github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/interfaces/backend.go

github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/interfaces/backend.go (about)

1 // -*- Mode: Go; indent-tabs-mode: t -*-
2
3 /*
4 * Copyright (C) 2016 Canonical Ltd
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 3 as
8 * published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 *
18 */
19
20 package interfaces
21
22 import (
23 "github.com/snapcore/snapd/snap"
24 "github.com/snapcore/snapd/timings"
25 )
26
27 // ConfinementOptions describe confinement configuration.
28 //
29 // The confinement system controls the initial layout of the mount namespace as
30 // well as the set of actions a process is allowed to perform. Confinement is
31 // initially defined by the ConfinementType declared by the snap. It can be
32 // either "strict", "devmode" or "classic".
33 //
34 // The "strict" type uses mount layout that puts the core snap as the root
35 // filesystem and provides strong isolation from the system and from other
36 // snaps. Violations cause permission errors or mandatory process termination.
37 //
38 // The "devmode" type uses the same mount layout as "strict" but switches
39 // confinement to non-enforcing mode whenever possible. Violations that would
40 // result in permission error or process termination are instead permitted. A
41 // diagnostic message is logged when this occurs.
42 //
43 // The "classic" type uses mount layout that is identical to the runtime of the
44 // classic system snapd runs in, in other words there is no "chroot". Most of
45 // the confinement is lifted, specifically there's no seccomp filter being
46 // applied and apparmor is using complain mode by default.
47 //
48 // The three types defined above map to some combinations of the three flags
49 // defined below.
50 //
51 // The DevMode flag attempts to switch all confinement facilities into
52 // non-enforcing mode even if the snap requested otherwise.
53 //
54 // The JailMode flag attempts to switch all confinement facilities into
55 // enforcing mode even if the snap requested otherwise.
56 //
57 // The Classic flag switches the layout of the mount namespace so that there's
58 // no "chroot" to the core snap.
59 type ConfinementOptions struct {
60 // DevMode flag switches confinement to non-enforcing mode.
61 DevMode bool
62 // JailMode flag switches confinement to enforcing mode.
63 JailMode bool
64 // Classic flag switches the core snap "chroot" off.
65 Classic bool
66 }
67
68 // SecurityBackendOptions carries extra flags that affect initialization of the
69 // backends.
70 type SecurityBackendOptions struct {
71 // Preseed flag is set when snapd runs in preseed mode.
72 Preseed bool
73 }
74
75 // SecurityBackend abstracts interactions between the interface system and the
76 // needs of a particular security system.
77 type SecurityBackend interface {
78 // Initialize performs any initialization required by the backend.
79 // It is called during snapd startup process.
80 Initialize(opts *SecurityBackendOptions) error
81
82 // Name returns the name of the backend.
83 // This is intended for diagnostic messages.
84 Name() SecuritySystem
85
86 // Setup creates and loads security artefacts specific to a given snap.
87 // The snap can be in one of three kids onf confinement (strict mode,
88 // developer mode or classic mode). In the last two security violations
89 // are non-fatal to the offending application process.
90 //
91 // This method should be called after changing plug, slots, connections
92 // between them or application present in the snap.
93 Setup(snapInfo *snap.Info, opts ConfinementOptions, repo *Repository, tm timings.Measurer) error
94
95 // Remove removes and unloads security artefacts of a given snap.
96 //
97 // This method should be called during the process of removing a snap.
98 Remove(snapName string) error
99
100 // NewSpecification returns a new specification associated with this backend.
101 NewSpecification() Specification
102
103 // SandboxFeatures returns a list of tags that identify sandbox features.
104 SandboxFeatures() []string
105 }
106
107 // SecurityBackendSetupMany interface may be implemented by backends that can optimize their operations
108 // when setting up multiple snaps at once.
109 type SecurityBackendSetupMany interface {
110 // SetupMany creates and loads apparmor profiles of multiple snaps. It tries to process all snaps and doesn't interrupt processing
111 // on errors of individual snaps.
112 SetupMany(snaps []*snap.Info, confinement func(snapName string) ConfinementOptions, repo *Repository, tm timings.Measurer) []error
113 }
114
115 // SecurityBackendDiscardingLate interface may be implemented by backends that
116 // support removal snap profiles late during the very last step of the snap
117 // remove process, typically long after the SecuityBackend.Remove() has been
118 // invoked.
119 type SecurityBackendDiscardingLate interface {
120 // RemoveLate removes the security profiles of a snap at the very last
121 // step of the remove change.
122 RemoveLate(snapName string, rev snap.Revision, typ snap.Type) error
123 }