The personal-files interface


#1

personal-files provides access to the specified files in the user’s home. This interface gives privileged access to the user’s data.

Auto-connect: no
Attributes:

  • read (plug): list of files and/or directories for read-only access (eg, ‘read: [ $HOME/.file-read, $HOME/.dir-read ]
  • write (plug): list of files and/or directories for read/write access (eg, ‘write: [ $HOME/.file-write, $HOME/.dir-write ]

Transitional: no

Requires snapd version 2.37+.

This interface is typically used to provide read-only access to top-level hidden data directories within a user’s home directory in order to support importing data from existing applications where the snap is the clear owner of the target directory.

For distribution via the Snap store, consumers of this interface will need make an approved snap declaration. For acceptance, you will need to make a descriptive interface reference, as used by snap connections|interfaces|connect|disconnect commands.

For example, if a foo application is being packaged as a snap and its publisher wants the snap to import an existing configuration from ~/.config/foo, the snapcraft.yaml could include the following:

name: foo
...
plugs:
  config-foo:
    interface: personal-files
    read:
    - $HOME/.config/foo

apps:
  foo:
    plugs:
    - config-foo
    ...

With the above built snap, you would then be able to use the following to enable access to personal files:

$ snap connect foo:config-foo

ⓘ This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.


Interface auto-connect request for the guvcview snap (personal-files)
Gallery-dl: Previously granted *-files plugs now trigger manual review
Snap documentation
Permission requests
Please allow use of personal-files for gitl [Was: Classic confinement for gitl]
Manual Review Requested: wpe-cli
Classic confinement request: fce
Request for classic confinement: snap ds2
Clj-kondo personal-files request [Was: Clj-kondo linter classic snap]
Request for personal-files confinement for fuzzit CLI
Request use of docker interface [Was: Classic confinement request: Dunner]
Fluxctl personal-files [Was: Fluxctl snap wants to be classic]
#2

This is not what I need. There’s no way I know the files the user writes beforehand. I need classic.


#3

I would like to ask if it’s acceptable to use this interface on the applications’s cache directory (e.g. ~/.cache/_app_id_)? In the case that the application doesn’t honour XDG_CACHE_HOME.


#4

It’s not totally clear from this whether store approval is necessary for simply using this interface, or whether store approval is only needed for auto-connection of this interface. Can this interface be used without auto-connection with any directory? I am pretty sure the answer is no, it still needs store approval to release the snap at all