#!/bin/sh # udev callout to allow a snap to access a device node set -e # debugging #exec >>/tmp/snap-device-helper.log #exec 2>&1 #set -x # end debugging ACTION="$1" APPNAME="$2" DEVPATH="$3" MAJMIN="$4" [ -n "$APPNAME" ] || { echo "no app name given" >&2; exit 1; } [ -n "$DEVPATH" ] || { echo "no devpath given" >&2; exit 1; } [ -n "$MAJMIN" ] || { echo "no major/minor given" >&2; exit 0; } NOSNAP="${APPNAME#snap_}" [ "$NOSNAP" != "$APPNAME" ] || { echo "malformed appname $APPNAME" >&2; exit 1; } # FIXME: this will break for instances that are called "hook" :( # Handle hooks first, the the nosnap part looks like this: # - "$snap_hook_$hookname" # - "$snap_$instance_hook_$hookname # we need to make sure we change this to: # - "$snap_hook.$hookname" # - "$snap_$instance_hook.$hookname" if [ -z "${NOSNAP##*_hook_hook_*}" ]; then # $instance is 'hook'; $snap_hook_hook.$hookname -> $snap_hook_hook.$hookname NOSNAP="${NOSNAP%_hook_*}_hook.${NOSNAP#*_hook_hook_}" elif [ -z "${NOSNAP##*_hook_*}" ]; then # $snap_$instance_hook_$hookname -> $snap_$instance_hook.$hookname NOSNAP="${NOSNAP%_hook_*}_hook.${NOSNAP#*_hook_}" fi # Now deal with app/instance untangling if [ "${NOSNAP#*_*_}" = "${NOSNAP}" ]; then # snap__ -> snap.. SNAPAPP="snap.${NOSNAP%_*}.${NOSNAP#*_}" else # snap___ -> snap._. SNAPAPP="snap.${NOSNAP%_*}.${NOSNAP#*_*_}" fi DEVICES_CGROUP=${DEVICES_CGROUP:="/sys/fs/cgroup/devices"} app_dev_cgroup="$DEVICES_CGROUP/$SNAPAPP" # The cgroup is only present after snap start so ignore any cgroup changes # (eg, 'add' on boot, hotplug, hotunplug) when the cgroup doesn't exist # yet. LP: #1762182. if [ ! -e "$app_dev_cgroup" ]; then exit 0 fi # check if it's a block or char dev if [ "${DEVPATH#*/block/}" != "$DEVPATH" ]; then type="b" else type="c" fi acl="$type $MAJMIN rwm" case "$ACTION" in add|change) echo "$acl" > "$app_dev_cgroup/devices.allow" ;; remove) echo "$acl" > "$app_dev_cgroup/devices.deny" ;; *) echo "ERROR: unknown action $ACTION" >&2 exit 1 ;; esac