github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/interfaces/systemd/backend.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016-2017 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  // Package systemd implements integration between snappy interfaces and
    21  // arbitrary systemd units that may be required for "oneshot" style tasks.
    22  package systemd
    23  
    24  import (
    25  	"fmt"
    26  	"os"
    27  	"path/filepath"
    28  	"time"
    29  
    30  	"github.com/snapcore/snapd/dirs"
    31  	"github.com/snapcore/snapd/interfaces"
    32  	"github.com/snapcore/snapd/logger"
    33  	"github.com/snapcore/snapd/osutil"
    34  	"github.com/snapcore/snapd/snap"
    35  	sysd "github.com/snapcore/snapd/systemd"
    36  	"github.com/snapcore/snapd/timings"
    37  )
    38  
    39  // Backend is responsible for maintaining apparmor profiles for ubuntu-core-launcher.
    40  type Backend struct {
    41  	preseed bool
    42  }
    43  
    44  // Initialize does nothing.
    45  func (b *Backend) Initialize(opts *interfaces.SecurityBackendOptions) error {
    46  	if opts != nil && opts.Preseed {
    47  		b.preseed = true
    48  	}
    49  	return nil
    50  }
    51  
    52  // Name returns the name of the backend.
    53  func (b *Backend) Name() interfaces.SecuritySystem {
    54  	return interfaces.SecuritySystemd
    55  }
    56  
    57  // Setup creates and starts systemd services specific to a given snap.
    58  //
    59  // This method should be called after changing plug, slots, connections between
    60  // them or application present in the snap.
    61  func (b *Backend) Setup(snapInfo *snap.Info, confinement interfaces.ConfinementOptions, repo *interfaces.Repository, tm timings.Measurer) error {
    62  	// Record all the extra systemd services for this snap.
    63  	snapName := snapInfo.InstanceName()
    64  	// Get the services that apply to this snap
    65  	spec, err := repo.SnapSpecification(b.Name(), snapName)
    66  	if err != nil {
    67  		return fmt.Errorf("cannot obtain systemd services for snap %q: %s", snapName, err)
    68  	}
    69  	content := deriveContent(spec.(*Specification), snapInfo)
    70  	// synchronize the content with the filesystem
    71  	dir := dirs.SnapServicesDir
    72  	if err := os.MkdirAll(dir, 0755); err != nil {
    73  		return fmt.Errorf("cannot create directory for systemd services %q: %s", dir, err)
    74  	}
    75  	glob := interfaces.InterfaceServiceName(snapName, "*")
    76  
    77  	var systemd sysd.Systemd
    78  	if b.preseed {
    79  		systemd = sysd.NewEmulationMode(dirs.GlobalRootDir)
    80  	} else {
    81  		systemd = sysd.New(dirs.GlobalRootDir, sysd.SystemMode, &dummyReporter{})
    82  	}
    83  
    84  	// We need to be carefully here and stop all removed service units before
    85  	// we remove their files as otherwise systemd is not able to disable/stop
    86  	// them anymore.
    87  	if err := b.disableRemovedServices(systemd, dir, glob, content); err != nil {
    88  		logger.Noticef("cannot stop removed services: %s", err)
    89  	}
    90  	changed, removed, errEnsure := osutil.EnsureDirState(dir, glob, content)
    91  	// Reload systemd whenever something is added or removed
    92  	if !b.preseed && (len(changed) > 0 || len(removed) > 0) {
    93  		err := systemd.DaemonReload()
    94  		if err != nil {
    95  			logger.Noticef("cannot reload systemd state: %s", err)
    96  		}
    97  	}
    98  	// Ensure the service is running right now and on reboots
    99  	for _, service := range changed {
   100  		if err := systemd.Enable(service); err != nil {
   101  			logger.Noticef("cannot enable service %q: %s", service, err)
   102  		}
   103  		if !b.preseed {
   104  			// If we have a new service here which isn't started yet the restart
   105  			// operation will start it.
   106  			if err := systemd.Restart(service, 10*time.Second); err != nil {
   107  				logger.Noticef("cannot restart service %q: %s", service, err)
   108  			}
   109  		}
   110  	}
   111  	return errEnsure
   112  }
   113  
   114  // Remove disables, stops and removes systemd services of a given snap.
   115  func (b *Backend) Remove(snapName string) error {
   116  	systemd := sysd.New(dirs.GlobalRootDir, sysd.SystemMode, &dummyReporter{})
   117  	// Remove all the files matching snap glob
   118  	glob := interfaces.InterfaceServiceName(snapName, "*")
   119  	_, removed, errEnsure := osutil.EnsureDirState(dirs.SnapServicesDir, glob, nil)
   120  	for _, service := range removed {
   121  		if err := systemd.Disable(service); err != nil {
   122  			logger.Noticef("cannot disable service %q: %s", service, err)
   123  		}
   124  		if !b.preseed {
   125  			if err := systemd.Stop(service, 5*time.Second); err != nil {
   126  				logger.Noticef("cannot stop service %q: %s", service, err)
   127  			}
   128  		}
   129  	}
   130  	// Reload systemd whenever something is removed
   131  	if !b.preseed && len(removed) > 0 {
   132  		err := systemd.DaemonReload()
   133  		if err != nil {
   134  			logger.Noticef("cannot reload systemd state: %s", err)
   135  		}
   136  	}
   137  	return errEnsure
   138  }
   139  
   140  // NewSpecification returns a new systemd specification.
   141  func (b *Backend) NewSpecification() interfaces.Specification {
   142  	return &Specification{}
   143  }
   144  
   145  // SandboxFeatures returns nil
   146  func (b *Backend) SandboxFeatures() []string {
   147  	return nil
   148  }
   149  
   150  // deriveContent computes .service files based on requests made to the specification.
   151  func deriveContent(spec *Specification, snapInfo *snap.Info) map[string]osutil.FileState {
   152  	services := spec.Services()
   153  	if len(services) == 0 {
   154  		return nil
   155  	}
   156  	content := make(map[string]osutil.FileState)
   157  	for name, service := range services {
   158  		content[name] = &osutil.MemoryFileState{
   159  			Content: []byte(service.String()),
   160  			Mode:    0644,
   161  		}
   162  	}
   163  	return content
   164  }
   165  
   166  func (b *Backend) disableRemovedServices(systemd sysd.Systemd, dir, glob string, content map[string]osutil.FileState) error {
   167  	paths, err := filepath.Glob(filepath.Join(dir, glob))
   168  	if err != nil {
   169  		return err
   170  	}
   171  	for _, path := range paths {
   172  		service := filepath.Base(path)
   173  		if content[service] == nil {
   174  			if err := systemd.Disable(service); err != nil {
   175  				logger.Noticef("cannot disable service %q: %s", service, err)
   176  			}
   177  			if !b.preseed {
   178  				if err := systemd.Stop(service, 5*time.Second); err != nil {
   179  					logger.Noticef("cannot stop service %q: %s", service, err)
   180  				}
   181  			}
   182  		}
   183  	}
   184  	return nil
   185  }
   186  
   187  type dummyReporter struct{}
   188  
   189  func (dr *dummyReporter) Notify(msg string) {
   190  }