github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-confine/mount-support.h

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-confine/mount-support.h (about)

     1  /*
     2   * Copyright (C) 2015 Canonical Ltd
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License version 3 as
     6   * published by the Free Software Foundation.
     7   *
     8   * This program is distributed in the hope that it will be useful,
     9   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11   * GNU General Public License for more details.
    12   *
    13   * You should have received a copy of the GNU General Public License
    14   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15   *
    16   */
    17  
    18  #ifndef SNAP_MOUNT_SUPPORT_H
    19  #define SNAP_MOUNT_SUPPORT_H
    20  
    21  #include "../libsnap-confine-private/apparmor-support.h"
    22  #include "snap-confine-invocation.h"
    23  #include <sys/types.h>
    24  
    25  /**
    26   * Assuming a new mountspace, populate it accordingly.
    27   *
    28   * This function performs many internal tasks:
    29   * - prepares and chroots into the core snap (on classic systems)
    30   * - creates private /tmp
    31   * - creates private /dev/pts
    32   * - processes mount profiles
    33   **/
    34  void sc_populate_mount_ns(struct sc_apparmor *apparmor, int snap_update_ns_fd,
    35  			  const sc_invocation * inv, const gid_t real_gid,
    36  			  const gid_t saved_gid);
    37  
    38  /**
    39   * Ensure that / or /snap is mounted with the SHARED option.
    40   *
    41   * If the system is found to be not having a shared mount for "/"
    42   * snap-confine will create a shared bind mount for "/snap" to
    43   * ensure that "/snap" is mounted shared. See LP:#1668659
    44   */
    45  void sc_ensure_shared_snap_mount(void);
    46  
    47  /**
    48   * Set up user mounts, private to this process.
    49   *
    50   * If any user mounts have been configured for this process, this does
    51   * the following:
    52   * - create a new mount namespace
    53   * - reconfigure all existing mounts to slave mode
    54   * - perform all user mounts
    55   */
    56  void sc_setup_user_mounts(struct sc_apparmor *apparmor, int snap_update_ns_fd,
    57  			  const char *snap_name);
    58  
    59  /**
    60   * Ensure that SNAP_MOUNT_DIR and /var/snap are mount points.
    61   *
    62   * Create bind mounts and set up shared propagation for SNAP_MOUNT_DIR and
    63   * /var/snap as needed. This allows for further propagation changes after the
    64   * initial mount namespace is unshared.
    65   */
    66  void sc_ensure_snap_dir_shared_mounts(void);
    67  
    68  /**
    69   * Set up mount namespace for parallel installed classic snap
    70   *
    71   * Create bind mounts from instance specific locations to non-instance ones.
    72   */
    73  void sc_setup_parallel_instance_classic_mounts(const char *snap_name,
    74  					       const char *snap_instance_name);
    75  #endif