github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-update-ns/user.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-update-ns/user.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2017-2019 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package main
    21  
    22  import (
    23  	"fmt"
    24  
    25  	"github.com/snapcore/snapd/dirs"
    26  	"github.com/snapcore/snapd/osutil"
    27  )
    28  
    29  // UserProfileUpdateContext contains information about update to per-user mount namespace.
    30  type UserProfileUpdateContext struct {
    31  	CommonProfileUpdateContext
    32  	// uid is the numeric user identifier associated with the user for which
    33  	// the update operation is occurring. It may be the current UID but doesn't
    34  	// need to be.
    35  	uid int
    36  }
    37  
    38  // NewUserProfileUpdateContext returns encapsulated information for performing a per-user mount namespace update.
    39  func NewUserProfileUpdateContext(instanceName string, fromSnapConfine bool, uid int) *UserProfileUpdateContext {
    40  	return &UserProfileUpdateContext{
    41  		CommonProfileUpdateContext: CommonProfileUpdateContext{
    42  			instanceName:       instanceName,
    43  			fromSnapConfine:    fromSnapConfine,
    44  			currentProfilePath: currentUserProfilePath(instanceName, uid),
    45  			desiredProfilePath: desiredUserProfilePath(instanceName),
    46  		},
    47  		uid: uid,
    48  	}
    49  }
    50  
    51  // UID returns the user ID of the mount namespace being updated.
    52  func (upCtx *UserProfileUpdateContext) UID() int {
    53  	return upCtx.uid
    54  }
    55  
    56  // Lock acquires locks / freezes needed to synchronize mount namespace changes.
    57  func (upCtx *UserProfileUpdateContext) Lock() (unlock func(), err error) {
    58  	// TODO: when persistent user mount namespaces are enabled, grab a lock
    59  	// protecting the snap and freeze snap processes here.
    60  	return func() {}, nil
    61  }
    62  
    63  // Assumptions returns information about file system mutability rules.
    64  func (upCtx *UserProfileUpdateContext) Assumptions() *Assumptions {
    65  	// TODO: configure the secure helper and inform it about directories that
    66  	// can be created without trespassing.
    67  	as := &Assumptions{}
    68  	// TODO: Handle /home/*/snap/* when we do per-user mount namespaces and
    69  	// allow defining layout items that refer to SNAP_USER_DATA and
    70  	// SNAP_USER_COMMON.
    71  	return as
    72  }
    73  
    74  // LoadDesiredProfile loads the desired, per-user mount profile, expanding user-specific variables.
    75  func (upCtx *UserProfileUpdateContext) LoadDesiredProfile() (*osutil.MountProfile, error) {
    76  	profile, err := upCtx.CommonProfileUpdateContext.LoadDesiredProfile()
    77  	if err != nil {
    78  		return nil, err
    79  	}
    80  	// TODO: when SNAP_USER_DATA, SNAP_USER_COMMON or other variables relating
    81  	// to the user name and their home directory need to be expanded then
    82  	// handle them here.
    83  	expandXdgRuntimeDir(profile, upCtx.uid)
    84  	return profile, nil
    85  }
    86  
    87  // SaveCurrentProfile does nothing at all.
    88  //
    89  // Per-user mount profiles are not persisted yet.
    90  func (upCtx *UserProfileUpdateContext) SaveCurrentProfile(profile *osutil.MountProfile) error {
    91  	// TODO: when persistent user mount namespaces are enabled save the
    92  	// current, per-user mount profile here.
    93  	return nil
    94  }
    95  
    96  // LoadCurrentProfile returns the empty profile.
    97  //
    98  // Per-user mount profiles are not persisted yet.
    99  func (upCtx *UserProfileUpdateContext) LoadCurrentProfile() (*osutil.MountProfile, error) {
   100  	// TODO: when persistent user mount namespaces are enabled load the
   101  	// current, per-user mount profile here.
   102  	return &osutil.MountProfile{}, nil
   103  }
   104  
   105  // desiredUserProfilePath returns the path of the fstab-like file with the desired, user-specific mount profile for a snap.
   106  func desiredUserProfilePath(snapName string) string {
   107  	return fmt.Sprintf("%s/snap.%s.user-fstab", dirs.SnapMountPolicyDir, snapName)
   108  }
   109  
   110  // currentUserProfilePath returns the path of the fstab-like file with the applied, user-specific mount profile for a snap.
   111  func currentUserProfilePath(snapName string, uid int) string {
   112  	return fmt.Sprintf("%s/snap.%s.%d.user-fstab", dirs.SnapRunNsDir, snapName, uid)
   113  }