XDG_RUNTIME_DIR (usually /run/user/<uid>/snap.$SNAP_INSTANCE_NAME/) is permited path for sockets to be created, this is at the moment blocked
when socket is defined as part of daemon configuration

Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>

…ation

Expand XDG_RUNTIME_DIR if used for socket activated service

Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>

…ME_DIR socket path

Update socket-activation test snap with socket in XDG_RUNTIME_DIR and SNAP_DATA path

Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>

…-fix

Adjust SELinux policy to allow snapd to remove socket files under /run/user (aka
$XDG_RUNTIME_DIR).

Fixes the following denials:
----
type=AVC msg=audit(06/24/19 07:52:12.092:324) : avc:  denied  { write } for
         pid=25331 comm=snapd name=/ dev="tmpfs" ino=21794
         scontext=system_u:system_r:snappy_t:s0
         tcontext =system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
----
type=AVC msg=audit(06/24/19 07:52:12.092:325) : avc:  denied  { remove_name }
         for pid=25331 comm=snapd name=snap.socket-activation dev="tmpfs" ino=69344
         scontext=system_u:sy stem_r:snappy_t:s0
         tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
----
type=AVC msg=audit(06/24/19 07:52:12.092:326) : avc:  denied  { rmdir } for
         pid=25331 comm=snapd name=snap.socket-activation dev="tmpfs" ino=69344
         scontext=system_u:system_r :snappy_t:s0
         tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
----
type=AVC msg=audit(06/24/19 07:52:12.093:327) : avc:  denied  { unlink } for
         pid=25331 comm=snapd name=socket-xdg dev="tmpfs" ino=69345
         scontext=system_u:system_r:snappy_t:s 0
         tcontext=system_u:object_r:user_tmp_t:s0 tclass=sock_file permissive=1

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>