cmd/snap-update-ns: explicitly specify ownership of mount profile

We'll eventually run snap-update-ns as a normal user (when invoked from
snap-confine, at least), so make sure that the mount profile continues
to be owned by root.root

cmd/snap-update-ns/common.go

@@ -117,11 +117,3 @@ func (upCtx *CommonProfileUpdateContext) LoadCurrentProfile() (*osutil.MountProf
 	}
 	return profile, nil
 }
-
-// SaveCurrentProfile saves the current mount profile.
-func (upCtx *CommonProfileUpdateContext) SaveCurrentProfile(profile *osutil.MountProfile) error {
-	if err := profile.Save(upCtx.currentProfilePath); err != nil {
-		return fmt.Errorf("cannot save current mount profile of snap %q: %s", upCtx.instanceName, err)
-	}
-	return nil
-}

cmd/snap-update-ns/common_test.go

@@ -32,7 +32,6 @@ import (
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/sandbox/cgroup"
-	"github.com/snapcore/snapd/testutil"
 )
 
 type commonSuite struct {
@@ -157,20 +156,3 @@ func (s *commonSuite) TestLoadCurrentProfile(c *C) {
 	// The profile is returned unchanged.
 	c.Check(builder.String(), Equals, text)
 }
-
-func (s *commonSuite) TestSaveCurrentProfile(c *C) {
-	upCtx := s.upCtx
-	text := "tmpfs /tmp tmpfs defaults 0 0\n"
-
-	// Prepare a mount profile to be saved.
-	profile, err := osutil.LoadMountProfileText(text)
-	c.Assert(err, IsNil)
-
-	// Prepare the directory for saving the profile.
-	path := upCtx.CurrentProfilePath()
-	c.Assert(os.MkdirAll(filepath.Dir(path), 0755), IsNil)
-
-	// Ask the common profile update to write the current profile.
-	c.Assert(upCtx.SaveCurrentProfile(profile), IsNil)
-	c.Check(path, testutil.FileEquals, text)
-}

cmd/snap-update-ns/export_test.go

@@ -297,3 +297,9 @@ func NewCommonProfileUpdateContext(instanceName string, fromSnapConfine bool, cu
 		desiredProfilePath: desiredProfilePath,
 	}
 }
+
+func MockSaveMountProfile(f func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) error) (restore func()) {
+	r := testutil.Backup(&osutilSaveMountProfile)
+	osutilSaveMountProfile = f
+	return r
+}

cmd/snap-update-ns/main_test.go

@@ -32,6 +32,7 @@ import (
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/sys"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/testutil"
 )
@@ -86,10 +87,19 @@ func (s *mainSuite) TestExecuteMountProfileUpdate(c *C) {
 	c.Assert(err, IsNil)
 
 	upCtx := update.NewSystemProfileUpdateContext(snapName, false)
+	var profilePath string
+	var savedProfile string
+	restore = update.MockSaveMountProfile(func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) (err error) {
+		profilePath = fname
+		savedProfile, err = osutil.SaveMountProfileText(p)
+		return err
+	})
+	defer restore()
 	err = update.ExecuteMountProfileUpdate(upCtx)
 	c.Assert(err, IsNil)
 
-	c.Check(currentProfilePath, testutil.FileEquals, `/var/lib/snapd/hostfs/usr/local/share/fonts /usr/local/share/fonts none bind,ro 0 0
+	c.Check(profilePath, Equals, currentProfilePath)
+	c.Check(savedProfile, Equals, `/var/lib/snapd/hostfs/usr/local/share/fonts /usr/local/share/fonts none bind,ro 0 0
 /var/lib/snapd/hostfs/usr/share/fonts /usr/share/fonts none bind,ro 0 0
 `)
 }
@@ -154,9 +164,18 @@ func (s *mainSuite) TestAddingSyntheticChanges(c *C) {
 	defer restore()
 
 	upCtx := update.NewSystemProfileUpdateContext(snapName, false)
+	var profilePath string
+	var savedProfile string
+	restore = update.MockSaveMountProfile(func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) (err error) {
+		profilePath = fname
+		savedProfile, err = osutil.SaveMountProfileText(p)
+		return err
+	})
+	defer restore()
 	c.Assert(update.ExecuteMountProfileUpdate(upCtx), IsNil)
 
-	c.Check(currentProfilePath, testutil.FileEquals,
+	c.Check(profilePath, Equals, currentProfilePath)
+	c.Check(savedProfile, Equals,
 		`tmpfs /usr/share tmpfs x-snapd.synthetic,x-snapd.needed-by=/usr/share/mysnap 0 0
 /usr/share/adduser /usr/share/adduser none bind,ro,x-snapd.synthetic,x-snapd.needed-by=/usr/share/mysnap 0 0
 /usr/share/awk /usr/share/awk none bind,ro,x-snapd.synthetic,x-snapd.needed-by=/usr/share/mysnap 0 0
@@ -232,9 +251,18 @@ func (s *mainSuite) TestRemovingSyntheticChanges(c *C) {
 	defer restore()
 
 	upCtx := update.NewSystemProfileUpdateContext(snapName, false)
+	var profilePath string
+	var savedProfile string
+	restore = update.MockSaveMountProfile(func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) (err error) {
+		profilePath = fname
+		savedProfile, err = osutil.SaveMountProfileText(p)
+		return err
+	})
+	defer restore()
 	c.Assert(update.ExecuteMountProfileUpdate(upCtx), IsNil)
 
-	c.Check(currentProfilePath, testutil.FileEquals, "")
+	c.Check(profilePath, Equals, currentProfilePath)
+	c.Check(savedProfile, Equals, "")
 }
 
 func (s *mainSuite) TestApplyingLayoutChanges(c *C) {
@@ -362,9 +390,18 @@ func (s *mainSuite) TestApplyIgnoredMissingMount(c *C) {
 
 	// The error was ignored, and no mount was recorded in the profile
 	upCtx := update.NewSystemProfileUpdateContext(snapName, false)
+	var profilePath string
+	var savedProfile string
+	restore = update.MockSaveMountProfile(func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) (err error) {
+		profilePath = fname
+		savedProfile, err = osutil.SaveMountProfileText(p)
+		return err
+	})
+	defer restore()
 	c.Assert(update.ExecuteMountProfileUpdate(upCtx), IsNil)
 	c.Check(s.log.String(), Equals, "")
-	c.Check(currentProfilePath, testutil.FileEquals, "")
+	c.Check(profilePath, Equals, currentProfilePath)
+	c.Check(savedProfile, Equals, "")
 }
 
 func (s *mainSuite) TestApplyUserFstabHomeRequiredAndValid(c *C) {

cmd/snap-update-ns/system.go

@@ -24,9 +24,14 @@ import (
 	"os"
 
 	"github.com/snapcore/snapd/dirs"
+	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/snap"
 )
 
+var (
+	osutilSaveMountProfile = osutil.SaveMountProfile
+)
+
 // SystemProfileUpdateContext contains information about update to system-wide mount namespace.
 type SystemProfileUpdateContext struct {
 	CommonProfileUpdateContext
@@ -92,6 +97,14 @@ func (upCtx *SystemProfileUpdateContext) Assumptions() *Assumptions {
 	return as
 }
 
+// SaveCurrentProfile saves the current mount profile.
+func (upCtx *SystemProfileUpdateContext) SaveCurrentProfile(profile *osutil.MountProfile) error {
+	if err := osutilSaveMountProfile(profile, upCtx.currentProfilePath, 0, 0); err != nil {
+		return fmt.Errorf("cannot save current mount profile of snap %q: %s", upCtx.instanceName, err)
+	}
+	return nil
+}
+
 // desiredSystemProfilePath returns the path of the fstab-like file with the desired, system-wide mount profile for a snap.
 func desiredSystemProfilePath(snapName string) string {
 	return fmt.Sprintf("%s/snap.%s.fstab", dirs.SnapMountPolicyDir, snapName)

cmd/snap-update-ns/system_test.go

@@ -30,8 +30,8 @@ import (
 	update "github.com/snapcore/snapd/cmd/snap-update-ns"
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/sys"
 	"github.com/snapcore/snapd/sandbox/cgroup"
-	"github.com/snapcore/snapd/testutil"
 )
 
 type systemSuite struct{}
@@ -149,8 +149,17 @@ func (s *systemSuite) TestSaveCurrentProfile(c *C) {
 	c.Assert(err, IsNil)
 
 	// Ask the system profile update to write the current profile.
+	var profilePath string
+	var savedProfile string
+	restore := update.MockSaveMountProfile(func(p *osutil.MountProfile, fname string, uid sys.UserID, gid sys.GroupID) (err error) {
+		profilePath = fname
+		savedProfile, err = osutil.SaveMountProfileText(p)
+		return err
+	})
+	defer restore()
 	c.Assert(upCtx.SaveCurrentProfile(profile), IsNil)
-	c.Check(update.CurrentSystemProfilePath(upCtx.InstanceName()), testutil.FileEquals, text)
+	c.Check(profilePath, Equals, update.CurrentSystemProfilePath(upCtx.InstanceName()))
+	c.Check(savedProfile, Equals, text)
 }
 
 func (s *systemSuite) TestDesiredSystemProfilePath(c *C) {

osutil/mountprofile_linux.go

@@ -26,6 +26,8 @@ import (
 	"io"
 	"os"
 	"strings"
+
+	"github.com/snapcore/snapd/osutil/sys"
 )
 
 // MountProfile represents an array of mount entries.
@@ -64,12 +66,14 @@ func SaveMountProfileText(p *MountProfile) (string, error) {
 
 // Save saves a mount profile (fstab-like) to a given file.
 // The profile is saved with an atomic write+rename+sync operation.
-func (p *MountProfile) Save(fname string) error {
+// If you don't want to alter the uid and gid of the created file, pass
+// osutil.NoChown.
+func SaveMountProfile(p *MountProfile, fname string, uid sys.UserID, gid sys.GroupID) error {
 	var buf bytes.Buffer
 	if _, err := p.WriteTo(&buf); err != nil {
 		return err
 	}
-	return AtomicWriteFile(fname, buf.Bytes(), 0644, AtomicWriteFlags(0))
+	return AtomicWriteFileChown(fname, buf.Bytes(), 0644, AtomicWriteFlags(0), uid, gid)
 }
 
 // ReadMountProfile reads and parses a mount profile.

osutil/mountprofile_linux_test.go

@@ -103,7 +103,7 @@ func (s *profileSuite) TestSaveMountProfile1(c *C) {
 			{Name: "name-1", Dir: "dir-1", Type: "type-1", Options: []string{"options-1"}, DumpFrequency: 1, CheckPassNumber: 1},
 		},
 	}
-	err := p.Save(fname)
+	err := osutil.SaveMountProfile(p, fname, osutil.NoChown, osutil.NoChown)
 	c.Assert(err, IsNil)
 
 	stat, err := os.Stat(fname)