Use systemd-tmpfiles to create the private tmp mount namespace root
dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive
permissions. We can use this as a known location to then create per-snap
private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE)
etc.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
The sudo secure_path setting resets the PATH to some predefined value for
commands executed under sudo. We have tried to workaround
https://bugzilla.redhat.com/show_bug.cgi?id=1691996 by trying to extend the
secure_path in a drop in conf files. This approach does not work for 2 reasons:
- the file is incorrectly named
- secure_path is a string and += append only works on lists (eg. env_keep)
Since there is no clear way to fix the problem other than talking with
distributions, drop the workaround. We can always revert the patch when needed.
Fixes: https://bugs.launchpad.net/snapd/+bug/1882215
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Generally speaking, applications provided as snaps should behave in all
the same ways that native packages should, and that includes being usable
with sudo(8). In order for this to work, we need to configure sudo to add
the snap binary directory to the search path.
Resolves: RH#1691996
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
This addresses LP: 1771858 and ensures that /snap/bin is available in
the PATH everywhere. This superseeds #5226 which was using a full
generator but we really just need the simpler environment conf file.
Add support for `snap userd --autostart`. The command is expected to be run as part of user session startup and is responsible for starting snap applications that have placed a proper `*.desktop` file in `$SNAP_USER_DATA/.config/autostart`. The desktop file is matched against `autostart` declaration in snap's YAML.
For details see https://forum.snapcraft.io/t/development-sprint-march-5th-2018/4345/2
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
