Add mode, uid, and gid options for mount plugs

[jonathan-conder]

Description

Ties in with canonical/sdkcraft#170. The main issue addressed is for mount plugs like ~/go/pkg/mod - previously the intermediate directories (go and pkg) were owned by root:root. Now they will be owned by workshop:workshop. This is configurable using the interface attributes uid, gid and mode.

The mount point itself should also be affected, but LXD has some issues (canonical/lxd#12648 and canonical/lxd#16264) which prevent this for now. Not a big deal since the mount point is only visible when the interface is disconnected.

Also fixes a bug where workshop-source: $SDK requires a trailing slash (which I thought I'd fixed already but I must have overlooked something).

Fixes a recurring issue with interface attributes being different types in workshop and SDK definitions. This is potentially a breaking change (if a launch or refresh is in progress). Removes the need to work around this in the tests.

Makes .Xauthority and workshopctl mounts read-only, because why not?

Adds some common directories to the cloud-config:

• ~/.cache, ~/.config and ~/.local so SDKs don't need to worry about 0700 permissions
• ~/bin and ~/.local/bin so SDKs don't need to source .profile after installing something there

Fixes several correctness issues with sftp. I tried to reuse as much functionality as possible, but after fixing a few things the remaining sftpfs functions were just directly calling sftp, so I dropped sftpfs. Summary of issues:

• Mkdir and OpenFile aren't transactional, they ignore the umask,
  and don't return ErrExist (required for afero.TempDir and
  afero.TempFile). The rewrites are transactional, but not atomic.
  They respect a hardcoded umask of 0022, which is the Ubuntu default
  for root.
• Paths are stripped from certain error types. The wrappers add these back in.
• On error, functions can return non-nil file handles
• Sync and WriteAt aren't implemented at all. Fixed by removing from the
  interface.
• Readdir and Readdirnames don't use the open file handle. Fixed by adding
  ReadDir to the Fs interface.

After looking at the sftp package, I think SFTP is ultimately the right protocol
for us, but both the client and server side need some work to implement the os
filesystem functions correctly. Some custom extensions might be needed for
something like os.Root.

Self-review quick check

• Make decisions that cost a lot to reverse explicit in the PR description.
• Avoid nested conditions.
• Delete dead code and redundant comments.
• Normalise symmetries by sticking to doing identical things identically.

// one way to handle errors
if err := f(); err != nil {
   ...
}

// one way to handle multiple returns
val, err := f()
if err != nil {
   ...
}
...

• Check that coupled code elements, files, and directories are adjacent. For example, test data is stored as close as possible to a test.
• Put variable declaration and initialisation together.
• Divide large expressions into digestable and self-explanatory ones. Use multiple variables if required.
• Put a blank line between two logically different chunks of code.
• Follow the style guide for new error messages.

Docs

• I have checked and added or updated relevant documentation.
• I have checked and added or updated relevant release notes.
• I have included the technical author in the review.

Or:

• I confirm the PR has no implications for documentation.

[dmitry-lyfar]

I reviewed everything except fsutil which I'm going to review separately now. There was just one comment so far.

Also, smoke-tested it on both types of mounts, works as expected.

[Copilot]

Pull Request Overview

This PR adds mount interface attributes mode, uid, and gid for configuring directory ownership and permissions in mount plugs. The main purpose is to address ownership issues where intermediate directories were previously owned by root:root, making them inaccessible to the workshop user. Now mount plugs can specify proper ownership via these new attributes.

Key changes include:

• Added mode, uid, and gid attributes to mount interface plugs for directory creation permissions
• Replaced the custom workshop.WorkshopFs interface with a new fsutil.Fs abstraction for better filesystem operations
• Made .Xauthority and workshopctl mounts read-only for security

Reviewed Changes

Copilot reviewed 51 out of 52 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
internal/interfaces/builtin/mount.go	Adds new mode, uid, gid attributes with validation and fallback logic for mount plugs
internal/fsutil/fs.go	New filesystem abstraction with common operations like MkdirAll, AtomicWriteTo, temp file creation
internal/fsutil/sftp.go	SFTP filesystem implementation with proper error handling and umask support
internal/workshop/device.go	Adds Mode, Owner, Group fields to Mount struct and reorders fields
internal/interfaces/lxd_device/backend.go	Enhanced mount preparation with proper directory ownership/permissions handling
docs/reference/sdks.rst	Documents new mount plug attributes for permissions and ownership

[github-actions]

TICS Quality Gate

✔️ Passed

workshop

All conditions passed

See the results in the TICS Viewer

The following files have been checked for this project

• internal/fsutil/basepath.go
• internal/fsutil/fs.go
• internal/fsutil/sftp.go
• internal/interfaces/builtin/desktop.go
• internal/interfaces/builtin/mount.go
• internal/interfaces/lxd_device/backend.go
• internal/interfaces/lxd_device/spec.go
• internal/overlord/cmdstate/handlers.go
• internal/overlord/hookstate/handlers.go
• internal/overlord/ifacestate/ifacemgr.go
• internal/overlord/sdkstate/handlers.go
• internal/overlord/workshopstate/handlers.go
• internal/overlord/workshopstate/request.go
• internal/testutil/dircontentchecker.go
• internal/workshop/backend.go
• internal/workshop/device.go
• internal/workshop/fakebackend/backend.go
• internal/workshop/lxd/lxd_backend_profile.go
• internal/workshop/lxd/lxd_backend_project.go
• internal/workshop/lxd/lxd_backend_volume.go
• internal/workshop/lxd/lxd_backend.go

Automatic-tests / code-coverage / TICS GitHub Action