interfaces/builtin: add devlxd interface implementation

[morphis]

This implements an interface for the socket LXD provides to all instances to allow communication with the hypervisor for additional configuration (e.g. user supplied metadata). See
https://documentation.ubuntu.com/lxd/latest/dev-lxd/ for details on the API itself.

The interface slot is hosted on the core snap and auto connection is denied by default. It allows access to both /dev/lxd/sock and /var/snap/lxd/common/lxd/devlxd/sock as the first is what we have inside VM and the second in container instances.

---

Opening this as a draft to get initial discussion in place and agree if this is the right direction forward. I've picked "devlxd" as name for the interface as that is what LXD calls the feature, however it might be desirable to have something with "lxd-" as prefix to going with the existing names for other LXD related interfaces (lxd-support, lxd).

Note, the spread test still needs adjustments and is not yet meant to work as-is.

Happy to make adjustments as needed :-)

[Copilot]

Pull request overview

This pull request implements a new devlxd interface for snaps to access the LXD devlxd socket, which provides instance information and metadata to applications running inside LXD instances (both VMs and containers).

Key changes:

• Added devlxd interface implementation with AppArmor and SecComp security profiles
• Added comprehensive unit tests for the interface
• Added integration test to verify interface behavior
• Interface denies auto-connection by default and is restricted to core snap slots

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
interfaces/builtin/devlxd.go	Implements the devlxd interface with security profiles and base declarations
interfaces/builtin/devlxd_test.go	Unit tests for the devlxd interface implementation
tests/main/interfaces-devlxd/task.yaml	Integration test verifying devlxd interface functionality

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.45%. Comparing base (b232962) to head (f539404).

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #16320      +/-   ##
==========================================
+ Coverage   77.44%   77.45%   +0.01%     
==========================================
  Files        1338     1337       -1     
  Lines      182247   182226      -21     
  Branches     2437     2437              
==========================================
+ Hits       141143   141150       +7     
+ Misses      32540    32511      -29     
- Partials     8564     8565       +1     

Flag	Coverage Δ
unittests	77.45% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Mon Dec 1 21:49:57 UTC 2025
The following results are from: https://github.com/canonical/snapd/actions/runs/19836860570

Failures:

Executing:

• openstack-ps7:ubuntu-24.04-64:tests/main/interfaces-devlxd

[Copilot]

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.