Snappy capabilities, in baby steps

Zygmunt Krynicki zygmunt.krynicki at
Mon Nov 9 20:29:16 UTC 2015

On Fri, Nov 6, 2015 at 1:19 PM, Zygmunt Krynicki
<zygmunt.krynicki at> wrote:
> Hey everyone.
> I started working on a new subsystem of snappy, capabilities. Snappy
> capabilities were mentioned a few times lately at UOS. There are some
> ideas that many people have of what they mean. I can just tell you
> what they *are not*. Those are not the Linux capabilities and they are
> not the capabilities that we currently have in some for in various
> yaml files.. The name clash is less than optimal but I think it is
> unavoidable. I'll call them Snappy Capabilities to try to avoid the
> confusion.
> I'm just getting started. My plan is very simple: take a small step
> and evaluate if the direction is good. I have a small set of goals I'd
> like to achieve over the next few days/weeks.
> For now the basic idea is that I want to have a concept of a
> capability, with an identifier (name) and some type. For now types are
> just another name but they will crystallize and will show their
> usefulness as we go. I want snappy to have a way to create, probe and
> remove capabilities (through the API and command line interface) at
> runtime. Later down the line I'd like to associate capabilities with
> snaps (again, at runtime) and further on, let capabilities carry some
> meta-data (properties). The final step in this short plan is to tie
> this into security subsystem (using properties), so that a snap that
> is assigned a capability will actually get permissions to do more
> things than it did before.
> I've started brewing some code. I'll be pushing my branches to github,
> following the standard process. I'm also open to discussing them here
> if there is some interest in doing that. I'll send an update with the
> first branch later today.

Hey again.

You can find my first merge requests over at [1] and [2]. Tomorrow I
will focus on integrating with the REST API and the snappy command
line tool.

Best regards


More information about the snappy-devel mailing list