From bd6738a105b9a982640a0583117fd1d71b7ec711 Mon Sep 17 00:00:00 2001 From: Philip Meulengracht Date: Fri, 17 Apr 2026 10:53:43 +0200 Subject: [PATCH 1/3] docs/reference/administration/system-options: add interface option --- docs/reference/administration/system-options.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/reference/administration/system-options.md b/docs/reference/administration/system-options.md index 3ab169d..89aca47 100644 --- a/docs/reference/administration/system-options.md +++ b/docs/reference/administration/system-options.md @@ -91,6 +91,22 @@ See {ref}`Home directories outside of ‘/home’ > ⓘ Available since snapd _2.59_. +## system interface + +Allows configuring certain behaviour of individual interface rules. For now, the only allowed option is to configure the auto-connection. + +- **.allow-auto-connection**: configure auto-connection rules for the interface, options are `{false|true|verified}`. + * `false` or `true` controls whether any auto-connection is allowed at all. + * `verified` means that only snaps carrying a snap declaration can auto-connect this interface. + +The following example would configure the `x11` interface +to disallow all auto-connections: + +``` +snap set system interface.x11.allow-auto-connection=false +``` + + ## system resilience.vitality-hint This option adjusts the Linux kernel's out-of-memory ([OOM](https://www.kernel.org/doc/gorman/html/understand/understand016.html)) killer behaviour for specific snap services. From 008492064063fff1e0c3481a99c900e2bf6c414a Mon Sep 17 00:00:00 2001 From: Philip Meulengracht Date: Fri, 17 Apr 2026 11:03:49 +0200 Subject: [PATCH 2/3] docs/refererence/administration/system-options: add a snapd requirement for the new option --- docs/reference/administration/system-options.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/administration/system-options.md b/docs/reference/administration/system-options.md index 89aca47..1d2c09e 100644 --- a/docs/reference/administration/system-options.md +++ b/docs/reference/administration/system-options.md @@ -106,6 +106,7 @@ to disallow all auto-connections: snap set system interface.x11.allow-auto-connection=false ``` +> ⓘ Available since snapd _2.73_. ## system resilience.vitality-hint From 7a14c48ec2d72746138f341785455950d932685a Mon Sep 17 00:00:00 2001 From: Philip Meulengracht Date: Fri, 17 Apr 2026 12:30:02 +0200 Subject: [PATCH 3/3] docs/reference/administration/system-options: improvements to how the things are formulated based on feedback from @degville --- docs/reference/administration/system-options.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/administration/system-options.md b/docs/reference/administration/system-options.md index 1d2c09e..1a01e12 100644 --- a/docs/reference/administration/system-options.md +++ b/docs/reference/administration/system-options.md @@ -93,14 +93,14 @@ See {ref}`Home directories outside of ‘/home’ ## system interface -Allows configuring certain behaviour of individual interface rules. For now, the only allowed option is to configure the auto-connection. +Permits specific interfaces options to be changed . The only option currently supported is interface [auto-connection](https://snapcraft.io/docs/explanation/interfaces/interface-auto-connection/). -- **.allow-auto-connection**: configure auto-connection rules for the interface, options are `{false|true|verified}`. - * `false` or `true` controls whether any auto-connection is allowed at all. +- **interface.allow-auto-connection**: configure auto-connection rules for the interface, options are `{false|true|verified}`. + * `false` or `true` controls whether auto-connections are permitted. * `verified` means that only snaps carrying a snap declaration can auto-connect this interface. The following example would configure the `x11` interface -to disallow all auto-connections: +to deny all auto-connections: ``` snap set system interface.x11.allow-auto-connection=false