cmd/libsnap-confine-private: pass env real-home to snap-update-ns (ca…

…nonical#13244)

* cmd/libsnap-confine-private: pass env vars real-home and uid to snap-update-ns

* cmd/libsnap-confine-private: not required to pass uid

cmd/libsnap-confine-private/tool.c

@@ -117,6 +117,14 @@ void sc_call_snap_update_ns_as_user(int snap_update_ns_fd,
 				 "XDG_RUNTIME_DIR=%s", xdg_runtime_dir);
 	}
 
+	const char *snap_real_home = getenv("SNAP_REAL_HOME");
+	char snap_real_home_env[PATH_MAX + sizeof("SNAP_REAL_HOME=")] = { 0 };
+	if (snap_real_home != NULL) {
+		sc_must_snprintf(snap_real_home_env,
+				 sizeof(snap_real_home_env),
+				 "SNAP_REAL_HOME=%s", snap_real_home);
+        }
+
 	char *argv[] = {
 		"snap-update-ns",
 		/* This tells snap-update-ns we are calling from snap-confine and locking is in place */
@@ -129,7 +137,8 @@ void sc_call_snap_update_ns_as_user(int snap_update_ns_fd,
 		 * with either SNAPD_DEBUG=0 or SNAPD_DEBUG=1, see that function
 		 * for details. */
 		"SNAPD_DEBUG=x",
-		xdg_runtime_dir_env, NULL
+		xdg_runtime_dir_env,
+		snap_real_home_env, NULL
 	};
 	sc_call_snapd_tool_with_apparmor(snap_update_ns_fd,
 					 "snap-update-ns", apparmor,

cmd/snap-confine/snap-confine.c

@@ -714,7 +714,7 @@ static void enter_non_classic_execution_environment(sc_invocation * inv,
 	sc_maybe_fixup_permissions();
 	sc_maybe_fixup_udev();
 
-	/* User mount profiles do not apply to non-root users. */
+	/* User mount profiles only apply to non-root users. */
 	if (real_uid != 0) {
 		debug("joining preserved per-user mount namespace");
 		retval =