func runSnapConfine(info *snap.Info, securityTag, snapApp, command, hook string, args []string) error { if err := createUserDataDirs(info); err != nil { logger.Noticef("WARNING: cannot create user data directory: %s", err) } cmd := []string{ filepath.Join(dirs.LibExecDir, "snap-confine"), } if info.NeedsClassic() { cmd = append(cmd, "--classic") } cmd = append(cmd, securityTag) cmd = append(cmd, filepath.Join(dirs.LibExecDir, "snap-exec")) if command != "" { cmd = append(cmd, "--command="+command) } if hook != "" { cmd = append(cmd, "--hook="+hook) } // snap-exec is POSIXly-- options must come before positionals. cmd = append(cmd, snapApp) cmd = append(cmd, args...) return syscallExec(cmd[0], cmd, snapenv.ExecEnv(info)) }
// userEnv returns the user-level environment variables for a snap. // Despite this being a bit snap-specific, this is in helpers.go because it's // used by so many other modules, we run into circular dependencies if it's // somewhere more reasonable like the snappy module. func userEnv(info *snap.Info, home string) map[string]string { result := map[string]string{ "SNAP_USER_COMMON": info.UserCommonDataDir(home), "SNAP_USER_DATA": info.UserDataDir(home), "XDG_RUNTIME_DIR": info.UserXdgRuntimeDir(os.Geteuid()), } // For non-classic snaps, we set HOME but on classic allow snaps to see real HOME if !info.NeedsClassic() { result["HOME"] = info.UserDataDir(home) } return result }