how to add extra permissions to a snap?

Sergio Schvezov sergio.schvezov at
Wed May 4 12:49:22 UTC 2016

El 04/05/16 a las 09:44, Yann Sionneau escribió:
> Hello,


> Follow up from a call with Pedro Coca and Didier Roche, I'm sending my
> question on the mailing list as agreed:
> On an IoT device, in the situation of a branded store (so not the main
> public one), how can I do snaps for my device that have special extra
> rights?
> Is it already planned how to achieve this? If yes how? If no can this be
> planned?
> By extra rights, I mean adding access to extra syscalls (others from
> those already granted in network and otheralready existing interfaces),
> or read_paths or write_paths, kind of like what was possible before with
> unconfined/old-security stuff which have been removed.
> I guess this means adding new interfaces which grant those extra rights?

First of all, not saying this is the way it will be, just a way I
imagine it could be.

You add your interface support to the os through snapd; it may or may
not be marked restricted depending on what that functionality is. In
your branded store you may be able to white list certain restricted
interfaces if necessary.

I am just brainstorming here, take my comment with a grain of salt ;-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the snappy-devel mailing list