From fdd67626b8dc03f760c1b111eca19b24efcfaa84 Mon Sep 17 00:00:00 2001 From: Micah Lewis <1009123+micahl@users.noreply.github.com> Date: Mon, 12 Sep 2022 14:15:07 -0700 Subject: [PATCH 1/2] Prefix userid's with snap_ when used in a snap. --- edgelet/iotedge/src/config/apply.rs | 86 ++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 27 deletions(-) diff --git a/edgelet/iotedge/src/config/apply.rs b/edgelet/iotedge/src/config/apply.rs index d1fe044934d..8ed4b923a33 100644 --- a/edgelet/iotedge/src/config/apply.rs +++ b/edgelet/iotedge/src/config/apply.rs @@ -25,35 +25,67 @@ pub async fn execute(config: &Path) -> Result<(), std::borrow::Cow<'static, str> // So when running as root, get the four users appropriately. // Otherwise, if this is a debug build, fall back to using the current user. // Otherwise, tell the user to re-run as root. + // When run in a snap expect the four users to be prefixed with `snap_`. let (aziotks_user, aziotcs_user, aziotid_user, aziottpm_user, iotedge_user) = if nix::unistd::Uid::current().is_root() { - let aziotks_user = nix::unistd::User::from_name("aziotks") - .map_err(|err| format!("could not query aziotks user information: {}", err))? - .ok_or("could not query aziotks user information")?; - - let aziotcs_user = nix::unistd::User::from_name("aziotcs") - .map_err(|err| format!("could not query aziotcs user information: {}", err))? - .ok_or("could not query aziotcs user information")?; - - let aziotid_user = nix::unistd::User::from_name("aziotid") - .map_err(|err| format!("could not query aziotid user information: {}", err))? - .ok_or("could not query aziotid user information")?; - - let aziottpm_user = nix::unistd::User::from_name("aziottpm") - .map_err(|err| format!("could not query aziottpm user information: {}", err))? - .ok_or("could not query aziottpm user information")?; - - let iotedge_user = nix::unistd::User::from_name("iotedge") - .map_err(|err| format!("could not query iotedge user information: {}", err))? - .ok_or("could not query iotedge user information")?; - - ( - aziotks_user, - aziotcs_user, - aziotid_user, - aziottpm_user, - iotedge_user, - ) + if std::env::var("SNAP").is_ok() { + println!("Running in SNAP confinement"); + let aziotks_user = nix::unistd::User::from_name("snap_aziotks") + .map_err(|err| format!("could not query snap_aziotks user information: {}", err))? + .ok_or("could not query aziotks user information")?; + + let aziotcs_user = nix::unistd::User::from_name("snap_aziotcs") + .map_err(|err| format!("could not query snap_aziotcs user information: {}", err))? + .ok_or("could not query aziotcs user information")?; + + let aziotid_user = nix::unistd::User::from_name("snap_aziotid") + .map_err(|err| format!("could not query snap_aziotid user information: {}", err))? + .ok_or("could not query aziotid user information")?; + + let aziottpm_user = nix::unistd::User::from_name("snap_aziottpm") + .map_err(|err| format!("could not query snap_aziottpm user information: {}", err))? + .ok_or("could not query aziottpm user information")?; + + let iotedge_user = nix::unistd::User::from_name("snap_iotedge") + .map_err(|err| format!("could not query snap_iotedge user information: {}", err))? + .ok_or("could not query iotedge user information")?; + + ( + aziotks_user, + aziotcs_user, + aziotid_user, + aziottpm_user, + iotedge_user, + ) + } else { + let aziotks_user = nix::unistd::User::from_name("aziotks") + .map_err(|err| format!("could not query aziotks user information: {}", err))? + .ok_or("could not query aziotks user information")?; + + let aziotcs_user = nix::unistd::User::from_name("aziotcs") + .map_err(|err| format!("could not query aziotcs user information: {}", err))? + .ok_or("could not query aziotcs user information")?; + + let aziotid_user = nix::unistd::User::from_name("aziotid") + .map_err(|err| format!("could not query aziotid user information: {}", err))? + .ok_or("could not query aziotid user information")?; + + let aziottpm_user = nix::unistd::User::from_name("aziottpm") + .map_err(|err| format!("could not query aziottpm user information: {}", err))? + .ok_or("could not query aziottpm user information")?; + + let iotedge_user = nix::unistd::User::from_name("iotedge") + .map_err(|err| format!("could not query iotedge user information: {}", err))? + .ok_or("could not query iotedge user information")?; + + ( + aziotks_user, + aziotcs_user, + aziotid_user, + aziottpm_user, + iotedge_user, + ) + } } else if cfg!(debug_assertions) { let current_user = nix::unistd::User::from_uid(nix::unistd::Uid::current()) .map_err(|err| format!("could not query current user information: {}", err))? From 446cb685088b97266e552edb14a76df2e9e2a7cb Mon Sep 17 00:00:00 2001 From: Micah Lewis <1009123+micahl@users.noreply.github.com> Date: Mon, 12 Sep 2022 15:08:17 -0700 Subject: [PATCH 2/2] Fix formatting --- edgelet/iotedge/src/config/apply.rs | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/edgelet/iotedge/src/config/apply.rs b/edgelet/iotedge/src/config/apply.rs index 8ed4b923a33..88c7b4b0a0d 100644 --- a/edgelet/iotedge/src/config/apply.rs +++ b/edgelet/iotedge/src/config/apply.rs @@ -26,28 +26,39 @@ pub async fn execute(config: &Path) -> Result<(), std::borrow::Cow<'static, str> // Otherwise, if this is a debug build, fall back to using the current user. // Otherwise, tell the user to re-run as root. // When run in a snap expect the four users to be prefixed with `snap_`. + let (aziotks_user, aziotcs_user, aziotid_user, aziottpm_user, iotedge_user) = if nix::unistd::Uid::current().is_root() { if std::env::var("SNAP").is_ok() { println!("Running in SNAP confinement"); let aziotks_user = nix::unistd::User::from_name("snap_aziotks") - .map_err(|err| format!("could not query snap_aziotks user information: {}", err))? + .map_err(|err| { + format!("could not query snap_aziotks user information: {}", err) + })? .ok_or("could not query aziotks user information")?; let aziotcs_user = nix::unistd::User::from_name("snap_aziotcs") - .map_err(|err| format!("could not query snap_aziotcs user information: {}", err))? + .map_err(|err| { + format!("could not query snap_aziotcs user information: {}", err) + })? .ok_or("could not query aziotcs user information")?; let aziotid_user = nix::unistd::User::from_name("snap_aziotid") - .map_err(|err| format!("could not query snap_aziotid user information: {}", err))? + .map_err(|err| { + format!("could not query snap_aziotid user information: {}", err) + })? .ok_or("could not query aziotid user information")?; let aziottpm_user = nix::unistd::User::from_name("snap_aziottpm") - .map_err(|err| format!("could not query snap_aziottpm user information: {}", err))? + .map_err(|err| { + format!("could not query snap_aziottpm user information: {}", err) + })? .ok_or("could not query aziottpm user information")?; let iotedge_user = nix::unistd::User::from_name("snap_iotedge") - .map_err(|err| format!("could not query snap_iotedge user information: {}", err))? + .map_err(|err| { + format!("could not query snap_iotedge user information: {}", err) + })? .ok_or("could not query iotedge user information")?; (