Interfaces enable resources from one snap to be shared with another and with the system. For a snap to use an interface, its developer needs to have first defined its corresponding plugs and slots within a snap’s snapcraft.yaml file.
For details on how to add an interface to your own snap, see Snapcraft interfaces. For general usage details, see Interface management.
The table below lists currently supported interfaces, with links to further details for each interface.
The following column names are used:
Interface name is the syntactical interface name, as used by snaps.
Auto-connect indicates that the interface will be connected by default when the snap is first installed, requiring no further user action. If Auto-connect=no, an interface can still be automatically connected if the snap developer has requested, and been granted, explicit permission. See Permission requests for details.
Important: if a snap is installed prior to an interface being granted auto-connect permission, and permission is subsequently granted and the snap updated, when the installed snap updates, the interface will be auto-connected.
Transitional interfaces are used by trusted snaps to access traditional Linux desktop environments that were not designed to integrate with snap isolation. As such, they will become deprecated as replacement or modified technologies that enforce strong application isolation become available.
| Interface name | Description | Auto-connect |
|---|---|---|
| account-control | add/remove user accounts or change passwords | no |
| accounts-service | allows communication with the accounts service | no |
| adb-support | allows operating as Android Debug Bridge service | no |
| alsa | play or record sound | no |
| appstream-metadata | allows access to AppStream metadata | no |
| audio-playback | allows audio playback via supporting services | yes |
| audio-record | allows audio recording via supported services | no |
| autopilot-introspection | be controlled by Autopilot software | no |
| avahi-control | advertise services over the local network | no |
| avahi-observe | detect services and devices over the local network | no |
| block-devices | access to disk block devices | no |
| bluetooth-control | access Bluetooth hardware directly | no |
| bluez | use Bluetooth devices | no |
| bool-file | allows access to specific file with bool semantics | no |
| broadcom-asic-control | control Broadcom network switches | no |
| browser-support | use functions essential for Web browsers | no when allow-sandbox: true, yes otherwise |
| calendar-services | allows communication with Evolution Data Server calendar | no |
| camera | use your camera or webcam | no |
| can-bus | allows access to the CAN bus | no |
| cifs-mount | allows the mounting and unmounting of CIFS filesystems | no |
| classic-support | enable resource access to classic snap | no |
| contacts-service | allows communication with the Evolution Data Server address book | no |
| content | access resources across snaps | yes for snaps from same publisher, no otherwise |
| core-support | deprecated since snap 2.34 | no |
| cpu-control | set certain CPU values | no |
| cups-control | print documents | no |
| daemon-notify | allows sending daemon status changes to service manager | no |
| dbus | allow snaps to communicate over D-Bus | no |
| dcdbas-control | shut down or restart Dell devices | no |
| desktop | provides access to common desktop elements | yes |
| desktop-launch | identify and launch desktop apps from other snaps | no |
| desktop-legacy | enables the use of legacy desktop methods (including input method and accessibility services) | yes |
| device-buttons | use any device-buttons | no |
| display-control | allows configuring display parameters | no |
| docker | start, stop, or manage Docker containers | no |
| docker-support | allows operating as the Docker daemon | no |
| dsp | enables the control of digital signal processors (DSPs) | no |
| dummy | allows testing without additional permissions | no |
| dvb | allows access to all DVB devices and APIs | no |
| firewall-control | configure a network firewall | no |
| framebuffer | access to universal framebuffer devices | no |
| fuse-support | enables access to the FUSE filesystems | no |
| fwupd | allows operating as the fwupd service | no |
| gpg-keys | read GPG user configuration and keys | no |
| gpg-public-keys | read GPG non-sensitive configuration and public keys | no |
| gpio | access specific GPIO pins | no |
| gpio-control | allows to export/unexport and control all GPIOs | no |
| gpio-memory-control | allows write access to all GPIO memory | no |
| greengrass-support | allows operating as the Greengrass service | no |
| gsettings | provides access to any GSettings item for current user | yes |
| hardware-observe | access hardware information | no |
| hardware-random-control | provide entropy to hardware random number generator | no |
| hardware-random-observe | use hardware-generated random numbers | no |
| hidraw | access hidraw devices | no |
| home | access non-hidden files in the home directory | yes on classic (traditional distributions), no otherwise |
| hostname-control | allows configuring the system hostname | no |
| i2c | access i²c devices | no |
| iio | access IIO devices | no |
| intel-mei | access to the Intel MEI management interface | no |
| io-ports-control | allows access to all I/O ports | no |
| jack1 | allows interaction with the JACK audio connection server | no |
| joystick | use any connected joystick | no |
| juju-client-observe | read the Juju client configuration | no |
| kernel-module-control | insert, remove and query kernel modules | no |
| kernel-module-observe | query kernel modules | no |
| kubernetes-support | use functions essential for Kubernetes | no |
| kvm | allows access to the kvm device | no |
| libvirt | provides access to the libvirt service | no |
| locale-control | change system language and region settings | no |
| location-control | allows operating as the location service | no |
| location-observe | access your location | no |
| login-session-control | allows setup of login sessions and grants privileged access to user sessions | no |
| login-session-observe | allows reading login and session information | no |
| log-observe | read system logs | no |
| lxd | provides access to the LXD socket | no |
| lxd-support | allows operating as the LXD service | no |
| maliit | use an on-screen keyboard | no |
| media-hub | access snaps providing the media-hub interface | yes |
| mir | enables access to the Mir display service | yes |
| modem-manager | use and configure modems | no |
| mount-observe | read mount table and quota information | no |
| mpris | control music and video players | no |
| multipass-support | multipass-support allows operating as the Multipass service | no |
| netlink-audit | allows access to kernel audit system through Netlink | no |
| netlink-connector | communicate through the kernel Netlink connector | no |
| netlink-driver | operate a kernel driver module exposed via Netlink | no |
| network | enables network access | yes |
| network-bind | operate as a network service | yes |
| network-control | change low-level network settings | no |
| network-manager | configure and observe networking via NetworkManager | no |
| network-manager-observe | allows observing NetworkManager settings | no |
| network-observe | query network status information | no |
| network-setup-control | change network settings via Netplan | no |
| network-setup-observe | read network settings | no |
| network-status | access the NetworkingStatus service | yes |
| ofono | allows operating as the oFono service | no |
| online-accounts-service | access to the Online Accounts service | yes |
| opengl | access OpenGL/GPU hardware | yes |
| openvswitch | control Open vSwitch hardware | no |
| openvswitch-support | enables kernel support for Open vSwitch | no |
| optical-drive | read/write access to CD/DVD drives | yes, unless drive can write |
| packagekit-control | control the PackageKit service | no |
| password-manager-service | read, add, change, or remove saved passwords | no |
| personal-files | read or write files in the user’s home directory | no |
| physical-memory-control | read and write memory used by any process | no |
| physical-memory-observe | read memory used by any process | no |
| ppp | access to configure and observe PPP networking | no |
| process-control | pause or end any process on the system | no |
| pulseaudio | play and record sound | no |
| raw-input | access raw input devices directly | no |
| raw-usb | access USB hardware directly | no |
| raw-volume | access specific disk partitions | no |
| removable-media | read/write files on removable storage devices | no |
| screencast-legacy | allows screen recording and audio recording alongside writing to arbitrary filesystem paths | no |
| screen-inhibit-control | prevent screen sleep, lock and screensaver | yes |
| sd-control | control SD cards on specific devices | no |
| serial-port | access serial port hardware | no |
| shutdown | restart or power off the device | no |
| snapd-control | install or remove software | no |
| spi | access specific SPI devices | no |
| ssh-keys | access SSH private and public keys | no |
| ssh-public-keys | access SSH public keys | no |
| storage-framework-service | operate as, or interact with, the Storage Framework | no |
| system-backup | read-only access to the system for backups | no |
| system-files | read or write files in the system | no |
| system-observe | read process and system information | no |
| system-packages-doc | access system documentation in /usr/share/doc
|
no |
| system-source-code | access kernel source and headers in /usr/src
|
no |
| system-trace | monitor or control any running program | no |
| thumbnailer-service | create thumbnail images from local media files | no |
| time-control | change the date and time | no |
| timeserver-control | change time server settings | no |
| timezone-control | change the time zone | no |
| tpm | allows access to the Trusted Platform Module device | no |
| u2f-devices | use any U2F devices | no |
| ubuntu-download-manager | use the Ubuntu Download Manager | yes |
| udisks2 | access the UDisks2 service | no |
| uhid | create kernel UID devices from user-space | no |
| uinput | allows write access to /dev/uinput
|
no |
| uio | access uio devices | no |
| unity7 | access legacy desktop resources from Unity7 | yes |
| unity8 | share data with other Unity 8 apps | yes |
| unity8-calendar | read/change shared calendar events in Ubuntu Unity 8 | no |
| unity8-contacts | read/change shared contacts in Ubuntu Unity 8 | no |
| upower-observe | access battery level and power usage | yes |
| wayland | access compositors providing the Wayland protocol | yes |
| x11 | monitor mouse/keyboard input and graphics output of other apps | yes |
Last updated 10 days ago. Help improve this document in the forum.
