forked from snapcore/snapd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
time_control.go
139 lines (117 loc) · 4.51 KB
/
time_control.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2016-2017 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package builtin
const timeControlSummary = `allows setting system date and time`
const timeControlBaseDeclarationSlots = `
time-control:
allow-installation:
slot-snap-type:
- core
deny-auto-connection: true
`
const timeControlConnectedPlugAppArmor = `
# Description: Can set time and date via systemd' timedated D-Bus interface.
# Can read all properties of /org/freedesktop/timedate1 D-Bus object; see
# https://www.freedesktop.org/wiki/Software/systemd/timedated/; This also
# gives full access to the RTC device nodes and relevant parts of sysfs.
#include <abstractions/dbus-strict>
# Introspection of org.freedesktop.timedate1
# do not use peer=(label=unconfined) here since this is DBus activated
dbus (send)
bus=system
path=/org/freedesktop/timedate1
interface=org.freedesktop.DBus.Introspectable
member=Introspect,
dbus (send)
bus=system
path=/org/freedesktop/timedate1
interface=org.freedesktop.timedate1
member="Set{Time,LocalRTC}"
peer=(label=unconfined),
# Read all properties from timedate1
# do not use peer=(label=unconfined) here since this is DBus activated
dbus (send)
bus=system
path=/org/freedesktop/timedate1
interface=org.freedesktop.DBus.Properties
member=Get{,All},
# Receive timedate1 property changed events
dbus (receive)
bus=system
path=/org/freedesktop/timedate1
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged
peer=(label=unconfined),
# As the core snap ships the timedatectl utility we can also allow
# clients to use it now that they have access to the relevant
# D-Bus methods for setting the time via timedatectl's set-time and
# set-local-rtc commands.
/usr/bin/timedatectl{,.real} ixr,
# Silence this noisy denial. systemd utilities look at /proc/1/environ to see
# if running in a container, but they will fallback gracefully. No other
# interfaces allow this denial, so no problems with silencing it for now. Note
# that allowing this triggers a 'ptrace trace peer=unconfined' denial, which we
# want to avoid.
deny @{PROC}/1/environ r,
# Allow write access to system real-time clock
# See 'man 4 rtc' for details.
capability sys_time,
/dev/rtc[0-9]* rw,
# Access to the sysfs nodes are needed by rtcwake for example
# to program scheduled wakeups in the future.
/sys/class/rtc/*/ rw,
/sys/class/rtc/*/** rw,
# As the core snap ships the hwclock utility we can also allow
# clients to use it now that they have access to the relevant
# device nodes. Note: some invocations of hwclock will try to
# write to the audit subsystem. We omit 'capability audit_write'
# and 'capability net_admin' here. Applications requiring audit
# logging should plug 'netlink-audit'.
/{,usr/}sbin/hwclock ixr,
`
const timeControlConnectedPlugSecComp = `
# Description: Can set time and date via systemd' timedated D-Bus interface.
# Can read all properties of /org/freedesktop/timedate1 D-Bus object; see
# https://www.freedesktop.org/wiki/Software/systemd/timedated/; This also
# gives full access to the RTC device nodes and relevant parts of sysfs.
settimeofday
adjtimex
# direct manipulation through POSIX clock time API
clock_adjtime
clock_adjtime64
clock_settime
clock_settime64
# util-linux built with libaudit tries to write to the audit subsystem. We
# allow the socket call here to avoid seccomp kill, but omit the AppArmor
# capability rules.
bind
socket AF_NETLINK - NETLINK_AUDIT
`
var timeControlConnectedPlugUDev = []string{`SUBSYSTEM=="rtc"`}
func init() {
registerIface(&commonInterface{
name: "time-control",
summary: timeControlSummary,
implicitOnCore: true,
implicitOnClassic: true,
baseDeclarationSlots: timeControlBaseDeclarationSlots,
connectedPlugAppArmor: timeControlConnectedPlugAppArmor,
connectedPlugSecComp: timeControlConnectedPlugSecComp,
connectedPlugUDev: timeControlConnectedPlugUDev,
})
}