The system-trace interface

system-trace enables the monitoring and control of any running program, via kernel tracing facilities. This interface is restricted because it gives privileged access to all processes on the system and should only be used with trusted apps.

Auto-connect: no

ⓘ This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.

Hi Graham. I have some slight confusion about the documentation for this interface. It is caused by this quote:

This line indicates that this interface receives extra scrutiny from store admins when included as a plug in snap packages, but it is not marked as a super-privileged interface. Since this interface allows so much control over the host system, my first impression is that it is a super-privileged interface and as such the resulting snap needs to be audited thoroughly before the auto-connection is granted (wouldn’t want some trustworthy-looking snap nuking gdm3). This interface seems to be on the same level as the system-files interface if not more since the packaged software as the ability to kill/modify other processes.

Let me know what your thoughts are about this.

Hello - sorry for the reply delay, but it’s a good question. I’ll check with the team and get back to you.