Documentation
¶
Overview ¶
snapconf package contains the code required when code is run under snapd as snap package. It is named snapconf because snap directory name under root is reserved by snapctl.
Index ¶
Constants ¶
const ( EnvSnapName = "SNAP_NAME" EnvSnapRealHome = "SNAP_REAL_HOME" // from snapd version 2.46 EnvSnapUserCommon = "SNAP_USER_COMMON" EnvSnapUserData = "SNAP_USER_DATA" )
Variables ¶
This section is empty.
Functions ¶
func IsUnderSnap ¶
func IsUnderSnap() bool
IsUnderSnap defines whether the current process is executed under snapd
func RealUserHomeDir ¶
func RealUserHomeDir() string
Types ¶
type ConnChecker ¶
type ConnChecker struct {
// contains filtered or unexported fields
}
ConnChecker is a gRPC middleware which checks whether all necessary snap interfaces are connected to the package and returns a corresponding error message to the client so it can inform users on manual actions needed. NOTE: It is solely designed for UX purposes and not security. Security is handled by the AppArmor under the snapd.
func NewConnChecker ¶
func NewConnChecker( requirements []Interface, recommendations []Interface, publisherErr events.Publisher[error], ) *ConnChecker
NewConnChecker is a constructor for the ConnChecker. It constructs it with a set of hardcoded pre-defined requirement list. It is assumed that constructor is called once in the beginning of the process and it defines whether it makes sense to suggest snap to recommend process restart on specific interface connections. Parameters:
- requirements - list of requirements used in this process
- recommendations - list of requirements to be recommended via gRPC in case of a checker error. It may be useful if multiple services are running under the same snap and they require different snap connections. but for smooth UX user is recommended to connect everything at once. E. g. nordvpnd + nordfileshared
- publisherErr - publisher for error reporting
func NewSnapChecker ¶
func NewSnapChecker(publisherErr events.Publisher[error]) *ConnChecker
NewSnapChecker snap permission checker with specific setup
func (*ConnChecker) PermissionCheck ¶
func (c *ConnChecker) PermissionCheck() error
func (*ConnChecker) StreamInterceptor ¶
func (c *ConnChecker) StreamInterceptor( srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, ) error
func (*ConnChecker) UnaryInterceptor ¶
func (c *ConnChecker) UnaryInterceptor( ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ) (interface{}, error)
type Interface ¶
type Interface string
Interface defines a snap interface as described in https://snapcraft.io/docs/supported-interfaces
const ( InterfaceNetwork Interface = "network" InterfaceNetworkBind Interface = "network-bind" InterfaceNetworkControl Interface = "network-control" InterfaceFirewallControl Interface = "firewall-control" InterfaceNetworkObserve Interface = "network-observe" InterfaceHome Interface = "home" InterfaceLoginSessionObserve Interface = "login-session-observe" InterfaceSystemObserve Interface = "system-observe" InterfaceHardwareObserve Interface = "hardware-observe" )
NOTE: Some of the interfaces require restart of the service. This is achieved by using snap hooks see snap/hooks directory. For more information see the docs: https://snapcraft.io/docs/interface-hooks.
Source Files
Directories