Add custom AppArmor rules to snap?

16.04 ubuntu-core snap apparmor

Solution 1:

In 16.04 the way to do this is with an 'interface' defined in the snapd code, that is driven by a custom schema in your snap definition. There are a bunch already defined, and it looks like all you need are:

  • a raw disk interface (iirc someone else wants that too)
  • a raw ethernet interface

You're unlikely to get a blanket /sys/devices/* landed, but I suspect you actually need specific types of access to specific types of devices, and those can all be designed and landed.

The best place to hash out what you need is in #snappy on freenode IRC, chat with zyga for pointers to code describing existing interfaces. Should be a simple patch to work up.

Related

Change size of taskbar applet
USB-based external TPM?
Why is Windows 11 not supported on my hardware?
Weird black rectangle in Word's headings
How do I change or set a specific author name for my comments on Microsoft Word 2016
How can I pull the thumbprint out of a SSL certificate FILE (not the windows cert store)?
Can I get certificates for other recipients of an encrypted email?
Fedora 31: "Please install the Linux kernel "header" files matching the current kernel for adding new hardware support to the system" in VirtualBox
Diagnostics and usage data option disabled? [duplicate]
How do I keep a large directory that is located inside WSL2, in sync with another one in Windows?
Remove BIOS password for HP ProBook 645 G2 [duplicate]
How do I get my eSATA drive working in Windows 7 x64?