Merge pull request #3101 from mvo5/explicit-use-of-snapd-sockets-2.23

cmd: explicit use of snapd sockets (for 2.23)

Author: mvo5

client/client.go

@@ -30,25 +30,15 @@ import (
 	"net/url"
 	"os"
 	"path"
-	"syscall"
 	"time"
 
 	"github.com/snapcore/snapd/dirs"
 )
 
-func unixDialer() func(string, string) (net.Conn, error) {
-	// We have two sockets available: the SnapdSocket (which provides
-	// administrative access), and the SnapSocket (which doesn't). Use the most
-	// powerful one available (e.g. from within snaps, SnapdSocket is hidden by
-	// apparmor unless the snap has the snapd-control interface).
-	socketPath := dirs.SnapdSocket
-	file, err := os.OpenFile(socketPath, os.O_RDWR, 0666)
-	if err == nil {
-		file.Close()
-	} else if e, ok := err.(*os.PathError); ok && (e.Err == syscall.ENOENT || e.Err == syscall.EACCES) {
-		socketPath = dirs.SnapSocket
+func unixDialer(socketPath string) func(string, string) (net.Conn, error) {
+	if socketPath == "" {
+		socketPath = dirs.SnapdSocket
 	}
-
 	return func(_, _ string) (net.Conn, error) {
 		return net.Dial("unix", socketPath)
 	}
@@ -67,6 +57,9 @@ type Config struct {
 	// DisableAuth controls whether the client should send an
 	// Authorization header from reading the auth.json data.
 	DisableAuth bool
+
+	// Socket is the path to the unix socket to use
+	Socket string
 }
 
 // A Client knows how to talk to the snappy daemon.
@@ -91,7 +84,7 @@ func New(config *Config) *Client {
 				Host:   "localhost",
 			},
 			doer: &http.Client{
-				Transport: &http.Transport{Dial: unixDialer()},
+				Transport: &http.Transport{Dial: unixDialer(config.Socket)},
 			},
 			disableAuth: config.DisableAuth,
 		}

client/client_test.go

@@ -252,7 +252,9 @@ func (cs *clientSuite) TestSnapClientIntegration(c *C) {
 	srv.Start()
 	defer srv.Close()
 
-	cli := client.New(nil)
+	cli := client.New(&client.Config{
+		Socket: dirs.SnapSocket,
+	})
 	options := &client.SnapCtlOptions{
 		ContextID: "foo",
 		Args:      []string{"bar", "--baz"},

cmd/snap/main.go

@@ -209,7 +209,10 @@ snaps on the system. Start with 'snap list' to see installed snaps.
 }
 
 // ClientConfig is the configuration of the Client used by all commands.
-var ClientConfig client.Config
+var ClientConfig = client.Config{
+	// we need the powerful snapd socket
+	Socket: dirs.SnapdSocket,
+}
 
 // Client returns a new client using ClientConfig as configuration.
 func Client() *client.Client {

cmd/snapctl/main.go

@@ -24,13 +24,17 @@ import (
 	"os"
 
 	"github.com/snapcore/snapd/client"
+	"github.com/snapcore/snapd/dirs"
 )
 
 var clientConfig = client.Config{
 	// snapctl should not try to read $HOME/.snap/auth.json, this will
 	// result in apparmor denials and configure task failures
 	// (LP: #1660941)
 	DisableAuth: true,
+
+	// we need the less privileged snap socket in snapctl
+	Socket: dirs.SnapSocket,
 }
 
 func main() {