |
password-manager-service | read, add, change, or remove saved passwords | System, Security | no |
pcscd | permits communication with PCSD smart card daemon | Security | no |
personal-files | read or write files in the userās home directory | Super privileged, Personal data, Attributes | no |
physical-memory-control | read and write memory used by any process | System, Memory, Kernel | no |
physical-memory-observe | read memory used by any process | System, Memory, Kernel | no |
pkcs11 | enables the cryptographic token interface standard to be used | Security, Super privileged | no |
polkit | access to the polkit authorisation manager | Security, System, Super privileged | no |
polkit-agent | permits applications to register as polkit agents | Security, System, Super privileged | no |
posix-mq | enables inter-process communication (IPC) messages | Super privileged, IPC | no by default, yes with snaps from the same publisher |
power-control | read and write system power settings | System, Power | no |
ppp | access to configure and observe PPP networking | Network | no |
process-control | pause or end any process on the system | System | no |
ptp | access to the Precision Time Protocol subsystem | System, Developer | no |
pulseaudio | play and record sound | Audio, Media | no |
pwm | access specific PWM channels | System, Developer, Hardware, WIP | no |
qualcomm-ipc-router | access Qualcomm IPC router sockets | IPC, Kernel, System | no |
raw-input | access raw input devices directly | System, Developer, Hardware | no |
raw-usb | access USB hardware directly | System, Developer, Hardware | no |
raw-volume | access specific disk partitions | Storage | no |
remoteproc | interact with the kernelās Remote Processor Framework | Super privileged | no |
ros-opt-data | read-only access to ROS directories | Storage | no |
removable-media | read/write files on removable storage devices | Storage | no |
screencast-legacy | allows screen recording and audio recording alongside writing to arbitrary filesystem paths | Legacy | no |
screen-inhibit-control | prevent screen sleep, lock and screensaver | Display | yes |
scsi-generic | read and write access to SCSI Generic driver devices | Storage, Super privileged | no |
sd-control | control SD cards on specific devices | Super privileged, Storage | no |
serial-port | access serial port hardware | System, Developer, Hardware | no |
shared-memory | enables two snaps to access the same shared memory | Super privileged, IPC | no by default, yes with snaps from the same publisher |
shutdown | restart or power off the device | Super privileged, System, Power | no |
snap_interfaces_requests_control | enables the prompting API and its access to prompting-related notice types | System | no |
snap-refresh-control | permits bespoke snap refresh control | Super privileged, Packaging | no |
snap-refresh-observe | enables the tracking of snap refreshes | Super privileged, Packaging | no |
snapd-control | install or remove software | Super privileged, Packaging | no |
spi | access specific SPI devices | System, Developer, Hardware | no |
ssh-keys | access SSH private and public keys | Security | no |
ssh-public-keys | access SSH public keys | Security | no |
steam-support | allows the Steam snap to access pressure-vessel containers | Super privileged, Discrete | no |
storage-framework-service | operate as, or interact with, the Storage Framework | Storage | no |
system-backup | read-only access to the system for backups | Storage | no |
system-files | read or write files in the system | Super privileged, Storage, Attributes | no |
system-observe | read process and system information | Monitoring, System | no |
system-packages-doc | access system documentation in /usr/share/doc | Developer | no |
system-source-code | access kernel source and headers in /usr/src | Developer | no |
system-trace | monitor or control any running program | Monitoring, System | no |
tee | permits access to the Trusted Execution Environment | Super privileged, Security, Ubuntu Core | no |
thumbnailer-service | create thumbnail images from local media files | Storage, Media | no |
time-control | change the date and time | Time | no |
timeserver-control | change time server settings | Time | no |
timezone-control | change the time zone | Time | no |
tpm | allows access to the Trusted Platform Module device | Kernel, Security | no |
u2f-devices | use any U2F devices | Security, Hardware, Developer | no |
ubuntu-download-manager | use the Ubuntu Download Manager | System, Developer, Manage software | yes |
udisks2 | access the UDisks2 service | Storage | no |
uhid | create kernel UID devices from user-space | Hardware, Kernel, System | no |
uinput | allows write access to /dev/uinput | Super privileged, Hardware | no |
uio | access uio devices | Hardware, System | no |
unity7 | access legacy desktop resources from Unity7 | Display | yes |
unity8 | share data with other Unity 8 apps | Display, Super privileged | yes |
unity8-calendar | read/change shared calendar events in Ubuntu Unity 8 | Personal data | no |
unity8-contacts | read/change shared contacts in Ubuntu Unity 8 | Personal data | no |
upower-observe | access battery level and power usage | System, Power | yes |
userns | permits a snap to create a new namespace | Super privileged | no |
vcio | access a Raspberry Piās VideoCore multimedia processor | Video, Graphics, Ubuntu Core | no |
wayland | access compositors providing the Wayland protocol | Display | yes |
x11 | monitor mouse/keyboard input and graphics output of other apps | Display | yes |
xilinx_dma | allows access to Xilinx DMA IP from a connected PCIe card | Ubuntu Core, Super privileged | no |