Comment 2 for bug 1646144

Per pitti:

09:14 < pitti> ogra_: right, /lib/udev/rules.d/70-uaccess.rules tags such devices as "uaccess" and 73-seat-late.rules calls the "uaccess" builtin

So, simply seeding acl will hopefully give us everything that 70-uaccess.rules and 73-seat-late.rules gives, which would be great for things like audio.

For things not covered by udev and systemd automatically, we could use setfacl to tag things via udev rules. Eg, serial devices are root:dialout 0660 and have no udev ACLs on them. Ubuntu Core systems can't update /etc/group because it is readonly and extrausers can't be used to add people to system groups. For a simple example, it would be possible to add a 'snap.dialout' group to extrausers and then add a udev rule to setfacl tty devices (or maybe use the uaccess mechanism) to 'snap.dialout' so that `sudo adduser --extrausers foo snap.dialout` would grant access to the tty devices. This could be done by a new ACL interface backend that deals with device access.

We could also integrate this directly into interfaces; this needs a bit of design but seems tractable. Eg:

 * serial-port interface adds snap.serial-port group to extrausers (if not present) and udev ACL for the serial port devices it handles
 * hidraw interface adds snap.hidraw group to extrausers (if not present) and udev ACL for the hidraw devices it handles
 * i2c ...
 * gpio ...
 * ...