func removeSnapSecurity(task *state.Task, snapName string) error { st := task.State() for _, backend := range securityBackends { st.Unlock() err := backend.Remove(snapName) st.Lock() if err != nil { task.Errorf("cannot setup %s for snap %q: %s", backend.Name(), snapName, err) return err } } return nil }
func setupSnapSecurity(task *state.Task, snapInfo *snap.Info, repo *interfaces.Repository) error { st := task.State() var snapState snapstate.SnapState snapName := snapInfo.Name() if err := snapstate.Get(st, snapName, &snapState); err != nil { task.Errorf("cannot get state of snap %q: %s", snapName, err) return err } for _, backend := range securityBackends { st.Unlock() err := backend.Setup(snapInfo, snapState.DevMode(), repo) st.Lock() if err != nil { task.Errorf("cannot setup %s for snap %q: %s", backend.Name(), snapName, err) return err } } return nil }
func (m *InterfaceManager) doSetupProfiles(task *state.Task, _ *tomb.Tomb) error { task.State().Lock() defer task.State().Unlock() // Get snap.Info from bits handed by the snap manager. ss, err := snapstate.TaskSnapSetup(task) if err != nil { return err } snapInfo, err := snapstate.Info(task.State(), ss.Name, ss.Revision) if err != nil { return err } snap.AddImplicitSlots(snapInfo) snapName := snapInfo.Name() var snapState snapstate.SnapState if err := snapstate.Get(task.State(), snapName, &snapState); err != nil { task.Errorf("cannot get state of snap %q: %s", snapName, err) return err } // Set DevMode flag if SnapSetup.Flags indicates it should be done // but remember the old value in the task in case we undo. task.Set("old-devmode", snapState.DevMode()) if ss.DevMode() { snapState.Flags |= snapstate.DevMode } else { snapState.Flags &= ^snapstate.DevMode } snapstate.Set(task.State(), snapName, &snapState) // The snap may have been updated so perform the following operation to // ensure that we are always working on the correct state: // // - disconnect all connections to/from the given snap // - remembering the snaps that were affected by this operation // - remove the (old) snap from the interfaces repository // - add the (new) snap to the interfaces repository // - restore connections based on what is kept in the state // - if a connection cannot be restored then remove it from the state // - setup the security of all the affected snaps blacklist := m.repo.AutoConnectBlacklist(snapName) affectedSnaps, err := m.repo.DisconnectSnap(snapName) if err != nil { return err } // XXX: what about snap renames? We should remove the old name (or switch // to IDs in the interfaces repository) if err := m.repo.RemoveSnap(snapName); err != nil { return err } if err := m.repo.AddSnap(snapInfo); err != nil { if _, ok := err.(*interfaces.BadInterfacesError); ok { logger.Noticef("%s", err) } else { return err } } if err := m.reloadConnections(snapName); err != nil { return err } if err := m.autoConnect(task, snapName, blacklist); err != nil { return err } if len(affectedSnaps) == 0 { affectedSnaps = append(affectedSnaps, snapInfo) } for _, snapInfo := range affectedSnaps { if err := setupSnapSecurity(task, snapInfo, m.repo); err != nil { return state.Retry } } return nil }