HEX
Server: Apache/2.4.59 (Debian)
System: Linux keymana 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
User: lijunjie (1003)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /lib/snapd/
Upload Files
File: //lib/snapd/snap-device-helper
#!/bin/sh
# udev callout to allow a snap to access a device node
set -e
# debugging
#exec >>/tmp/snap-device-helper.log
#exec 2>&1
#set -x
# end debugging

ACTION="$1"
APPNAME="$2"
DEVPATH="$3"
MAJMIN="$4"
[ -n "$APPNAME" ] || { echo "no app name given" >&2; exit 1; }
[ -n "$DEVPATH" ] || { echo "no devpath given" >&2; exit 1; }
[ -n "$MAJMIN" ] || { echo "no major/minor given" >&2; exit 0; }

NOSNAP="${APPNAME#snap_}"
[ "$NOSNAP" != "$APPNAME" ] || { echo "malformed appname $APPNAME" >&2; exit 1; }

# FIXME: this will break for instances that are called "hook" :(
# Handle hooks first, the the nosnap part looks like this:
# - "$snap_hook_$hookname"
# - "$snap_$instance_hook_$hookname
# we need to make sure we change this to:
# - "$snap_hook.$hookname"
# - "$snap_$instance_hook.$hookname"
if [ -z "${NOSNAP##*_hook_hook_*}" ]; then
    # $instance is 'hook'; $snap_hook_hook.$hookname -> $snap_hook_hook.$hookname
    NOSNAP="${NOSNAP%_hook_*}_hook.${NOSNAP#*_hook_hook_}"
elif [ -z "${NOSNAP##*_hook_*}" ]; then
    # $snap_$instance_hook_$hookname -> $snap_$instance_hook.$hookname
    NOSNAP="${NOSNAP%_hook_*}_hook.${NOSNAP#*_hook_}"
fi

# Now deal with app/instance untangling
if [ "${NOSNAP#*_*_}" = "${NOSNAP}" ]; then
    # snap_<snap>_<app> -> snap.<snap>.<app>
    SNAPAPP="snap.${NOSNAP%_*}.${NOSNAP#*_}"
else
    # snap_<snap>_<instance>_<app> -> snap.<snap>_<instance>.<app>
    SNAPAPP="snap.${NOSNAP%_*}.${NOSNAP#*_*_}"
fi

DEVICES_CGROUP=${DEVICES_CGROUP:="/sys/fs/cgroup/devices"}
app_dev_cgroup="$DEVICES_CGROUP/$SNAPAPP"

# The cgroup is only present after snap start so ignore any cgroup changes
# (eg, 'add' on boot, hotplug, hotunplug) when the cgroup doesn't exist
# yet. LP: #1762182.
if [ ! -e "$app_dev_cgroup" ]; then
    exit 0
fi

# check if it's a block or char dev
if [ "${DEVPATH#*/block/}" != "$DEVPATH" ]; then
    type="b"
else
    type="c"
fi

acl="$type $MAJMIN rwm"
case "$ACTION" in
    add|change)
        echo "$acl" > "$app_dev_cgroup/devices.allow"
        ;;
    remove)
        echo "$acl" > "$app_dev_cgroup/devices.deny"
        ;;
    *)
        echo "ERROR: unknown action $ACTION" >&2
        exit 1 ;;
esac
@ Telegram