Comment 16 for bug 1838038

Just repeating what I said on the forum, I believe this could be implemented through updates to the base snaps with no changes to snapd or any application snaps.

The mdns4_minimal NSS plugin is an 18K binary (which compresses to about 6KB) that delegates its lookups to avahi-daemon using a single purpose lookups-only unix socket protocol (i.e. no D-Bus access). The AppArmor <abstractions/nameservice> policy fragment grants access to this socket, so any snap plugging "network" already has permission to communicate.

If the plugin cannot connect to Avahi, it should error out very quickly.

Updating the base snaps to include the NSS plugin and reference it in their nsswitch.conf file would likely be all that is needed. It should work equally well for applications on classic distros and those on Ubuntu Core with the avahi snap installed.