github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/backend.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package interfaces 21 22 import ( 23 "github.com/snapcore/snapd/snap" 24 "github.com/snapcore/snapd/timings" 25 ) 26 27 // ConfinementOptions describe confinement configuration. 28 // 29 // The confinement system controls the initial layout of the mount namespace as 30 // well as the set of actions a process is allowed to perform. Confinement is 31 // initially defined by the ConfinementType declared by the snap. It can be 32 // either "strict", "devmode" or "classic". 33 // 34 // The "strict" type uses mount layout that puts the core snap as the root 35 // filesystem and provides strong isolation from the system and from other 36 // snaps. Violations cause permission errors or mandatory process termination. 37 // 38 // The "devmode" type uses the same mount layout as "strict" but switches 39 // confinement to non-enforcing mode whenever possible. Violations that would 40 // result in permission error or process termination are instead permitted. A 41 // diagnostic message is logged when this occurs. 42 // 43 // The "classic" type uses mount layout that is identical to the runtime of the 44 // classic system snapd runs in, in other words there is no "chroot". Most of 45 // the confinement is lifted, specifically there's no seccomp filter being 46 // applied and apparmor is using complain mode by default. 47 // 48 // The three types defined above map to some combinations of the three flags 49 // defined below. 50 // 51 // The DevMode flag attempts to switch all confinement facilities into 52 // non-enforcing mode even if the snap requested otherwise. 53 // 54 // The JailMode flag attempts to switch all confinement facilities into 55 // enforcing mode even if the snap requested otherwise. 56 // 57 // The Classic flag switches the layout of the mount namespace so that there's 58 // no "chroot" to the core snap. 59 type ConfinementOptions struct { 60 // DevMode flag switches confinement to non-enforcing mode. 61 DevMode bool 62 // JailMode flag switches confinement to enforcing mode. 63 JailMode bool 64 // Classic flag switches the core snap "chroot" off. 65 Classic bool 66 } 67 68 // SecurityBackendOptions carries extra flags that affect initialization of the 69 // backends. 70 type SecurityBackendOptions struct { 71 // Preseed flag is set when snapd runs in preseed mode. 72 Preseed bool 73 } 74 75 // SecurityBackend abstracts interactions between the interface system and the 76 // needs of a particular security system. 77 type SecurityBackend interface { 78 // Initialize performs any initialization required by the backend. 79 // It is called during snapd startup process. 80 Initialize(opts *SecurityBackendOptions) error 81 82 // Name returns the name of the backend. 83 // This is intended for diagnostic messages. 84 Name() SecuritySystem 85 86 // Setup creates and loads security artefacts specific to a given snap. 87 // The snap can be in one of three kids onf confinement (strict mode, 88 // developer mode or classic mode). In the last two security violations 89 // are non-fatal to the offending application process. 90 // 91 // This method should be called after changing plug, slots, connections 92 // between them or application present in the snap. 93 Setup(snapInfo *snap.Info, opts ConfinementOptions, repo *Repository, tm timings.Measurer) error 94 95 // Remove removes and unloads security artefacts of a given snap. 96 // 97 // This method should be called during the process of removing a snap. 98 Remove(snapName string) error 99 100 // NewSpecification returns a new specification associated with this backend. 101 NewSpecification() Specification 102 103 // SandboxFeatures returns a list of tags that identify sandbox features. 104 SandboxFeatures() []string 105 } 106 107 // SecurityBackendSetupMany interface may be implemented by backends that can optimize their operations 108 // when setting up multiple snaps at once. 109 type SecurityBackendSetupMany interface { 110 // SetupMany creates and loads apparmor profiles of multiple snaps. It tries to process all snaps and doesn't interrupt processing 111 // on errors of individual snaps. 112 SetupMany(snaps []*snap.Info, confinement func(snapName string) ConfinementOptions, repo *Repository, tm timings.Measurer) []error 113 }