Interfaces enable resources from one snap to be shared with another. For general usage details, see Interface management.

The table below lists currently supported interfaces, with links to further details for each interface.

The following column names are used:

  • Interface name is the syntactical interface name, as used by snaps.

  • Auto-connect indicates that the interface will be connected by default when the snap is first
    installed, requiring no further user action.

  • Transitional interfaces are used by trusted snaps to access traditional Linux desktop environments that were not designed to integrate with snap isolation. As such, they will become deprecated as replacement or modified technologies that enforce strong application isolation become available.

Interface name Description Auto-connect
account-control add/remove user accounts or change passwords no
accounts-service allows communication with the accounts service no
alsa play or record sound no
autopilot-introspection be controlled by Autopilot software no
avahi-control advertise services over the local network no
avahi-observe detect services and devices over the local network no
bluetooth-control access Bluetooth hardware directly no
bluez use Bluetooth devices no
bool-file allows access to specific file with bool semantics no
broadcom-asic-control control Broadcom network switches no
browser-support use functions essential for Web browsers no when allow-sandbox: true, yes otherwise
calendar-services allows communication with Evolution Data Server calendar no
camera use your camera or webcam no
can-bus allows access to the CAN bus no
classic-support enable resource access to classic snap no
content access resources across snaps yes for snaps from same publisher, no otherwise
core-support deprecated since snap 2.34 no
cpu-control set certain CPU values no
cups-control print documents no
daemon-notify allows sending daemon status changes to service manager no
dbus allow snaps to communicate over D-Bus no
dcdbas-control shut down or restart Dell devices no
desktop provides access to common desktop elements yes
desktop-legacy enables the use of legacy desktop methods(including input method and accessibility services) yes
docker start, stop, or manage Docker containers no
docker-support no
dummy allows testing without additional permissions no
dvb allows access to all DVB devices and APIs no
firewall-control configure a network firewall no
framebuffer access to universal framebuffer devices no
fuse-support enables access to the FUSE filesystems no
fwupd allows operating as the fwupd service no
gpg-keys read GPG user configuration and keys no
gpg-public-keys read GPG non-sensitive configuration and public keys no
gpio access specific GPIO pins no
gpio-memory-control allows write access to all GPIO memory no
greengrass-support allows operating as the Greengrass service no
gsettings provides access to any GSettings item for current user yes
hardware-observe access hardware information no
hardware-random-control provide entropy to hardware random number generator no
hardware-random-observe use hardware-generated random numbers no
hidraw access hidraw devices no
home access non-hidden files in the home directory yes on classic (traditional distributions), no otherwise
hostname-control allows configuring the system hostname no
i2c access i²c devices no
iio access IIO devices no
io-ports-control allows access to all I/O ports no
joystick use any connected joystick no
juju-client-observe read the Juju client configuration no
kernel-module-control insert, remove and query kernel modules no
kubernetes-support use functions essential for Kubernetes no
kvm allows access to the kvm device no
libvirt provides access to the libvirt service no
locale-control change system language and region settings no
location-control allows operating as the location service no
location-observe access your location no
log-observe read system logs no
lxd provides access to the LXD socket no
lxd-support allows operating as the LXD service no
maliit use an on-screen keyboard no
media-hub access snaps providing the media-hub interface yes
mir enables access to the Mir display service yes
modem-manager use and configure modems no
mount-observe read mount table and quota information no
mpris control music and video players no
netlink-audit allows access to kernel audit system through Netlink no
netlink-connector communicate through the kernel Netlink connector no
network enables network access yes
network-bind operate as a network service yes
network-control change low-level network settings no
network-manager configure and observe networking via NetworkManager no
network-observe query network status information no
network-setup-control change network settings via Netplan no
network-setup-observe read network settings no
network-status access the NetworkingStatus service yes
ofono allows operating as the oFono service no
online-accounts-service access to the Online Accounts service yes
opengl access OpenGL hardware yes
openvswitch control Open vSwitch hardware no
openvswitch-support enables kernel support for Open vSwitch no
optical-drive read/write access to CD/DVD drives yes, unless drive can write
password-manager-service read, add, change, or remove saved passwords no
physical-memory-control read and write memory used by any process no
physical-memory-observe read memory used by any process no
ppp access to configure and observe PPP networking no
process-control pause or end any process on the system no
pulseaudio play and record sound yes
raw-usb access USB hardware directly no
removable-media read/write files on removable storage devices no
screen-inhibit-control prevent screen sleep, lock and screensaver yes
serial-port access serial port hardware no
shutdown restart or power off the device no
snapd-control install or remove software no
spi access specific SPI devices no
ssh-keys access SSH private and public keys no
ssh-public-keys access SSH public keys no
storage-framework-service operate as, or interact with, the Storage Framework no
system-observe read process and system information no
system-trace monitor or control any running program no
thumbnailer-service create thumbnail images from local media files no
time-control change the date and time no
timeserver-control change time server settings no
timezone-control change the time zone no
tpm allows access to the Trusted Platform Module device no
ubuntu-download-manager use the Ubuntu Download Manager yes
udisks2 access the UDisks2 service no
uhid create kernel UID devices from user-space no
unity7 access legacy desktop resources from Unity7 yes
unity8 share data with other Unity 8 apps yes
unity8-calendar read/change shared calendar events in Ubuntu Unity 8 no
unity8-contacts read/change shared contacts in Ubuntu Unity 8 no
upower-observe access battery level and power usage yes
wayland access compositors providing the Wayland protocol yes
x11 monitor mouse/keyboard input and graphics output of other apps yes