[PATCH 15/36] cmd/snap-confine: Prevent user-controlled race in setup_private_mount

[PATCH 15/36] cmd/snap-confine: Prevent user-controlled race in setup_private_mount

When setting up the private mount namespace for a snap, snap-confine tries
to reuse the existing /tmp/snap.$SNAP_NAME directory if it already
exists. However, a user could create this directory before snap-confine is
executed and hence snap-confine would reuse it, along with any contents
that already existed. This could allow a user to symlink their own contents
into this directory and snap-confine would then mount that into the snap's
mount namespace. Finally this could allow an unprivileged attacker to cause
snap-confine to escape confinement by causing it to be executed under a
less restrictive AppArmor profile when this vulnerability is combined with
others. Fix this by moving the erroneous directory out of the way if it
doesn't have the expected permissions / ownership so we can re-create it
with the correct restrictive permissions.

This resolves CVE-2021-44731.

Signed-off-by: Alex Murray <alex.murray@canonical.com>
Gbp-Pq: Topic cve202144730
Gbp-Pq: Name 0015-cmd-snap-confine-Prevent-user-controlled-race-in-set.patch