func runSnapConfine(info *snap.Info, securityTag, snapApp, command, hook string, args []string) error {
if err := createUserDataDirs(info); err != nil {
logger.Noticef("WARNING: cannot create user data directory: %s", err)
}
cmd := []string{
filepath.Join(dirs.LibExecDir, "snap-confine"),
}
if info.NeedsClassic() {
cmd = append(cmd, "--classic")
}
cmd = append(cmd, securityTag)
cmd = append(cmd, filepath.Join(dirs.LibExecDir, "snap-exec"))
if command != "" {
cmd = append(cmd, "--command="+command)
}
if hook != "" {
cmd = append(cmd, "--hook="+hook)
}
// snap-exec is POSIXly-- options must come before positionals.
cmd = append(cmd, snapApp)
cmd = append(cmd, args...)
return syscallExec(cmd[0], cmd, snapenv.ExecEnv(info))
}
// userEnv returns the user-level environment variables for a snap.
// Despite this being a bit snap-specific, this is in helpers.go because it's
// used by so many other modules, we run into circular dependencies if it's
// somewhere more reasonable like the snappy module.
func userEnv(info *snap.Info, home string) map[string]string {
result := map[string]string{
"SNAP_USER_COMMON": info.UserCommonDataDir(home),
"SNAP_USER_DATA": info.UserDataDir(home),
"XDG_RUNTIME_DIR": info.UserXdgRuntimeDir(os.Geteuid()),
}
// For non-classic snaps, we set HOME but on classic allow snaps to see real HOME
if !info.NeedsClassic() {
result["HOME"] = info.UserDataDir(home)
}
return result
}
