github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/backend.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package interfaces
    21  
    22  import (
    23  	"github.com/snapcore/snapd/snap"
    24  	"github.com/snapcore/snapd/timings"
    25  )
    26  
    27  // ConfinementOptions describe confinement configuration.
    28  //
    29  // The confinement system controls the initial layout of the mount namespace as
    30  // well as the set of actions a process is allowed to perform. Confinement is
    31  // initially defined by the ConfinementType declared by the snap. It can be
    32  // either "strict", "devmode" or "classic".
    33  //
    34  // The "strict" type uses mount layout that puts the core snap as the root
    35  // filesystem and provides strong isolation from the system and from other
    36  // snaps. Violations cause permission errors or mandatory process termination.
    37  //
    38  // The "devmode" type uses the same mount layout as "strict" but switches
    39  // confinement to non-enforcing mode whenever possible. Violations that would
    40  // result in permission error or process termination are instead permitted. A
    41  // diagnostic message is logged when this occurs.
    42  //
    43  // The "classic" type uses mount layout that is identical to the runtime of the
    44  // classic system snapd runs in, in other words there is no "chroot". Most of
    45  // the confinement is lifted, specifically there's no seccomp filter being
    46  // applied and apparmor is using complain mode by default.
    47  //
    48  // The three types defined above map to some combinations of the three flags
    49  // defined below.
    50  //
    51  // The DevMode flag attempts to switch all confinement facilities into
    52  // non-enforcing mode even if the snap requested otherwise.
    53  //
    54  // The JailMode flag attempts to switch all confinement facilities into
    55  // enforcing mode even if the snap requested otherwise.
    56  //
    57  // The Classic flag switches the layout of the mount namespace so that there's
    58  // no "chroot" to the core snap.
    59  type ConfinementOptions struct {
    60  	// DevMode flag switches confinement to non-enforcing mode.
    61  	DevMode bool
    62  	// JailMode flag switches confinement to enforcing mode.
    63  	JailMode bool
    64  	// Classic flag switches the core snap "chroot" off.
    65  	Classic bool
    66  }
    67  
    68  // SecurityBackendOptions carries extra flags that affect initialization of the
    69  // backends.
    70  type SecurityBackendOptions struct {
    71  	// Preseed flag is set when snapd runs in preseed mode.
    72  	Preseed bool
    73  }
    74  
    75  // SecurityBackend abstracts interactions between the interface system and the
    76  // needs of a particular security system.
    77  type SecurityBackend interface {
    78  	// Initialize performs any initialization required by the backend.
    79  	// It is called during snapd startup process.
    80  	Initialize(opts *SecurityBackendOptions) error
    81  
    82  	// Name returns the name of the backend.
    83  	// This is intended for diagnostic messages.
    84  	Name() SecuritySystem
    85  
    86  	// Setup creates and loads security artefacts specific to a given snap.
    87  	// The snap can be in one of three kids onf confinement (strict mode,
    88  	// developer mode or classic mode). In the last two security violations
    89  	// are non-fatal to the offending application process.
    90  	//
    91  	// This method should be called after changing plug, slots, connections
    92  	// between them or application present in the snap.
    93  	Setup(snapInfo *snap.Info, opts ConfinementOptions, repo *Repository, tm timings.Measurer) error
    94  
    95  	// Remove removes and unloads security artefacts of a given snap.
    96  	//
    97  	// This method should be called during the process of removing a snap.
    98  	Remove(snapName string) error
    99  
   100  	// NewSpecification returns a new specification associated with this backend.
   101  	NewSpecification() Specification
   102  
   103  	// SandboxFeatures returns a list of tags that identify sandbox features.
   104  	SandboxFeatures() []string
   105  }
   106  
   107  // SecurityBackendSetupMany interface may be implemented by backends that can optimize their operations
   108  // when setting up multiple snaps at once.
   109  type SecurityBackendSetupMany interface {
   110  	// SetupMany creates and loads apparmor profiles of multiple snaps. It tries to process all snaps and doesn't interrupt processing
   111  	// on errors of individual snaps.
   112  	SetupMany(snaps []*snap.Info, confinement func(snapName string) ConfinementOptions, repo *Repository, tm timings.Measurer) []error
   113  }