cmd/snap-confine: introduce sc_invocation #6571
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently passing data around snap-confine is not very easy because of
historically organic growth of the codebase. To simplify some of that
I'd like to introduce sc_invocation. An ad-hoc structure that captures
some of the variables that participate in the essential part of
snap-confine's logic.
The purpose of this patch is to introduce this structure, switch some of
the code to use it (as opposed to accessing the local variables) and
set the stage for a subsequent patch that moves a large chunk of code
into the two new stubs: enter_{,non_}classic_execution_environment().
This should eventually allow us to make a single call to
sc_should_use_normal_mode() and simply pass the result around via the
invocation structure. There is plenty of more refactoring that can be
done after this patch is in place.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Handling uid/gid is a bit more delicate as those values routinely change thought execution. Instead of passing them around in the invocation structure pass them explicitly to the only place that needs it for now. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Codecov Report
@@ Coverage Diff @@
## master #6571 +/- ##
=========================================
- Coverage 79.13% 79.1% -0.04%
=========================================
Files 580 580
Lines 45089 45089
=========================================
- Hits 35681 35667 -14
- Misses 6509 6521 +12
- Partials 2899 2901 +2
Continue to review full report at Codecov.
|
|
we discussed using sc_invocation only in the non-classic path for now |
After a good night's sleep I realised I should not have put it there in the first place. This will allow the invocatoin to collect and contain only the parts of the arguments that are related to the invocation of snap-confine and leave out certain things that have more complex state (uids) or are an implementation detail (apparmor struct) out of it. Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
…nvironment The classic path is (for now) empty so let's not use the invocation there just yet. Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
stolowski
approved these changes
Mar 7, 2019
| const char *base_snap_name; | ||
| const char *security_tag; | ||
| const char *snap_instance; | ||
| } sc_invocation; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently passing data around snap-confine is not very easy because of
historically organic growth of the codebase. To simplify some of that
I'd like to introduce sc_invocation. An ad-hoc structure that captures
some of the variables that participate in the essential part of
snap-confine's logic.
The purpose of this patch is to introduce this structure, switch some of
the code to use it (as opposed to accessing the local variables) and
set the stage for a subsequent patch that moves a large chunk of code
into the two new stubs: enter_{,non_}classic_execution_environment().
This should eventually allow us to make a single call to
sc_should_use_normal_mode() and simply pass the result around via the
invocation structure. There is plenty of more refactoring that can be
done after this patch is in place.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com