token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
patch-1
snapd/systemd/escape.go
Andrew Phelps c679f43577 s/cgroup, systemd: escape systemd unit names in CreateTransientScopeForTracking (#13763) 
* systemd: add function that implements "systemd-escape" in addition to already existing "systemd-escape --path"

* s/cgroup: escape created unit name in CreateTransientScopeForTracking

With the addition of component hooks, we'll have unit names that include
a '+', like 'snap.snapname+comp.hook.install'. This causes systemd to
complain that the unit isn't properly escaped. On the command line,
systemd-run will properly escape this for you (with a warning), but the
dbus API doesn't do that.

* s/naming: teach ParseSecurityTag to handle tags from component hooks

* Revert "systemd: add function that implements "systemd-escape" in addition to already existing "systemd-escape --path""

This reverts commit 0521600ec8fa785b69d2b7a85fa8da9be4938a5a.

* systemd: add functions for escaping security tags to valid systemd unit names

We must at least partially escape unit names that are created from
security tags, since they may potentially contain '+' characters from
snap components.

Since we already use unit names with '-' in them, we cannot simply use a
reimplementation of systemd-escape. This is because '-' is escaped by
systemd-escape. Note that '-' is a valid character is a unit name, since
it is used as the replacement for the '/' character by systemd-escapes.

Thus, we have our own functions for converting a security tag to a unit
name, and the inverse. These functions only escape the '+' character
that appears in security tags.

* s/cgroup: use new conversions from security tags to unit names, and the inverse

* systemd: update doc comment on UnitNameFromSecurityTag

Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>

* s/naming: add ComponentName method to HookSecurityTag interface

* systemd: split tests for UnitNameFromSecurityTag and SecurityTagFromUnitName

* s/naming: add test for invalid snap instance that is a part of a component

* s/naming: refactor ParseSecurityTag to clarify that components cannot have apps yet

* systemd, s/cgroup: rename security tag and unit name conversion functions for clarity

---------

Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
2024-04-17 15:50:00 +02:00

115 lines
3.6 KiB
Go
Raw Permalink Blame History

// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2014-2015 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package systemd
import (
"bytes"
"fmt"
"path/filepath"
"strings"
)
const allowed = `:_.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`
// EscapeUnitNamePath works like systemd-escape --path
// FIXME: we could use github.com/coreos/go-systemd/unit/escape.go and EscapePath
// from it. But that's not in the archive and it won't work with go1.3
func EscapeUnitNamePath(in string) string {
// "" is the same as "/" which is escaped to "-"
// the filepath.Clean will turn "" into "." and make this incorrect
if len(in) == 0 {
return "-"
}
buf := bytes.NewBuffer(nil)
// clean and trim leading/trailing "/"
in = filepath.Clean(in)
in = strings.Trim(in, "/")
// empty strings is "/"
if len(in) == 0 {
in = "/"
}
// leading "." is special
if in[0] == '.' {
fmt.Fprintf(buf, `\x%x`, in[0])
in = in[1:]
}
// replace all special chars
for i := 0; i < len(in); i++ {
c := in[i]
if c == '/' {
buf.WriteByte('-')
} else if strings.IndexByte(allowed, c) >= 0 {
buf.WriteByte(c)
} else {
fmt.Fprintf(buf, `\x%x`, []byte{in[i]})
}
}
return buf.String()
}
// SecurityTagToUnitName converts a security tag to a unit name. It also
// verifies that no unhandled characters are present in the security tag. Valid
// characters are: a-z, A-Z, 0-9, '_', '-', '.' and '+'. All characters are
// passed through, except for the '+' character, which is converted to '\x2b'.
//
// Note that this is not the same as systemd-escape, since systemd-escape
// escapes the '-' character. Due to historical reasons, snapd uses the '-'
// character in unit names. Note that these are still valid unit names, since
// '-' is used by systemd-escape to represent the '/' character.
//
// To allow us to correctly convert between security tags and unit names (and to
// maintain snapd's usage of '-' in unit names), this implementation only
// escapes the '+' character, which was introduced with snap components.
//
// Examples of conversion:
// - "snap.name.app" -> "snap.name.app"
// - "snap.some-name.some-app" -> "snap.some-name.some-app"
// - "snap.name+comp.hook.install" -> "snap.name\x2bcomp.hook.install"
func SecurityTagToUnitName(tag string) (string, error) {
var builder strings.Builder
for _, c := range tag {
switch {
case c >= 'a' && c <= 'z', c >= 'A' && c <= 'Z', c >= '0' && c <= '9', c == '_', c == '-', c == '.':
builder.WriteRune(c)
case c == '+':
builder.WriteString(`\x2b`)
default:
return "", fmt.Errorf("invalid character in security tag: %q", c)
}
}
return builder.String(), nil
}
// UnitNameToSecurityTag converts a unit name to a security tag. Currently,
// the only character that is unescaped is the '+' character.
//
// See UnitNameFromSecurityTag for more information.
//
// Examples of conversion:
// - "snap.name.app" -> "snap.name.app"
// - "snap.name\x2bcomp.hook.install" -> "snap.name+comp.hook.install"
func UnitNameToSecurityTag(unitName string) string {
return strings.ReplaceAll(unitName, `\x2b`, "+")
}
Reference in New Issue View Git Blame Copy Permalink