cmd/snap-seccomp,osutil: make user/group lookup functions public

[zyga]

This branch moves the Find{Uid,Gid} functions out of the cmd/snap-seccomp
program and into the osutil package where they can also be used by other parts
of snapd. Sadly golang 1.6 doesn't implement user.LookupGroup yet so we need
this kind of hackery.

Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com

[codecov-io]

Codecov Report

Merging #3966 into master will decrease coverage by 0.15%.
The diff coverage is 11.62%.

@@            Coverage Diff            @@
##           master   #3966      +/-   ##
=========================================
- Coverage   75.96%   75.8%   -0.16%     
=========================================
  Files         423     424       +1     
  Lines       36525   36577      +52     
=========================================
- Hits        27748   27729      -19     
- Misses       6836    6904      +68     
- Partials     1941    1944       +3

Impacted Files	Coverage Δ
osutil/group.go	0% <0%> (ø)
cmd/snap-seccomp/main.go	54.4% <100%> (-2.48%)	⬇️
cmd/snap-repair/cmd_run.go	53.7% <0%> (-28.12%)	⬇️
cmd/snap-repair/main.go	44.44% <0%> (-5.56%)	⬇️
daemon/api.go	72.34% <0%> (-0.07%)	⬇️
interfaces/builtin/opengl.go	100% <0%> (ø)	⬆️
dirs/dirs.go	98.11% <0%> (+0.01%)	⬆️
cmd/snap-repair/runner.go	82.67% <0%> (+0.07%)	⬆️
overlord/snapstate/snapstate.go	80.29% <0%> (+0.19%)	⬆️
... and 1 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 41a23c8...26dff79. Read the comment docs.

[chipaca]

why are we doing it this way instead of using go's LookupGroup? it's a lot simpler fwiw

[zyga]

Because it is not available in golang 1.6

[chipaca]

I understand that, but we can copy the LookupGroup function from go 1.9 or whatever, as we've done before for similar things

[chipaca]

ah. I looked at lookup_unix, but this is cgo_lookup_unix. Heh. Sorry.

[zyga]

This is exactly that. I just took the existing copy @jdstrand added to snap-confine and made it public.

[zyga]

@mvo5 please consider merging this soon as it will help me out with other PRs

[mvo5]

I think now that this is a public method the check for userGroupNamePattern is misleading. This is about finding the user on the system and not longer about the usernames/groups specified in the policy. I think we need to move the check itself back into snap-seccomp but we need to remove it here.

[zyga]

Thanks, I'll make that happen.

[zyga]

Done