The block-devices interface

jdstrand · January 29, 2019, 2:37pm

The block-devices interface plug provides the ability to perform operations on raw disk block devices, such as:

/dev/hd* IDE devices (/dev/hda, /dev/hdb, …)
/dev/sd* SCSI devices (/dev/sda, /dev/sdb, … incl. /dev/sdia, /dev/sdib, …)
/dev/mmcblk* MMC devices (/dev/mmcblk0, /dev/mmcblk1, …)
/dev/vd* virtio devices (/dev/vda, /dev/vdb, …)
/dev/loop* loopback devices (/dev/loop0, /dev/loop1, …)
- including /dev/loop-control device
/dev/zd* ZFS volumes (/dev/zd0, /dev/zd1, …)
- including /dev/zfs control device
/dev/nvme*n* NVMe namespace block devices (/dev/nvme0n1…)
- including /dev/nvme* NVMe control devices (/dev/nvme0, /dev/nvme1, …)

Requires snapd version 2.37+.

When the plug sets an optional allow-partitions boolean attribute to true, the interface will grant access to individual partition devices, examples of which include:

/dev/sda1, /dev/sdb2, …
/dev/mmcblk0p1, …
/dev/nvme0n1p2, …

The plug with the attribute needs to be declared in the following manner:

plugs:
  block-devices:
    allow-partitions: true

The allow-partitions attribute requires snapd version 2.71+.

This interface grants privileged access to the device.

Auto-connect: no
Super-privileged: yes

Consumers of this interface require a snap declaration for distribution via the Snap Store.

ⓘ This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.

jamesbeedy · May 25, 2019, 4:20pm

Looking for some details on how to use this interface. Is this the only place the block-devices interface is documented?

Thanks

jdstrand · June 6, 2019, 8:09pm

Yes, though you can examine the code here: snapd/interfaces/builtin/block_devices.go at master · canonical/snapd · GitHub

You might also be interested in The udisks2 interface

Lin-Buo-Ren · December 21, 2020, 3:20am

I unable to run echo test > /dev/sdb in the runtime shell after connecting to this interface, is there other requirements for the block device access?

$ snap run --shell wild-block-device-filler
$ stat /dev/sdb
  File: /dev/sdb
  Size: 0               Blocks: 0          IO Block: 4096   block special file
Device: 6h/6d   Inode: 880         Links: 1     Device type: 8,10
Access: (0660/brw-rw----)  Uid: (    0/    root)   Gid: (    6/    disk)
Access: 2020-12-21 11:12:47.311745859 +0800
Modify: 2020-12-21 11:12:47.311745859 +0800
Change: 2020-12-21 11:12:47.311745859 +0800
 Birth: -
$ echo test >/dev/sdb
bash: /dev/sdb: Permission denied

The device is a USB pen drive to be specific.

Additional info

Works in devmode when run as root
I expect the command should work when run as a regular user after connecting to the interface.