system-files interface enables a snap to access specific system files and directories (such as files in
/etc). Consequently, the interface can provide access to privileged system data and is not connected by default.
This interface is typically used to provide read-only access to system configuration directories created by a non-snap version of an application now running from an equivalent snap.
read(plug): list of files and/or directories for read-only access (eg, ‘
read: [ /etc/file-read, /etc/dir-read ]’
write(plug): list of files and/or directories for read/write access (eg, ‘
write: [ /etc/file-write, /etc/dir-write ]’
Requires snapd version 2.37+.
- system files where the snap is not the clear owner (eg, /dev, /proc, /sys, /usr, etc).
- paths in
/dev, such as
/devdevice nodes requires both AppArmor policy and device control group inclusion, but the system-files interface does not have enough information to generate the necessary policy to enable these use cases. As such, purpose-specific interfaces should be used instead, such as block-devices or raw-volume.
do not share data between snaps
system-files can be used to share data with another snap, such as within a configuration file, this behaviour is not recommended. The content interface should be used instead.
An additional requirement for acceptance in the Global store is using a descriptive interface reference for use with
For example, the ‘foo’ application is packaged as a snap and the snap publisher wants to import existing configuration from
/etc/foo into the snap. The snapcraft.yaml might be:
name: foo ... plugs: config-foo: interface: system-files read: - /etc/foo apps: foo: plugs: - config-foo ...
With the above, a
snap connect command would look like:
snap connect foo:config-foo.
The source code for this interface is in the snapd repository: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/system_files.go