Snappy capabilities, in baby steps

Zygmunt Krynicki zygmunt.krynicki at
Fri Nov 6 12:19:17 UTC 2015

Hey everyone.

I started working on a new subsystem of snappy, capabilities. Snappy
capabilities were mentioned a few times lately at UOS. There are some
ideas that many people have of what they mean. I can just tell you
what they *are not*. Those are not the Linux capabilities and they are
not the capabilities that we currently have in some for in various
yaml files.. The name clash is less than optimal but I think it is
unavoidable. I'll call them Snappy Capabilities to try to avoid the

I'm just getting started. My plan is very simple: take a small step
and evaluate if the direction is good. I have a small set of goals I'd
like to achieve over the next few days/weeks.

For now the basic idea is that I want to have a concept of a
capability, with an identifier (name) and some type. For now types are
just another name but they will crystallize and will show their
usefulness as we go. I want snappy to have a way to create, probe and
remove capabilities (through the API and command line interface) at
runtime. Later down the line I'd like to associate capabilities with
snaps (again, at runtime) and further on, let capabilities carry some
meta-data (properties). The final step in this short plan is to tie
this into security subsystem (using properties), so that a snap that
is assigned a capability will actually get permissions to do more
things than it did before.

I've started brewing some code. I'll be pushing my branches to github,
following the standard process. I'm also open to discussing them here
if there is some interest in doing that. I'll send an update with the
first branch later today.

Best regards

More information about the snappy-devel mailing list