snap-confine

Merge lp:~chipaca/snap-confine/mktmpdir into lp:~snappy-dev/snap-confine/trunk

  1. mktmpdir
  2. Merge into trunk
Proposed by John Lenton
Status: Merged
Merged at revision: 64
Proposed branch: lp:~chipaca/snap-confine/mktmpdir
Merge into: lp:~snappy-dev/snap-confine/trunk
Prerequisite: lp:~chipaca/snap-confine/unshare
Diff against target: 51 lines (+31/-3)
1 file modified
src/main.c (+31/-3)
To merge this branch: bzr merge lp:~chipaca/snap-confine/mktmpdir
Reviewer Review Type Date Requested Status
Michael Vogt (community) Approve
Review via email: mp+259908@code.launchpad.net

Commit message

Make a best-effort attempt at creating the old TMPDIR.

To post a comment you must log in.
Revision history for this message
Michael Vogt (mvo) wrote :

This looks good, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/main.c'
--- src/main.c 2015-05-22 09:39:09 +0000
+++ src/main.c 2015-05-22 09:39:09 +0000
@@ -232,6 +232,32 @@
232 }232 }
233}233}
234234
235// best-effort attempt at creating the old /tmp/snaps/* TMPDIR.
236void mkoldtmpdir() {
237 char *dir = getenv("TMPDIR");
238 if (!dir || !*dir) {
239 // TMPDIR not set, or empty
240 return;
241 }
242
243 if (strncmp(dir, "/tmp/snaps/", strlen("/tmp/snaps/")) != 0) {
244 // TMPDIR is not /tmp/snaps/*
245 return;
246 }
247
248 int n = 4;
249 char buf[MAX_BUF] = "/tmp";
250 char *d = strtok(dir+4, "/");
251 while (d) {
252 n += must_snprintf(buf+n, MAX_BUF-n, "/%s", d);
253 if (mkdir(buf, 01777) < 0) {
254 return;
255 }
256
257 d = strtok(NULL, "/");
258 }
259}
260
235int main(int argc, char **argv)261int main(int argc, char **argv)
236{262{
237 const int NR_ARGS = 3;263 const int NR_ARGS = 3;
@@ -286,9 +312,11 @@
286 die("dropping privs did not work");312 die("dropping privs did not work");
287 }313 }
288314
289 //https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement#ubuntu-snapp-launch315 mkoldtmpdir();
290316
291 int rc = 0;317 //https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement#ubuntu-snapp-launch
318
319 int rc = 0;
292 // set apparmor rules320 // set apparmor rules
293 rc = aa_change_onexec(aa_profile);321 rc = aa_change_onexec(aa_profile);
294 if (rc != 0) {322 if (rc != 0) {

Subscribers

People subscribed via source and target branches