The cleanup of $HOME/snap/ directories on snap removal is currently very simplistic, it’s based on a “/home/*/snap/…” glob which means actual home directory as set in passwd is not honored and there are leftovers in the filesystem when snap gets removed (e.g. we don’t remove data from /root user dir).
I’ve discussed this issue with @mvo and @chipaca at the last week’s sprint. In the discussion it was understood that a simple iteration over system users using system API (
getpwent and alike) is a bad idea, because it will get very problematic performance-wise if e.g. LDAP with large user base is involved.
Therefore the following solution was proposed:
- we will create a new directory
/var/lib/snapd/user/and set sticky-bit on it.
- whenever snap-run is exectued and creates snap directories in user’s home, it will drop a single empty
/var/lib/snapd/user/<UID>file for that user. Only one file will be created per-user.
- The `/var/lib/snapd/user/*’ files will serve as an efficient list of all active users, and we will only need to look up for those UIDs in system’s user db when cleaning data up on snap removal.