gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/system_source_code.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2020 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 // https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#usrsrcSourceCode 23 const systemSourceCodeSummary = `allows read-only access to /usr/src on the system` 24 25 // Manually connected since this reveals kernel config, patches, etc of the 26 // running system which may or may not correspond to public distro packages 27 // as mapped from 'uname -r' 28 const systemSourceCodeBaseDeclarationSlots = ` 29 system-source-code: 30 allow-installation: 31 slot-snap-type: 32 - core 33 deny-auto-connection: true 34 ` 35 36 const systemSourceCodeConnectedPlugAppArmor = ` 37 # Description: can access /usr/src for kernel headers, etc 38 /usr/src/{,**} r, 39 ` 40 41 type systemSourceCodeInterface struct { 42 commonInterface 43 } 44 45 func init() { 46 registerIface(&systemSourceCodeInterface{ 47 commonInterface: commonInterface{ 48 name: "system-source-code", 49 summary: systemSourceCodeSummary, 50 implicitOnCore: true, 51 implicitOnClassic: true, 52 baseDeclarationSlots: systemSourceCodeBaseDeclarationSlots, 53 connectedPlugAppArmor: systemSourceCodeConnectedPlugAppArmor, 54 }, 55 }) 56 }