Supported interfaces

Interfaces enable resources from one snap to be shared with another and with the system. The table below lists currently supported interfaces, with links to further details for each interface.

The following column names are used:

  • Interface is the syntactical interface name, as used by snaps.

  • Description is a brief overview of what the interface permits. Select the interface name to open the interface-specific page for a more detailed description on each interface.

  • Categories are used to split interfaces into broad types, and also to indicate what kind of access they permit. Video, graphics and audio are typical desktop requirements, for example, while VM, Container, Kernel and Developer imply more specific roles. The Ubuntu Core category is used to denote when an interface is intended for Ubuntu Core, and Super privileged is used when an interface requires extra security scrutiny. See Super-privileged interfaces for more information.

  • Auto-connect indicates that the interface will be connected by default when the snap is first installed, requiring no further user action. If Auto-connect=no, an interface can still be automatically connected if the snap developer has requested, and been granted, explicit permission. See Interface connection mechanism for details.


Interface Description Categories Auto-connect
account-control add/remove user accounts or change passwords System, Account no
accounts-service allows communication with the accounts service System, Account no
acrn allows access to user VMs using the ACRN hypervisor VM, Hypervisor, Developer no
adb-support allows operating as Android Debug Bridge service ADB, Developer no
allegro-vcu access the Allegro Video Core Unit Video, Graphics no
alsa play or record sound Audio, Media no
appstream-metadata allows access to AppStream metadata System, Developer, Manage software no
audio-playback allows audio playback via supporting services Audio, Media, Playback yes
audio-record allows audio recording via supported services Audio, Media, Record no
autopilot-introspection be controlled by Autopilot software System, Developer no
avahi-control advertise services over the local network Network, Local network, Nearby devices no
avahi-observe detect services and devices over the local network Network, Local network, Nearby devices no
block-devices access to disk block devices Super privileged, Storage, Low level no
bluetooth-control access Bluetooth hardware directly Network, Bluetooth, Nearby devices no
bluez use Bluetooth devices Network, Bluetooth, Nearby devices no
bool-file allows access to specific file with bool semantics System, Low level, Privileged no
broadcom-asic-control control Broadcom network switches Network, System no
browser-support use functions essential for Web browsers Browser, Network no when allow-sandbox: true, yes otherwise
calendar-services allows communication with Evolution Data Server calendar Personal data, Contacts and calendar no
camera use your camera or webcam Camera, Media, Personal data no
can-bus allows access to the CAN bus System, Developer no
cifs-mount allows the mounting and unmounting of CIFS filesystems Network,Storage no
classic-support enable resource access to classic snap Super privileged, Ubuntu Core no
contacts-service allows communication with the Evolution Data Server address book Personal data, Contacts and calendar no
content access resources across snaps Storage, Files, Attributes yes for snaps from same publisher, no otherwise
core-support deprecated since snap 2.34 System, Other no
cpu-control set certain CPU values System, Developer no
cups access to the CUPS socket for printing Printing not applicable
cups-control print documents Printing no
custom-device permits access to a specific class of device Super privileged, Ubuntu Core no
daemon-notify allows sending daemon status changes to service manager System, Developer no
dbus allow snaps to communicate over D-Bus System, Developer no
dcdbas-control shut down or restart Dell devices Developer no
desktop provides access to common desktop elements Desktop yes
desktop-launch identify and launch desktop apps from other snaps Super privileged, Desktop no
desktop-legacy enables the use of legacy desktop methods (including input method and accessibility services) Desktop yes
device-buttons use any device-buttons Hardware, Developer no
display-control allows configuring display parameters Display, Graphics no
dm-crypt access encrypted storage devices Super privileged, Ubuntu Core, Storage no
docker start, stop, or manage Docker containers Super privileged, Containers no
docker-support allows operating as the Docker daemon Super privileged, Containers no
dsp enables the control of digital signal processors (DSPs) Hardware, Developer no
dummy renamed to empty interface System, Other no
dvb allows access to all DVB devices and APIs Hardware, Developer, Media no
empty allows testing without additional permissions System, Other no
firewall-control configure a network firewall Network no
fpga permits access to an FPGA subsystem Hardware, Developer no
framebuffer access to universal framebuffer devices Hardware, Developer no
fuse-support enables access to the FUSE filesystems Storage no
fwupd allows operating as the fwupd service System, Security, Firmware no
gconf access the legacy GConf config system System, Developer, Settings no
gpg-keys read GPG user configuration and keys GPG, Personal data, Security no
gpg-public-keys read GPG non-sensitive configuration and public keys GPG, Personal data, Security no
gpio access specific GPIO pins GPIO, Hardware, Developer no
gpio-control allows to export/unexport and control all GPIOs Super privileged, GPIO no
gpio-memory-control allows write access to all GPIO memory GPIO, Hardware, Developer no
greengrass-support allows operating as the Greengrass service Super privileged, Edge, AWS, Discrete no
gsettings provides access to any GSettings item for current user System, Developer, Settings yes
hardware-observe access hardware information System, Hardware no
hardware-random-control provide entropy to hardware random number generator System, Hardware no
hardware-random-observe use hardware-generated random numbers System, Hardware no
hidraw access hidraw devices System no
home access non-hidden files in the home directory Storage, Personal data yes on classic (traditional distributions), no otherwise
hostname-control allows configuring the system hostname Network no
hugepages-control control HugePages memory blocks System, Memory, Kernel no
i2c access i²c devices System, Hardware no
iio access IIO devices System, Hardware no
intel-mei access to the Intel MEI management interface System, Firmware no
intel-qat provides permissions for Intel QAT devices Hardware no
io-ports-control allows access to all I/O ports System, no
ion-memory-control access Android’s ION memory allocator Super privileged, System no
jack1 allows interaction with the JACK audio connection server Audio, Media no
joystick use any connected joystick Hardware, Developer no
juju-client-observe read the Juju client configuration Developer, Discrete no
kernel-crypto-api read and manage kernel supported crypto ciphers System, Kernel, Security no
kernel-firmware-control permits a custom kernel firmware search path Super privileged no
kernel-module-control insert, remove and query kernel modules Super privileged, System, Kernel no
kernel-module-load load, or deny loading, specific kernel modules Super privileged, System, Kernel no
kernel-module-observe query kernel modules System, Kernel no
kubernetes-support use functions essential for Kubernetes Super privileged, Hypervisor, Discrete no
kvm allows access to the kvm device VM, Hypervisor, Developer no
libvirt provides access to the libvirt service VM, Hypervisor, Developer no
locale-control change system language and region settings Language and region, Personalisation no
location-control allows operating as the location service Location no
location-observe access your location Location no
log-observe read system logs System, Developer no
login-session-control allows setup of login sessions and grants privileged access to user sessions System, Security no
login-session-observe allows reading login and session information System, Security no
lxd provides access to the LXD socket Super privileged, Container, Discrete no
lxd-support allows operating as the LXD service Super privileged, Container, Discrete no
maliit use an on-screen keyboard Developer no
media-control access media control devices and Video4Linux (V4L) devices Hardware, Developer, Media, Video no
media-hub access snaps providing the media-hub interface Developer, Media yes
microceph permits access to the MicroCeph socket, which is used internally by the microceph snap Super privileged, Container no
microceph-support permits the microceph snap to operate as the MicroCeph service Super privileged, Container no
microovn used only by the MicroOVN snap for socket access Network, Super privileged no
microstack-support multiple service access to the Microstack infrastructure Super privileged, Container, Discrete no
mir enables access to the Mir display service Display yes
modem-manager use and configure modems Network no
mount-control mount and unmount transient and persistent filesystem mount points Super privileged, Storage no
mount-observe read mount table and quota information Storage no
mpris media key control of music and video players Sound no
multipass-support multipass-support allows operating as the Multipass service Super privileged, VM, Discrete no
netlink-audit allows access to kernel audit system through Netlink Inter-process communication (IPC), Netlink, Developer no
netlink-connector communicate through the kernel Netlink connector Inter-process communication (IPC), Netlink, Developer no
netlink-driver operate a kernel driver module exposed via Netlink Inter-process communication (IPC), Netlink, Developer no
network enables network access Network yes
network-bind operate as a network service Network yes
network-control change low-level network settings Network no
network-manager configure and observe networking via NetworkManager Network no
network-manager-observe allows observing NetworkManager settings Network no
network-observe query network status information Network no
network-setup-control change network settings via Netplan Network no
network-setup-observe read network settings Network no
network-status access the NetworkStatus service Network yes
nfs-mount allows the mounting and unmounting of Network File System mount points Network, Service no
nomad-support enable’s HashiCorp’s Nomad to access CPU and memory management System, Containers, Service no
nvidia-drivers-support internally used NVIDIA access Super privileged, Ubuntu Core no
ofono allows operating as the oFono service Network, Discrete, Developer no
online-accounts-service access to the Online Accounts service Service, Developer yes
opengl access OpenGL/GPU hardware Display, Graphics yes
openvswitch control Open vSwitch hardware Network, Service, Developer no
openvswitch-support enables kernel support for Open vSwitch Network, Service, Developer no
optical-drive read/write access to CD/DVD drives Storage, Hardware, Developer yes, unless drive can write
packagekit-control control the PackageKit service Super privileged, Packaging no
password-manager-service read, add, change, or remove saved passwords System, Security no
pcscd permits communication with PCSD smart card daemon Security no
personal-files read or write files in the user’s home directory Super privileged, Personal data, Attributes no
physical-memory-control read and write memory used by any process System, Memory, Kernel no
physical-memory-observe read memory used by any process System, Memory, Kernel no
pkcs11 enables the cryptographic token interface standard to be used Security, Super privileged no
polkit access to the polkit authorisation manager Security, System, Super privileged no
polkit-agent permits applications to register as polkit agents Security, System, Super privileged no
posix-mq enables inter-process communication (IPC) messages Super privileged, IPC no by default, yes with snaps from the same publisher
power-control read and write system power settings System, Power no
ppp access to configure and observe PPP networking Network no
process-control pause or end any process on the system System no
ptp access to the Precision Time Protocol subsystem System, Developer no
pulseaudio play and record sound Audio, Media no
pwm access specific PWM channels System, Developer, Hardware, WIP no
qualcomm-ipc-router access Qualcomm IPC router sockets IPC, Kernel, System no
raw-input access raw input devices directly System, Developer, Hardware no
raw-usb access USB hardware directly System, Developer, Hardware no
raw-volume access specific disk partitions Storage no
remoteproc interact with the kernel’s Remote Processor Framework Super privileged no
ros-opt-data read-only access to ROS directories Storage no
removable-media read/write files on removable storage devices Storage no
screencast-legacy allows screen recording and audio recording alongside writing to arbitrary filesystem paths Legacy no
screen-inhibit-control prevent screen sleep, lock and screensaver Display yes
scsi-generic read and write access to SCSI Generic driver devices Storage, Super privileged no
sd-control control SD cards on specific devices Super privileged, Storage no
serial-port access serial port hardware System, Developer, Hardware no
shared-memory enables two snaps to access the same shared memory Super privileged, IPC no by default, yes with snaps from the same publisher
shutdown restart or power off the device Super privileged, System, Power no
snap_interfaces_requests_control enables the prompting API and its access to prompting-related notice types System no
snap-refresh-control permits bespoke snap refresh control Super privileged, Packaging no
snap-refresh-observe enables the tracking of snap refreshes Super privileged, Packaging no
snapd-control install or remove software Super privileged, Packaging no
spi access specific SPI devices System, Developer, Hardware no
ssh-keys access SSH private and public keys Security no
ssh-public-keys access SSH public keys Security no
steam-support allows the Steam snap to access pressure-vessel containers Super privileged, Discrete no
storage-framework-service operate as, or interact with, the Storage Framework Storage no
system-backup read-only access to the system for backups Storage no
system-files read or write files in the system Super privileged, Storage, Attributes no
system-observe read process and system information Monitoring, System no
system-packages-doc access system documentation in /usr/share/doc Developer no
system-source-code access kernel source and headers in /usr/src Developer no
system-trace monitor or control any running program Monitoring, System no
tee permits access to the Trusted Execution Environment Super privileged, Security, Ubuntu Core no
thumbnailer-service create thumbnail images from local media files Storage, Media no
time-control change the date and time Time no
timeserver-control change time server settings Time no
timezone-control change the time zone Time no
tpm allows access to the Trusted Platform Module device Kernel, Security no
u2f-devices use any U2F devices Security, Hardware, Developer no
ubuntu-download-manager use the Ubuntu Download Manager System, Developer, Manage software yes
udisks2 access the UDisks2 service Storage no
uhid create kernel UID devices from user-space Hardware, Kernel, System no
uinput allows write access to /dev/uinput Super privileged, Hardware no
uio access uio devices Hardware, System no
unity7 access legacy desktop resources from Unity7 Display yes
unity8 share data with other Unity 8 apps Display, Super privileged yes
unity8-calendar read/change shared calendar events in Ubuntu Unity 8 Personal data no
unity8-contacts read/change shared contacts in Ubuntu Unity 8 Personal data no
upower-observe access battery level and power usage System, Power yes
userns permits a snap to create a new namespace Super privileged no
vcio access a Raspberry Pi’s VideoCore multimedia processor Video, Graphics, Ubuntu Core no
wayland access compositors providing the Wayland protocol Display yes
x11 monitor mouse/keyboard input and graphics output of other apps Display yes
xilinx_dma allows access to Xilinx DMA IP from a connected PCIe card Ubuntu Core, Super privileged no

Last updated 19 hours ago.