-
Notifications
You must be signed in to change notification settings - Fork 574
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
i/udev, c/snap-confine, c/libsnap-confine-private, c/snap-device-help…
…er: update snap-confine to be able to handle security tags that come from component hooks An example of a security tag from a component hook would be: "snap.name+comp.hook.install" And one with an instance key: "snap.name_instance+comp.hook.install" Something important to note is how these are encoded as udev tags. Currently, when converting a security tag to a udev tag, we replace all '.' characters in the tag with '_' characters because systemd limits udev tags to having only alphanumeric characters, with the addition of the characters '-' and '_'. Since security tags can now contain '+' characters, those will be encoded as two consecutive '_' characters. For example: "snap.name+comp.hook.install" -> "snap_name__comp_hook_install" "snap.name_instance+comp.hook.install" -> "snap_name_instance__comp_hook_install" This allows the conversion to maintain its reversibility.
- Loading branch information
1 parent
07b5131
commit 6c5ad3b
Showing
14 changed files
with
741 additions
and
274 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.