The auditd-support interface permits snaps to operate as the auditd service on the system.
See Interface management and Supported interfaces for further details on how interfaces are used.
Developer details
Auto-connect: no
Super-privileged: yes
Unlike other *-support interfaces, there is no single official auditd snap for which this interface was intended to be used. Instead, snap packagers who wish to ship their own snap containing auditd or serving the role of auditd may request installation and connection of this interface.
The auditd-support interface grants access to the CAP_AUDIT_CONTROL capability, along with access to files commonly required by auditd.
Code examples
The test code can be found in the snapd repository:
snapd/interfaces/builtin/auditd_support_test.go at master · canonical/snapd · GitHub
The source code for the interface is in the snapd repository:
snapd/interfaces/builtin/auditd_support.go at master · canonical/snapd · GitHub