Interfaces

Interfaces enable resources from one snap to be shared with another and with the system. The table below lists currently supported interfaces, with links to further details for each interface.

The following column names are used:

  • Interface is the syntactical interface name, as used by snaps.

  • Description is a brief overview of what the interface permits. Select the interface name to open the interface-specific page for a more detailed description on each interface.

  • Categories are used to split interfaces into broad types, and also to indicate what kind of access they permit. Video, graphics and audio are typical desktop requirements, for example, while VM, Container, Kernel and Developer imply more specific roles. The Ubuntu Core category is used to denote when an interface is intended for Ubuntu Core, and Super privileged is used when an interface requires extra security scrutiny. See Super-privileged interfaces for more information.

  • Auto-connect indicates that the interface will be connected by default when the snap is first installed, requiring no further user action. If Auto-connect=no, an interface can still be automatically connected if the snap developer has requested, and been granted, explicit permission. See Interface connection mechanism for details.

Interface

Description

Categories

Auto-connect

account-control

add/remove user accounts or change passwords

System, Account

no

accounts-service

allows communication with the accounts service

System, Account

no

acrn

allows access to user VMs using the ACRN hypervisor

VM, Hypervisor, Developer

no

adb-support

allows operating as Android Debug Bridge service

ADB, Developer

no

allegro-vcu

access the Allegro Video Core Unit

Video, Graphics

no

alsa

play or record sound

Audio, Media

no

appstream-metadata

allows access to AppStream metadata

System, Developer, Manage software

no

audio-playback

allows audio playback via supporting services

Audio, Media, Playback

yes

audio-record

allows audio recording via supported services

Audio, Media, Record

no

autopilot-introspection

be controlled by Autopilot software

System, Developer

no

avahi-control

advertise services over the local network

Network, Local network, Nearby devices

no

avahi-observe

detect services and devices over the local network

Network, Local network, Nearby devices

no

block-devices

access to disk block devices

Super privileged, Storage, Low level

no

bluetooth-control

access Bluetooth hardware directly

Network, Bluetooth, Nearby devices

no

bluez

use Bluetooth devices

Network, Bluetooth, Nearby devices

no

bool-file

allows access to specific file with bool semantics

System, Low level, Privileged

no

broadcom-asic-control

control Broadcom network switches

Network, System

no

browser-support

use functions essential for Web browsers

Browser, Network

no when allow-sandbox: true, yes otherwise

calendar-services

allows communication with Evolution Data Server calendar

Personal data, Contacts and calendar

no

camera

use your camera or webcam

Camera, Media, Personal data

no

can-bus

allows access to the CAN bus

System, Developer

no

cifs-mount

allows the mounting and unmounting of CIFS filesystems

Network,Storage

no

classic-support

enable resource access to classic snap

Super privileged, Ubuntu Core

no

confdb

permit access confdb configuration system

System

no

contacts-service

allows communication with the Evolution Data Server address book

Personal data, Contacts and calendar

no

content

access resources across snaps

Storage, Files, Attributes

yes for snaps from same publisher, no otherwise

core-support

deprecated since snap 2.34

System, Other

no

cpu-control

set certain CPU values

System, Developer

no

cups

access to the CUPS socket for printing

Printing

not applicable

cups-control

print documents

Printing

no

custom-device

permits access to a specific class of device

Super privileged, Ubuntu Core

no

daemon-notify

allows sending daemon status changes to service manager

System, Developer

no

dbus

allow snaps to communicate over D-Bus

System, Developer

no

dcdbas-control

shut down or restart Dell devices

Developer

no

desktop

provides access to common desktop elements

Desktop

yes

desktop-launch

identify and launch desktop apps from other snaps

Super privileged, Desktop

no

desktop-legacy

enables the use of legacy desktop methods (including input method and accessibility services)

Desktop

yes

device-buttons

use any device-buttons

Hardware, Developer

no

display-control

allows configuring display parameters

Display, Graphics

no

dm-crypt

access encrypted storage devices

Super privileged, Ubuntu Core, Storage

no

docker

start, stop, or manage Docker containers

Super privileged, Containers

no

docker-support

allows operating as the Docker daemon

Super privileged, Containers

no

dsp

enables the control of digital signal processors (DSPs)

Hardware, Developer

no

dummy

renamed to empty interface

System, Other

no

dvb

allows access to all DVB devices and APIs

Hardware, Developer, Media

no

empty

allows testing without additional permissions

System, Other

no

firewall-control

configure a network firewall

Network

no

fpga

permits access to an FPGA subsystem

Hardware, Developer

no

framebuffer

access to universal framebuffer devices

Hardware, Developer

no

fuse-support

enables access to the FUSE filesystems

Storage

no

fwupd

allows operating as the fwupd service

System, Security, Firmware

no

gconf

access the legacy GConf config system

System, Developer, Settings

no

gpg-keys

read GPG user configuration and keys

GPG, Personal data, Security

no

gpg-public-keys

read GPG non-sensitive configuration and public keys

GPG, Personal data, Security

no

gpio

access specific GPIO pins

GPIO, Hardware, Developer

no

gpio-control

allows to export/unexport and control all GPIOs

Super privileged, GPIO

no

gpio-memory-control

allows write access to all GPIO memory

GPIO, Hardware, Developer

no

greengrass-support

allows operating as the Greengrass service

Super privileged, Edge, AWS, Discrete

no

gsettings

provides access to any GSettings item for current user

System, Developer, Settings

yes

hardware-observe

access hardware information

System, Hardware

no

hardware-random-control

provide entropy to hardware random number generator

System, Hardware

no

hardware-random-observe

use hardware-generated random numbers

System, Hardware

no

hidraw

access hidraw devices

System

no

home

access non-hidden files in the home directory

Storage, Personal data

yes on classic (traditional distributions), no otherwise

hostname-control

allows configuring the system hostname

Network

no

hugepages-control

control HugePages memory blocks

System, Memory, Kernel

no

i2c

access i²c devices

System, Hardware

no

iio

access IIO devices

System, Hardware

no

intel-mei

access to the Intel MEI management interface

System, Firmware

no

intel-qat

provides permissions for Intel QAT devices

Hardware

no

io-ports-control

allows access to all I/O ports

System,

no

ion-memory-control

access Android’s ION memory allocator

Super privileged, System

no

jack1

allows interaction with the JACK audio connection server

Audio, Media

no

joystick

use any connected joystick

Hardware, Developer

no

juju-client-observe

read the Juju client configuration

Developer, Discrete

no

kernel-crypto-api

read and manage kernel supported crypto ciphers

System, Kernel, Security

no

kernel-firmware-control

permits a custom kernel firmware search path

Super privileged

no

kernel-module-control

insert, remove and query kernel modules

Super privileged, System, Kernel

no

kernel-module-load

load, or deny loading, specific kernel modules

Super privileged, System, Kernel

no

kernel-module-observe

query kernel modules

System, Kernel

no

kubernetes-support

use functions essential for Kubernetes

Super privileged, Hypervisor, Discrete

no

kvm

allows access to the kvm device

VM, Hypervisor, Developer

no

libvirt

provides access to the libvirt service

VM, Hypervisor, Developer

no

locale-control

change system language and region settings

Language and region, Personalisation

no

location-control

allows operating as the location service

Location

no

location-observe

access your location

Location

no

log-observe

read system logs

System, Developer

no

login-session-control

allows setup of login sessions and grants privileged access to user sessions

System, Security

no

login-session-observe

allows reading login and session information

System, Security

no

lxd

provides access to the LXD socket

Super privileged, Container, Discrete

no

lxd-support

allows operating as the LXD service

Super privileged, Container, Discrete

no

maliit

use an on-screen keyboard

Developer

no

media-control

access media control devices and Video4Linux (V4L) devices

Hardware, Developer, Media, Video

no

media-hub

access snaps providing the media-hub interface

Developer, Media

yes

microceph

permits access to the MicroCeph socket, which is used internally by the microceph snap

Super privileged, Container

no

microceph-support

permits the microceph snap to operate as the MicroCeph service

Super privileged, Container

no

microovn

used only by the MicroOVN snap for socket access

Network, Super privileged

no

microstack-support

multiple service access to the Microstack infrastructure

Super privileged, Container, Discrete

no

mir

enables access to the Mir display service

Display

yes

modem-manager

use and configure modems

Network

no

mount-control

mount and unmount transient and persistent filesystem mount points

Super privileged, Storage

no

mount-observe

read mount table and quota information

Storage

no

mpris

media key control of music and video players

Sound

no

multipass-support

multipass-support allows operating as the Multipass service

Super privileged, VM, Discrete

no

netlink-audit

allows access to kernel audit system through Netlink

Inter-process communication (IPC), Netlink, Developer

no

netlink-connector

communicate through the kernel Netlink connector

Inter-process communication (IPC), Netlink, Developer

no

netlink-driver

operate a kernel driver module exposed via Netlink

Inter-process communication (IPC), Netlink, Developer

no

network

enables network access

Network

yes

network-bind

operate as a network service

Network

yes

network-control

change low-level network settings

Network

no

network-manager

configure and observe networking via NetworkManager

Network

no

network-manager-observe

allows observing NetworkManager settings

Network

no

network-observe

query network status information

Network

no

network-setup-control

change network settings via Netplan

Network

no

network-setup-observe

read network settings

Network

no

network-status

access the NetworkStatus service

Network

yes

nfs-mount

allows the mounting and unmounting of Network File System mount points

Network, Service

no

nomad-support

enable’s HashiCorp’s Nomad to access CPU and memory management

System, Containers, Service

no

nvidia-drivers-support

internally used NVIDIA access

Super privileged, Ubuntu Core

no

ofono

allows operating as the oFono service

Network, Discrete, Developer

no

online-accounts-service

access to the Online Accounts service

Service, Developer

yes

opengl

access OpenGL/GPU hardware

Display, Graphics

yes

openvswitch

control Open vSwitch hardware

Network, Service, Developer

no

openvswitch-support

enables kernel support for Open vSwitch

Network, Service, Developer

no

optical-drive

read/write access to CD/DVD drives

Storage, Hardware, Developer

yes, unless drive can write

packagekit-control

control the PackageKit service

Super privileged, Packaging

no

password-manager-service

read, add, change, or remove saved passwords

System, Security

no

pcscd

permits communication with PCSD smart card daemon

Security

no

personal-files

read or write files in the user’s home directory

Super privileged, Personal data, Attributes

no

physical-memory-control

read and write memory used by any process

System, Memory, Kernel

no

physical-memory-observe

read memory used by any process

System, Memory, Kernel

no

pipewire

access the PipeWire server

Audio, Media, Video

no

pkcs11

enables the cryptographic token interface standard to be used

Security, Super privileged

no

polkit

access to the polkit authorisation manager

Security, System, Super privileged

no

polkit-agent

permits applications to register as polkit agents

Security, System, Super privileged

no

posix-mq

enables inter-process communication (IPC) messages

Super privileged, IPC

no by default, yes with snaps from the same publisher

power-control

read and write system power settings

System, Power

no

ppp

access to configure and observe PPP networking

Network

no

process-control

pause or end any process on the system

System

no

ptp

access to the Precision Time Protocol subsystem

System, Developer

no

pulseaudio

play and record sound

Audio, Media

no

pwm

access specific PWM channels

System, Developer, Hardware, WIP

no

qualcomm-ipc-router

access Qualcomm IPC router sockets

IPC, Kernel, System

no

raw-input

access raw input devices directly

System, Developer, Hardware

no

raw-usb

access USB hardware directly

System, Developer, Hardware

no

raw-volume

access specific disk partitions

Storage

no

remoteproc

interact with the kernel’s Remote Processor Framework

Super privileged

no

ros-opt-data

read-only access to ROS directories

Storage

no

ros-snapd-support

allows the snaps ros-snapd and ros2-snapd the use of snapd’s apps control API

Super privileged

no

removable-media

read/write files on removable storage devices

Storage

no

screencast-legacy

allows screen recording and audio recording alongside writing to arbitrary filesystem paths

Legacy

no

screen-inhibit-control

prevent screen sleep, lock and screensaver

Display

yes

scsi-generic

read and write access to SCSI Generic driver devices

Storage, Super privileged

no

sd-control

control SD cards on specific devices

Super privileged, Storage

no

serial-port

access serial port hardware

System, Developer, Hardware

no

shared-memory

enables two snaps to access the same shared memory

Super privileged, IPC

no by default, yes with snaps from the same publisher

shutdown

restart or power off the device

Super privileged, System, Power

no

snap_interfaces_requests_control

enables the prompting API and its access to prompting-related notice types

System

no

snap-refresh-control

permits bespoke snap refresh control

Super privileged, Packaging

no

snap-refresh-observe

enables the tracking of snap refreshes

Super privileged, Packaging

no

snapd-control

install or remove software

Super privileged, Packaging

no

spi

access specific SPI devices

System, Developer, Hardware

no

ssh-keys

access SSH private and public keys

Security

no

ssh-public-keys

access SSH public keys

Security

no

steam-support

allows the Steam snap to access pressure-vessel containers

Super privileged, Discrete

no

storage-framework-service

operate as, or interact with, the Storage Framework

Storage

no

system-backup

read-only access to the system for backups

Storage

no

system-files

read or write files in the system

Super privileged, Storage, Attributes

no

system-observe

read process and system information

Monitoring, System

no

system-packages-doc

access system documentation in /usr/share/doc

Developer

no

system-source-code

access kernel source and headers in /usr/src

Developer

no

system-trace

monitor or control any running program

Monitoring, System

no

tee

permits access to the Trusted Execution Environment

Super privileged, Security, Ubuntu Core

no

thumbnailer-service

create thumbnail images from local media files

Storage, Media

no

time-control

change the date and time

Time

no

timeserver-control

change time server settings

Time

no

timezone-control

change the time zone

Time

no

tpm

allows access to the Trusted Platform Module device

Kernel, Security

no

u2f-devices

use any U2F devices

Security, Hardware, Developer

no

ubuntu-download-manager

use the Ubuntu Download Manager

System, Developer, Manage software

yes

udisks2

access the UDisks2 service

Storage

no

uhid

create kernel UID devices from user-space

Hardware, Kernel, System

no

uinput

allows write access to /dev/uinput

Super privileged, Hardware

no

uio

access uio devices

Hardware, System

no

unity7

access legacy desktop resources from Unity7

Display

yes

unity8

share data with other Unity 8 apps

Display, Super privileged

yes

unity8-calendar

read/change shared calendar events in Ubuntu Unity 8

Personal data

no

unity8-contacts

read/change shared contacts in Ubuntu Unity 8

Personal data

no

upower-observe

access battery level and power usage

System, Power

yes

userns

permits a snap to create a new namespace

Super privileged

no

vcio

access a Raspberry Pi’s VideoCore multimedia processor

Video, Graphics, Ubuntu Core

no

wayland

access compositors providing the Wayland protocol

Display

yes

x11

monitor mouse/keyboard input and graphics output of other apps

Display

yes

xilinx_dma

allows access to Xilinx DMA IP from a connected PCIe card

Ubuntu Core, Super privileged

no