Auto-connect when installing compatible snaps

Zygmunt Krynicki zygmunt.krynicki at canonical.com
Fri May 27 17:18:49 UTC 2016 

On Fri, May 27, 2016 at 6:17 PM, Jamie Strandboge <jamie at canonical.com> wrote:
> On Fri, 2016-05-27 at 15:10 +0200, Alfonso Sanchez-Beato wrote:
>> Hi list,
>>
>> Which is the current status of the auto-connect story? Currently we are
>> working on network-manager and modem-manager snaps, which ideally should
>> connect compatible plugs/slots when both are installed in the system (this
>> is indeed just one scenario for this feature).
>>
>> Otherwise we need to
>> 1. Install both
>> 2. Connect plugs to slots
>> 3. Re-start services (due to apparmor denials when trying to register for
>> tracking DBus name for partner before connection is established)
>>
>
> Zyga can correct me here as needed but how it is supposed to work is that the
> network-manager interface is supposed to define enough in its PermanentSlot
> security policy to allow a snap providing the slot to run upon install (ie,
> permanent slot policy can be thought of as auto-connected on install). When
> another snap plugs into the network-manager slot, the ConnectedSlot policy is
> added to the snap providing the slot and the ConnectedPlug policy is added to
> the plugging snap. When that happens, the security policy is reloaded into the
> kernel for both sides and the snap providing the slot should not have to be
> restarted. If this isn't working for you, please file a bug. Depending on how
> your plugging service is written, it may need to be restarted, but it could be
> written in such a way as to (politely) keep trying until it is connected.

That is accurate. For network manager you should not need to connect
to the slot for the service to function properly.

> As for auto-connections in general, decisions to auto-connect or not are made on
> a case by case basis between the snappy architects (Gustavo), snappy (zyga) and
> security (typically me) teams. This is something we are actively working through
> and there will be quite a few improvements in this area. For the moment for
> network-manager in particular, you need to install both and do one 'slot
> connect' operation.

I think that for n-m we should consider auto-connecting the tool to
the service but this is obviously not invalidating what I said above
about permanent slot snippet. In general I would also auto-connect
compatible plug/slots from within one snap, on install.

Thanks
ZK

More information about the Snapcraft mailing list