mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
4c01e47f82
* sandbox/apparmor: Add probing for userns support in host AppArmor Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/builtin/userns: Add new userns interface Add a new super-privileged interface that allows a snap to bypass any AppArmor restrictions on user namespace creation on the host. Since this is only supported in very new AppArmor releases, when the host AppArmor does *not* support this feature, it is implicitly assumed to be allowed. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/browser-support: Add AppArmor userns with allow-sandbox When allow-sandbox is true, and the host system's AppArmor supports mediating userns, ensure we include this permission in the generated AppArmor profile snippet. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/docker-support: Add AppArmor userns support When the host system's AppArmor supports mediating userns, ensure we include this permission in the generated AppArmor profile snippet. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/userns: Add clone to seccomp filter Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/greengrass-support: Add AppArmor userns support When the host system's AppArmor supports mediating userns, ensure we include this permission in the generated AppArmor profile snippet for the privileged mode flavors of this interface. This keeps the AppArmor and seccomp profiles consistent as we also allow unshare in the seccomp profile for these flavors as well. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces: Unit test AppArmor userns in [docker|greengrass]-support Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces: propagate error from apparmor_sandbox.ParserFeatures() If this fails then something is definitely not right so don't silently ignore it. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces: use nil in-place of []string{} for better readability Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/userns: rework AppArmorConnectedPlug() error handling Don't ignore errors from apparmor_sandbox.ParserFeatures() but allow to more concisely handle the case where the parser does not support userns. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/userns: use correct super-privileged base declaration Also declare this slot as implicit on both core and classic since it is provided by the system's AppArmor parser etc. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/userns: fix to wire up interface declaration properly Also fix the associated unit tests to properly test that this interface is super-privileged as expected and is implicit on core / classic too. Signed-off-by: Alex Murray <alex.murray@canonical.com> --------- Signed-off-by: Alex Murray <alex.murray@canonical.com> Co-authored-by: Michael Vogt <mvo@ubuntu.com>