From a0ecfb600b46636e81f8389ba1d8d7cedfc967c0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Feb 2016 16:13:55 +0100 Subject: [PATCH 1/9] migration-skill -> old-security --- docs/meta.md | 4 ++-- docs/security.md | 33 +++++++++++++++++---------------- snappy/click.go | 4 ++-- snappy/click_test.go | 10 +++++----- snappy/security_test.go | 6 +++--- snappy/snap_yaml_test.go | 4 ++-- snappy/snapp_snapfs_test.go | 2 +- snappy/snapp_test.go | 8 ++++---- 8 files changed, 36 insertions(+), 35 deletions(-) diff --git a/docs/meta.md b/docs/meta.md index cabd53fac2..95849da4cd 100644 --- a/docs/meta.md +++ b/docs/meta.md @@ -77,9 +77,9 @@ The following keys are optional: * `uses`: a map of names and skills -## Skills +## Interfaces -The `migration-skill` is used to make porting existing snaps easier. +The `old-security` interface is used to make porting existing snaps easier. It provides the following parameters: * `caps`: (optional) list of additional security policies to add. See `security.md` for details diff --git a/docs/security.md b/docs/security.md index 50a9e60c1b..5aa86b4b14 100644 --- a/docs/security.md +++ b/docs/security.md @@ -1,10 +1,10 @@ # Security policy -Most of the security aspects of the system will be done via skills and -skill slots. However for compatibility with the 15.04 snappy -architecture there is a special skill type called `migration-skill` +Most of the security aspects of the system will be done via interfaces and +slots and plugs. However for compatibility with the 15.04 snappy +architecture there is a special interface type called `old-security` that can be used to migrate using the 15.04 syntax. See the example -below for the various ways the migration-skill can be used. +below for the various ways the `old-security` interface can be used. ## Security with the migration skill @@ -80,7 +80,8 @@ in the yaml as `caps`. ## Defining snap policy The `snap.yaml` need not specify anything for default confinement. Several -options are available in the migration-skill to modify the confinement: +options are available in the `old-security` interface to modify the +confinement: * `caps`: (optional) list of (easy to understand, human readable) additional security policies to add. The system will translate these to generate @@ -121,41 +122,41 @@ Eg, consider the following: command: bar baz: command: baz - uses: [baz-caps] + slots: [baz-caps] qux: command: qux - uses: [qux-security] + slots: [qux-security] quux: command: quux - uses: [quux-policy] + slots: [quux-policy] corge: command: corge daemon: simple - uses: [corge-override] + slots: [corge-override] cli-exe: command: cli-exe - uses: [no-caps] - uses: + slots: [no-caps] + slots: baz-caps: - type: migration-skill + type: old-security caps: - network-client - norf-framework_client qux-security: - type: migration-skill + type: old-security security-template: nondefault quux-policy: - type: migration-skill + type: old-security security-policy: apparmor: meta/quux.profile seccomp: meta/quux.filter corge-override: - type: migration-skill + type: old-security security-override: apparmor: meta/corge.apparmor seccomp: meta/corge.seccomp no-caps: - type: migration-skill + type: old-security caps: [] diff --git a/snappy/click.go b/snappy/click.go index 25d87a351f..9da40187c8 100644 --- a/snappy/click.go +++ b/snappy/click.go @@ -85,8 +85,8 @@ func verifyUsesYaml(uses *usesYaml) error { return err } - if uses.Type != "migration-skill" { - return fmt.Errorf("can not use skill %q, only migration-skill supported", uses.Type) + if uses.Type != "old-security" { + return fmt.Errorf("can not use interface %q, only `old-security` supported", uses.Type) } return nil diff --git a/snappy/click_test.go b/snappy/click_test.go index 6f90f046c5..f5e83ff7ae 100644 --- a/snappy/click_test.go +++ b/snappy/click_test.go @@ -1009,12 +1009,12 @@ func (s *SnapTestSuite) TestBinariesWhitelistSimple(c *C) { func (s *SnapTestSuite) TestUsesWhitelistSimple(c *C) { c.Check(verifyUsesYaml(&usesYaml{ - Type: "migration-skill", + Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "foo"}, }), IsNil) c.Check(verifyUsesYaml(&usesYaml{ - Type: "migration-skill", + Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ AppArmor: "foo"}, @@ -1031,17 +1031,17 @@ func (s *SnapTestSuite) TestBinariesWhitelistIllegal(c *C) { func (s *SnapTestSuite) TestWrongType(c *C) { c.Check(verifyUsesYaml(&usesYaml{ Type: "some-skill", - }), ErrorMatches, ".*can not use skill.* only migration-skill supported") + }), ErrorMatches, ".*can not use interface.* only `old-security` supported") } func (s *SnapTestSuite) TestUsesWhitelistIllegal(c *C) { c.Check(verifyUsesYaml(&usesYaml{ - Type: "migration-skill", + Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "x\n"}, }), ErrorMatches, ".*contains illegal.*") c.Check(verifyUsesYaml(&usesYaml{ - Type: "migration-skill", + Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ AppArmor: "x\n"}, diff --git a/snappy/security_test.go b/snappy/security_test.go index 5e3cad00d2..653b255da7 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -609,10 +609,10 @@ apps: daemon: forking uses: binary1: - type: migration-skill + type: old-security caps: [] service1: - type: migration-skill + type: old-security caps: [] ` @@ -825,7 +825,7 @@ apps: uses: [binary1] uses: binary1: - type: migration-skill + type: old-security caps: [] ` diff --git a/snappy/snap_yaml_test.go b/snappy/snap_yaml_test.go index 60573385e9..621b13cd94 100644 --- a/snappy/snap_yaml_test.go +++ b/snappy/snap_yaml_test.go @@ -32,10 +32,10 @@ func (s *snapYamlTestSuite) TestParseYamlSetsTypeInUsesFromName(c *C) { snapYaml := []byte(`name: foo version: 1.0 uses: - migration-skill: + old-security: caps: [] `) sy, err := parseSnapYamlData(snapYaml, false) c.Assert(err, IsNil) - sy.Uses["migration-skill"].Type = "migration-skill" + sy.Uses["old-security"].Type = "old-security" } diff --git a/snappy/snapp_snapfs_test.go b/snappy/snapp_snapfs_test.go index 4c07836d1f..fbd2e42286 100644 --- a/snappy/snapp_snapfs_test.go +++ b/snappy/snapp_snapfs_test.go @@ -380,7 +380,7 @@ apps: uses: some-binary: - type: migration-skill + type: old-security security-template: not-there `) // install but our missing security-template will break the install diff --git a/snappy/snapp_test.go b/snappy/snapp_test.go index 9bbb4d36a0..a521019d05 100644 --- a/snappy/snapp_test.go +++ b/snappy/snapp_test.go @@ -996,19 +996,19 @@ apps: uses: testme: - type: migration-skill + type: old-security caps: - "foo_group" security-template: "foo_template" testme-override: - type: migration-skill + type: old-security security-override: read-paths: - "/foo" syscalls: - "bar" testme-policy: - type: migration-skill + type: old-security security-policy: apparmor: meta/testme-policy.profile @@ -1048,7 +1048,7 @@ apps: uses: testme-service: - type: migration-skill + type: old-security caps: - "network-client" - "foo_group" From 318ec81fa284ab9acee951f6d84f5a03fb6c268a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Feb 2016 16:22:20 +0100 Subject: [PATCH 2/9] uses -> slosts & offers -> plugs --- snappy/click.go | 2 +- snappy/click_test.go | 10 +++--- snappy/security.go | 12 +++---- snappy/security_test.go | 20 +++++------ snappy/snap_yaml.go | 22 ++++++------- snappy/snap_yaml_test.go | 4 +-- snappy/snapp_snapfs_test.go | 4 +-- snappy/snapp_test.go | 66 ++++++++++++++++++------------------- 8 files changed, 70 insertions(+), 70 deletions(-) diff --git a/snappy/click.go b/snappy/click.go index 9da40187c8..47f4b41299 100644 --- a/snappy/click.go +++ b/snappy/click.go @@ -80,7 +80,7 @@ func verifyAppYaml(app *AppYaml) error { return verifyStructStringsAgainstWhitelist(*app, servicesBinariesStringsWhitelist) } -func verifyUsesYaml(uses *usesYaml) error { +func verifySlotsYaml(uses *slotsYaml) error { if err := verifyStructStringsAgainstWhitelist(*uses, servicesBinariesStringsWhitelist); err != nil { return err } diff --git a/snappy/click_test.go b/snappy/click_test.go index f5e83ff7ae..d225b3860b 100644 --- a/snappy/click_test.go +++ b/snappy/click_test.go @@ -1008,12 +1008,12 @@ func (s *SnapTestSuite) TestBinariesWhitelistSimple(c *C) { } func (s *SnapTestSuite) TestUsesWhitelistSimple(c *C) { - c.Check(verifyUsesYaml(&usesYaml{ + c.Check(verifySlotsYaml(&slotsYaml{ Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "foo"}, }), IsNil) - c.Check(verifyUsesYaml(&usesYaml{ + c.Check(verifySlotsYaml(&slotsYaml{ Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ @@ -1029,18 +1029,18 @@ func (s *SnapTestSuite) TestBinariesWhitelistIllegal(c *C) { } func (s *SnapTestSuite) TestWrongType(c *C) { - c.Check(verifyUsesYaml(&usesYaml{ + c.Check(verifySlotsYaml(&slotsYaml{ Type: "some-skill", }), ErrorMatches, ".*can not use interface.* only `old-security` supported") } func (s *SnapTestSuite) TestUsesWhitelistIllegal(c *C) { - c.Check(verifyUsesYaml(&usesYaml{ + c.Check(verifySlotsYaml(&slotsYaml{ Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "x\n"}, }), ErrorMatches, ".*contains illegal.*") - c.Check(verifyUsesYaml(&usesYaml{ + c.Check(verifySlotsYaml(&slotsYaml{ Type: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ diff --git a/snappy/security.go b/snappy/security.go index 501a534b15..0d1834d27d 100644 --- a/snappy/security.go +++ b/snappy/security.go @@ -742,17 +742,17 @@ func hasConfig(baseDir string) bool { return helpers.FileExists(filepath.Join(baseDir, "meta", "hooks", "config")) } -func findSkillForApp(m *snapYaml, app *AppYaml) (*usesYaml, error) { - if len(app.UsesRef) == 0 { +func findSkillForApp(m *snapYaml, app *AppYaml) (*slotsYaml, error) { + if len(app.SlotsRef) == 0 { return nil, nil } - if len(app.UsesRef) != 1 { - return nil, fmt.Errorf("only a single skill is supported, %d found", len(app.UsesRef)) + if len(app.SlotsRef) != 1 { + return nil, fmt.Errorf("only a single skill is supported, %d found", len(app.SlotsRef)) } - skill, ok := m.Uses[app.UsesRef[0]] + skill, ok := m.Slots[app.SlotsRef[0]] if !ok { - return nil, fmt.Errorf("can not find skill %q", app.UsesRef[0]) + return nil, fmt.Errorf("can not find skill %q", app.SlotsRef[0]) } return skill, nil } diff --git a/snappy/security_test.go b/snappy/security_test.go index 653b255da7..ff097fe79c 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -603,11 +603,11 @@ vendor: someone version: 1.0 apps: binary1: - uses: [binary1] + slots: [binary1] service1: - uses: [service1] + slots: [service1] daemon: forking -uses: +slots: binary1: type: old-security caps: [] @@ -822,8 +822,8 @@ vendor: someone version: 1.0 apps: binary1: - uses: [binary1] -uses: + slots: [binary1] +slots: binary1: type: old-security caps: [] @@ -1044,7 +1044,7 @@ func (a *SecurityTestSuite) TestFindSkillForAppEmpty(c *C) { func (a *SecurityTestSuite) TestFindSkillForAppTooMany(c *C) { app := &AppYaml{ - UsesRef: []string{"one", "two"}, + SlotsRef: []string{"one", "two"}, } m := &snapYaml{} skill, err := findSkillForApp(m, app) @@ -1054,7 +1054,7 @@ func (a *SecurityTestSuite) TestFindSkillForAppTooMany(c *C) { func (a *SecurityTestSuite) TestFindSkillForAppNotFound(c *C) { app := &AppYaml{ - UsesRef: []string{"not-there"}, + SlotsRef: []string{"not-there"}, } m := &snapYaml{} skill, err := findSkillForApp(m, app) @@ -1064,11 +1064,11 @@ func (a *SecurityTestSuite) TestFindSkillForAppNotFound(c *C) { func (a *SecurityTestSuite) TestFindSkillFinds(c *C) { app := &AppYaml{ - UsesRef: []string{"skill"}, + SlotsRef: []string{"skill"}, } m := &snapYaml{ - Uses: map[string]*usesYaml{ - "skill": &usesYaml{Type: "some-type"}, + Slots: map[string]*slotsYaml{ + "skill": &slotsYaml{Type: "some-type"}, }, } skill, err := findSkillForApp(m, app) diff --git a/snappy/snap_yaml.go b/snappy/snap_yaml.go index 41c46bbde6..a8d24d34b5 100644 --- a/snappy/snap_yaml.go +++ b/snappy/snap_yaml.go @@ -82,11 +82,11 @@ type AppYaml struct { // must be a pointer so that it can be "nil" and omitempty works Ports *Ports `yaml:"ports,omitempty" json:"ports,omitempty"` - OffersRef []string `yaml:"offers"` - UsesRef []string `yaml:"uses"` + PlugsRef []string `yaml:"plugs"` + SlotsRef []string `yaml:"slots"` } -type usesYaml struct { +type slotsYaml struct { Type string `yaml:"type"` SecurityDefinitions `yaml:",inline"` } @@ -111,8 +111,8 @@ type snapYaml struct { // Apps can be both binary or service Apps map[string]*AppYaml `yaml:"apps,omitempty"` - // Uses maps the used "skills" to the apps - Uses map[string]*usesYaml `yaml:"uses,omitempty"` + // Slots maps the used "interfaces" to the apps + Slots map[string]*slotsYaml `yaml:"slots,omitempty"` // FIXME: clarify those @@ -169,9 +169,9 @@ func validateSnapYamlData(file string, yamlData []byte, m *snapYaml) error { } } - // check for "uses" - for _, uses := range m.Uses { - if err := verifyUsesYaml(uses); err != nil { + // check for "slots" + for _, slots := range m.Slots { + if err := verifySlotsYaml(slots); err != nil { return err } } @@ -197,9 +197,9 @@ func parseSnapYamlData(yamlData []byte, hasConfig bool) (*snapYaml, error) { app.Name = name } - for name, uses := range m.Uses { - if uses.Type == "" { - uses.Type = name + for name, slots := range m.Slots { + if slots.Type == "" { + slots.Type = name } } diff --git a/snappy/snap_yaml_test.go b/snappy/snap_yaml_test.go index 621b13cd94..7dbe98497c 100644 --- a/snappy/snap_yaml_test.go +++ b/snappy/snap_yaml_test.go @@ -31,11 +31,11 @@ var _ = Suite(&snapYamlTestSuite{}) func (s *snapYamlTestSuite) TestParseYamlSetsTypeInUsesFromName(c *C) { snapYaml := []byte(`name: foo version: 1.0 -uses: +slots: old-security: caps: [] `) sy, err := parseSnapYamlData(snapYaml, false) c.Assert(err, IsNil) - sy.Uses["old-security"].Type = "old-security" + sy.Slots["old-security"].Type = "old-security" } diff --git a/snappy/snapp_snapfs_test.go b/snappy/snapp_snapfs_test.go index fbd2e42286..6750e7b52b 100644 --- a/snappy/snapp_snapfs_test.go +++ b/snappy/snapp_snapfs_test.go @@ -376,9 +376,9 @@ version: 1.10 apps: some-binary: command: some-binary - uses: [some-binary] + slots: [some-binary] -uses: +slots: some-binary: type: old-security security-template: not-there diff --git a/snappy/snapp_test.go b/snappy/snapp_test.go index a521019d05..8b6d6d56a4 100644 --- a/snappy/snapp_test.go +++ b/snappy/snapp_test.go @@ -986,15 +986,15 @@ apps: testme: command: bin/testme description: "testme client" - uses: [testme] + slots: [testme] testme-override: command: bin/testme-override - uses: [testme-override] + slots: [testme-override] testme-policy: command: bin/testme-policy - uses: [testme-policy] + slots: [testme-policy] -uses: +slots: testme: type: old-security caps: @@ -1020,20 +1020,20 @@ func (s *SnapTestSuite) TestSnapYamlSecurityBinaryParsing(c *C) { c.Assert(m.Apps["testme"].Name, Equals, "testme") c.Assert(m.Apps["testme"].Command, Equals, "bin/testme") - c.Assert(m.Uses["testme"].SecurityCaps, HasLen, 1) - c.Assert(m.Uses["testme"].SecurityCaps[0], Equals, "foo_group") - c.Assert(m.Uses["testme"].SecurityTemplate, Equals, "foo_template") + c.Assert(m.Slots["testme"].SecurityCaps, HasLen, 1) + c.Assert(m.Slots["testme"].SecurityCaps[0], Equals, "foo_group") + c.Assert(m.Slots["testme"].SecurityTemplate, Equals, "foo_template") c.Assert(m.Apps["testme-override"].Name, Equals, "testme-override") c.Assert(m.Apps["testme-override"].Command, Equals, "bin/testme-override") - c.Assert(m.Uses["testme-override"].SecurityCaps, HasLen, 0) - c.Assert(m.Uses["testme-override"].SecurityOverride.ReadPaths[0], Equals, "/foo") - c.Assert(m.Uses["testme-override"].SecurityOverride.Syscalls[0], Equals, "bar") + c.Assert(m.Slots["testme-override"].SecurityCaps, HasLen, 0) + c.Assert(m.Slots["testme-override"].SecurityOverride.ReadPaths[0], Equals, "/foo") + c.Assert(m.Slots["testme-override"].SecurityOverride.Syscalls[0], Equals, "bar") c.Assert(m.Apps["testme-policy"].Name, Equals, "testme-policy") c.Assert(m.Apps["testme-policy"].Command, Equals, "bin/testme-policy") - c.Assert(m.Uses["testme-policy"].SecurityCaps, HasLen, 0) - c.Assert(m.Uses["testme-policy"].SecurityPolicy.AppArmor, Equals, "meta/testme-policy.profile") + c.Assert(m.Slots["testme-policy"].SecurityCaps, HasLen, 0) + c.Assert(m.Slots["testme-policy"].SecurityPolicy.AppArmor, Equals, "meta/testme-policy.profile") } var securityServiceSnapYaml = []byte(`name: test-snap @@ -1044,9 +1044,9 @@ apps: daemon: forking stop: bin/testme-service.stop description: "testme service" - uses: [testme-service] + slots: [testme-service] -uses: +slots: testme-service: type: old-security caps: @@ -1062,10 +1062,10 @@ func (s *SnapTestSuite) TestSnapYamlSecurityServiceParsing(c *C) { c.Assert(m.Apps["testme-service"].Name, Equals, "testme-service") c.Assert(m.Apps["testme-service"].Command, Equals, "bin/testme-service.start") c.Assert(m.Apps["testme-service"].Stop, Equals, "bin/testme-service.stop") - c.Assert(m.Uses["testme-service"].SecurityCaps, HasLen, 2) - c.Assert(m.Uses["testme-service"].SecurityCaps[0], Equals, "network-client") - c.Assert(m.Uses["testme-service"].SecurityCaps[1], Equals, "foo_group") - c.Assert(m.Uses["testme-service"].SecurityTemplate, Equals, "foo_template") + c.Assert(m.Slots["testme-service"].SecurityCaps, HasLen, 2) + c.Assert(m.Slots["testme-service"].SecurityCaps[0], Equals, "network-client") + c.Assert(m.Slots["testme-service"].SecurityCaps[1], Equals, "foo_group") + c.Assert(m.Slots["testme-service"].SecurityTemplate, Equals, "foo_template") } func (s *SnapTestSuite) TestDetectsAlreadyInstalled(c *C) { @@ -1273,16 +1273,16 @@ func (s *SnapTestSuite) TestNeedsAppArmorUpdatePolicyAbsent(c *C) { func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateService(c *C) { // if one of the services needs updating, it's updated and returned svc := &AppYaml{ - Name: "svc", - UsesRef: []string{"svc"}, + Name: "svc", + SlotsRef: []string{"svc"}, } part := &SnapPart{ m: &snapYaml{ Name: "part", Apps: map[string]*AppYaml{"svc": svc}, Version: "42", - Uses: map[string]*usesYaml{ - "svc": &usesYaml{ + Slots: map[string]*slotsYaml{ + "svc": &slotsYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, @@ -1297,16 +1297,16 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateService(c *C) { func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateBinary(c *C) { // if one of the binaries needs updating, the part needs updating bin := &AppYaml{ - Name: "echo", - UsesRef: []string{"echo"}, + Name: "echo", + SlotsRef: []string{"echo"}, } part := &SnapPart{ m: &snapYaml{ Name: "part", Apps: map[string]*AppYaml{"echo": bin}, Version: "42", - Uses: map[string]*usesYaml{ - "echo": &usesYaml{ + Slots: map[string]*slotsYaml{ + "echo": &slotsYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, @@ -1320,12 +1320,12 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateBinary(c *C) { func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateNothing(c *C) { svc := &AppYaml{ - Name: "svc", - UsesRef: []string{"svc"}, + Name: "svc", + SlotsRef: []string{"svc"}, } bin := &AppYaml{ - Name: "echo", - UsesRef: []string{"echo"}, + Name: "echo", + SlotsRef: []string{"echo"}, } part := &SnapPart{ m: &snapYaml{ @@ -1334,11 +1334,11 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateNothing(c *C) { "echo": bin, }, Version: "42", - Uses: map[string]*usesYaml{ - "svc": &usesYaml{ + Slots: map[string]*slotsYaml{ + "svc": &slotsYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, - "echo": &usesYaml{ + "echo": &slotsYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, From e3c7f6f3560f69be1f873228279e9013fcfe668b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Feb 2016 17:32:22 +0100 Subject: [PATCH 3/9] doc fixes, thanks to elopio --- docs/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/security.md b/docs/security.md index 5aa86b4b14..44aec5d2df 100644 --- a/docs/security.md +++ b/docs/security.md @@ -1,8 +1,8 @@ # Security policy -Most of the security aspects of the system will be done via interfaces and +Most of the security aspects of the system will be done via interfaces, slots and plugs. However for compatibility with the 15.04 snappy -architecture there is a special interface type called `old-security` +architecture there is a special interface called `old-security` that can be used to migrate using the 15.04 syntax. See the example below for the various ways the `old-security` interface can be used. From 02efdf6b229c44e888a024dddb4b0cc4b88b817f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Feb 2016 17:46:58 +0100 Subject: [PATCH 4/9] skill-type -> interface --- snappy/click.go | 8 ++++---- snappy/click_test.go | 20 ++++++++++---------- snappy/security_test.go | 10 +++++----- snappy/snap_yaml.go | 10 +++++----- snappy/snap_yaml_test.go | 2 +- snappy/snapp_snapfs_test.go | 2 +- snappy/snapp_test.go | 8 ++++---- 7 files changed, 30 insertions(+), 30 deletions(-) diff --git a/snappy/click.go b/snappy/click.go index 47f4b41299..f2c8d0990c 100644 --- a/snappy/click.go +++ b/snappy/click.go @@ -80,13 +80,13 @@ func verifyAppYaml(app *AppYaml) error { return verifyStructStringsAgainstWhitelist(*app, servicesBinariesStringsWhitelist) } -func verifySlotsYaml(uses *slotsYaml) error { - if err := verifyStructStringsAgainstWhitelist(*uses, servicesBinariesStringsWhitelist); err != nil { +func verifySlotYaml(slot *slotsYaml) error { + if err := verifyStructStringsAgainstWhitelist(*slot, servicesBinariesStringsWhitelist); err != nil { return err } - if uses.Type != "old-security" { - return fmt.Errorf("can not use interface %q, only `old-security` supported", uses.Type) + if slot.Interface != "old-security" { + return fmt.Errorf("can not use interface %q, only `old-security` supported", slot.Interface) } return nil diff --git a/snappy/click_test.go b/snappy/click_test.go index d225b3860b..3c42bf38a7 100644 --- a/snappy/click_test.go +++ b/snappy/click_test.go @@ -1008,13 +1008,13 @@ func (s *SnapTestSuite) TestBinariesWhitelistSimple(c *C) { } func (s *SnapTestSuite) TestUsesWhitelistSimple(c *C) { - c.Check(verifySlotsYaml(&slotsYaml{ - Type: "old-security", + c.Check(verifySlotYaml(&slotsYaml{ + Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "foo"}, }), IsNil) - c.Check(verifySlotsYaml(&slotsYaml{ - Type: "old-security", + c.Check(verifySlotYaml(&slotsYaml{ + Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ AppArmor: "foo"}, @@ -1029,19 +1029,19 @@ func (s *SnapTestSuite) TestBinariesWhitelistIllegal(c *C) { } func (s *SnapTestSuite) TestWrongType(c *C) { - c.Check(verifySlotsYaml(&slotsYaml{ - Type: "some-skill", + c.Check(verifySlotYaml(&slotsYaml{ + Interface: "some-skill", }), ErrorMatches, ".*can not use interface.* only `old-security` supported") } func (s *SnapTestSuite) TestUsesWhitelistIllegal(c *C) { - c.Check(verifySlotsYaml(&slotsYaml{ - Type: "old-security", + c.Check(verifySlotYaml(&slotsYaml{ + Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "x\n"}, }), ErrorMatches, ".*contains illegal.*") - c.Check(verifySlotsYaml(&slotsYaml{ - Type: "old-security", + c.Check(verifySlotYaml(&slotsYaml{ + Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ AppArmor: "x\n"}, diff --git a/snappy/security_test.go b/snappy/security_test.go index ff097fe79c..c2f54a9852 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -609,10 +609,10 @@ apps: daemon: forking slots: binary1: - type: old-security + interface: old-security caps: [] service1: - type: old-security + interface: old-security caps: [] ` @@ -825,7 +825,7 @@ apps: slots: [binary1] slots: binary1: - type: old-security + interface: old-security caps: [] ` @@ -1068,10 +1068,10 @@ func (a *SecurityTestSuite) TestFindSkillFinds(c *C) { } m := &snapYaml{ Slots: map[string]*slotsYaml{ - "skill": &slotsYaml{Type: "some-type"}, + "skill": &slotsYaml{Interface: "some-type"}, }, } skill, err := findSkillForApp(m, app) c.Check(err, IsNil) - c.Check(skill.Type, Equals, "some-type") + c.Check(skill.Interface, Equals, "some-type") } diff --git a/snappy/snap_yaml.go b/snappy/snap_yaml.go index a8d24d34b5..b7186806f2 100644 --- a/snappy/snap_yaml.go +++ b/snappy/snap_yaml.go @@ -87,7 +87,7 @@ type AppYaml struct { } type slotsYaml struct { - Type string `yaml:"type"` + Interface string `yaml:"interface"` SecurityDefinitions `yaml:",inline"` } @@ -171,7 +171,7 @@ func validateSnapYamlData(file string, yamlData []byte, m *snapYaml) error { // check for "slots" for _, slots := range m.Slots { - if err := verifySlotsYaml(slots); err != nil { + if err := verifySlotYaml(slots); err != nil { return err } } @@ -197,9 +197,9 @@ func parseSnapYamlData(yamlData []byte, hasConfig bool) (*snapYaml, error) { app.Name = name } - for name, slots := range m.Slots { - if slots.Type == "" { - slots.Type = name + for name, slot := range m.Slots { + if slot.Interface == "" { + slot.Interface = name } } diff --git a/snappy/snap_yaml_test.go b/snappy/snap_yaml_test.go index 7dbe98497c..1dbce99518 100644 --- a/snappy/snap_yaml_test.go +++ b/snappy/snap_yaml_test.go @@ -37,5 +37,5 @@ slots: `) sy, err := parseSnapYamlData(snapYaml, false) c.Assert(err, IsNil) - sy.Slots["old-security"].Type = "old-security" + sy.Slots["old-security"].Interface = "old-security" } diff --git a/snappy/snapp_snapfs_test.go b/snappy/snapp_snapfs_test.go index 6750e7b52b..29d6e89114 100644 --- a/snappy/snapp_snapfs_test.go +++ b/snappy/snapp_snapfs_test.go @@ -380,7 +380,7 @@ apps: slots: some-binary: - type: old-security + interface: old-security security-template: not-there `) // install but our missing security-template will break the install diff --git a/snappy/snapp_test.go b/snappy/snapp_test.go index 8b6d6d56a4..2f1e0c5105 100644 --- a/snappy/snapp_test.go +++ b/snappy/snapp_test.go @@ -996,19 +996,19 @@ apps: slots: testme: - type: old-security + interface: old-security caps: - "foo_group" security-template: "foo_template" testme-override: - type: old-security + interface: old-security security-override: read-paths: - "/foo" syscalls: - "bar" testme-policy: - type: old-security + interface: old-security security-policy: apparmor: meta/testme-policy.profile @@ -1048,7 +1048,7 @@ apps: slots: testme-service: - type: old-security + interface: old-security caps: - "network-client" - "foo_group" From 3d7a5a6c6b49c9aee2aa837ef0ea98727c0bc202 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Feb 2016 17:49:06 +0100 Subject: [PATCH 5/9] slostsYaml -> slotYaml --- snappy/click.go | 2 +- snappy/click_test.go | 10 +++++----- snappy/security.go | 2 +- snappy/security_test.go | 4 ++-- snappy/snap_yaml.go | 4 ++-- snappy/snapp_test.go | 14 +++++++------- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/snappy/click.go b/snappy/click.go index f2c8d0990c..2edd628a1b 100644 --- a/snappy/click.go +++ b/snappy/click.go @@ -80,7 +80,7 @@ func verifyAppYaml(app *AppYaml) error { return verifyStructStringsAgainstWhitelist(*app, servicesBinariesStringsWhitelist) } -func verifySlotYaml(slot *slotsYaml) error { +func verifySlotYaml(slot *slotYaml) error { if err := verifyStructStringsAgainstWhitelist(*slot, servicesBinariesStringsWhitelist); err != nil { return err } diff --git a/snappy/click_test.go b/snappy/click_test.go index 3c42bf38a7..a092601189 100644 --- a/snappy/click_test.go +++ b/snappy/click_test.go @@ -1008,12 +1008,12 @@ func (s *SnapTestSuite) TestBinariesWhitelistSimple(c *C) { } func (s *SnapTestSuite) TestUsesWhitelistSimple(c *C) { - c.Check(verifySlotYaml(&slotsYaml{ + c.Check(verifySlotYaml(&slotYaml{ Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "foo"}, }), IsNil) - c.Check(verifySlotYaml(&slotsYaml{ + c.Check(verifySlotYaml(&slotYaml{ Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ @@ -1029,18 +1029,18 @@ func (s *SnapTestSuite) TestBinariesWhitelistIllegal(c *C) { } func (s *SnapTestSuite) TestWrongType(c *C) { - c.Check(verifySlotYaml(&slotsYaml{ + c.Check(verifySlotYaml(&slotYaml{ Interface: "some-skill", }), ErrorMatches, ".*can not use interface.* only `old-security` supported") } func (s *SnapTestSuite) TestUsesWhitelistIllegal(c *C) { - c.Check(verifySlotYaml(&slotsYaml{ + c.Check(verifySlotYaml(&slotYaml{ Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityTemplate: "x\n"}, }), ErrorMatches, ".*contains illegal.*") - c.Check(verifySlotYaml(&slotsYaml{ + c.Check(verifySlotYaml(&slotYaml{ Interface: "old-security", SecurityDefinitions: SecurityDefinitions{ SecurityPolicy: &SecurityPolicyDefinition{ diff --git a/snappy/security.go b/snappy/security.go index 0d1834d27d..a698e5ccef 100644 --- a/snappy/security.go +++ b/snappy/security.go @@ -742,7 +742,7 @@ func hasConfig(baseDir string) bool { return helpers.FileExists(filepath.Join(baseDir, "meta", "hooks", "config")) } -func findSkillForApp(m *snapYaml, app *AppYaml) (*slotsYaml, error) { +func findSkillForApp(m *snapYaml, app *AppYaml) (*slotYaml, error) { if len(app.SlotsRef) == 0 { return nil, nil } diff --git a/snappy/security_test.go b/snappy/security_test.go index c2f54a9852..bac4fcc72d 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -1067,8 +1067,8 @@ func (a *SecurityTestSuite) TestFindSkillFinds(c *C) { SlotsRef: []string{"skill"}, } m := &snapYaml{ - Slots: map[string]*slotsYaml{ - "skill": &slotsYaml{Interface: "some-type"}, + Slots: map[string]*slotYaml{ + "skill": &slotYaml{Interface: "some-type"}, }, } skill, err := findSkillForApp(m, app) diff --git a/snappy/snap_yaml.go b/snappy/snap_yaml.go index b7186806f2..e710fe8a1d 100644 --- a/snappy/snap_yaml.go +++ b/snappy/snap_yaml.go @@ -86,7 +86,7 @@ type AppYaml struct { SlotsRef []string `yaml:"slots"` } -type slotsYaml struct { +type slotYaml struct { Interface string `yaml:"interface"` SecurityDefinitions `yaml:",inline"` } @@ -112,7 +112,7 @@ type snapYaml struct { Apps map[string]*AppYaml `yaml:"apps,omitempty"` // Slots maps the used "interfaces" to the apps - Slots map[string]*slotsYaml `yaml:"slots,omitempty"` + Slots map[string]*slotYaml `yaml:"slots,omitempty"` // FIXME: clarify those diff --git a/snappy/snapp_test.go b/snappy/snapp_test.go index 2f1e0c5105..1310d717b7 100644 --- a/snappy/snapp_test.go +++ b/snappy/snapp_test.go @@ -1281,8 +1281,8 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateService(c *C) { Name: "part", Apps: map[string]*AppYaml{"svc": svc}, Version: "42", - Slots: map[string]*slotsYaml{ - "svc": &slotsYaml{ + Slots: map[string]*slotYaml{ + "svc": &slotYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, @@ -1305,8 +1305,8 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateBinary(c *C) { Name: "part", Apps: map[string]*AppYaml{"echo": bin}, Version: "42", - Slots: map[string]*slotsYaml{ - "echo": &slotsYaml{ + Slots: map[string]*slotYaml{ + "echo": &slotYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, @@ -1334,11 +1334,11 @@ func (s *SnapTestSuite) TestRequestSecurityPolicyUpdateNothing(c *C) { "echo": bin, }, Version: "42", - Slots: map[string]*slotsYaml{ - "svc": &slotsYaml{ + Slots: map[string]*slotYaml{ + "svc": &slotYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, - "echo": &slotsYaml{ + "echo": &slotYaml{ SecurityDefinitions: SecurityDefinitions{SecurityTemplate: "foo"}, }, }, From 6696e8b71ac24a4a088ddaeb02513d89d8f47f24 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Feb 2016 10:30:43 +0100 Subject: [PATCH 6/9] rename more skill->slot/interface, thanks Gustavo! --- docs/meta.md | 4 ++-- docs/security.md | 2 +- snappy/click_test.go | 2 +- snappy/security.go | 28 ++++++++++++++-------------- snappy/security_test.go | 20 ++++++++++---------- snappy/snap_local.go | 2 +- 6 files changed, 29 insertions(+), 29 deletions(-) diff --git a/docs/meta.md b/docs/meta.md index 95849da4cd..d4fbdff44c 100644 --- a/docs/meta.md +++ b/docs/meta.md @@ -44,7 +44,7 @@ The following keys are optional: `on-abnormal`, `on-abort`, and `always`. See `systemd.service(5)` (search for `Restart=`) for details. * `poststop`: (optional) a command that runs after the service has stopped - * `uses`: a list of `skill` names that the app uses + * `slots`: a map of interfaces * `ports`: (optional) define what ports the service will work * `internal`: the ports the service is going to connect to * `tagname`: a free form name @@ -75,7 +75,7 @@ The following keys are optional: be specified with `listen-stream`. This option is reserved for future use. -* `uses`: a map of names and skills +* `slots`: a map of interfaces ## Interfaces diff --git a/docs/security.md b/docs/security.md index 44aec5d2df..b3775b938a 100644 --- a/docs/security.md +++ b/docs/security.md @@ -6,7 +6,7 @@ architecture there is a special interface called `old-security` that can be used to migrate using the 15.04 syntax. See the example below for the various ways the `old-security` interface can be used. -## Security with the migration skill +## Security with the old-security interface Snap packages run confined under a restrictive security sandbox by default. The security policies and store policies work together to allow developers to diff --git a/snappy/click_test.go b/snappy/click_test.go index a092601189..2b4480e1ea 100644 --- a/snappy/click_test.go +++ b/snappy/click_test.go @@ -1030,7 +1030,7 @@ func (s *SnapTestSuite) TestBinariesWhitelistIllegal(c *C) { func (s *SnapTestSuite) TestWrongType(c *C) { c.Check(verifySlotYaml(&slotYaml{ - Interface: "some-skill", + Interface: "some-interface", }), ErrorMatches, ".*can not use interface.* only `old-security` supported") } diff --git a/snappy/security.go b/snappy/security.go index a698e5ccef..5975a0c41b 100644 --- a/snappy/security.go +++ b/snappy/security.go @@ -71,13 +71,13 @@ var ( SecurityCaps: []string{}, } - // TODO This is not actually right. Even if there are skills, + // TODO This is not actually right. Even if there are interfaces, // we still want to give the snap a default set of allowances, // such as being able to read and write in its own directories // and perhaps network access (we're still deciding on that // one). So the real logic we want here is: give the snap a // default set of permissions, and then whatever else the - // skills permit (migration or not). This is coming soon. + // interfaces permit (migration or not). This is coming soon. defaultSecurityPolicy = &SecurityDefinitions{ SecurityCaps: []string{}, } @@ -742,19 +742,19 @@ func hasConfig(baseDir string) bool { return helpers.FileExists(filepath.Join(baseDir, "meta", "hooks", "config")) } -func findSkillForApp(m *snapYaml, app *AppYaml) (*slotYaml, error) { +func findSlotForApp(m *snapYaml, app *AppYaml) (*slotYaml, error) { if len(app.SlotsRef) == 0 { return nil, nil } if len(app.SlotsRef) != 1 { - return nil, fmt.Errorf("only a single skill is supported, %d found", len(app.SlotsRef)) + return nil, fmt.Errorf("only a single slot is supported, %d found", len(app.SlotsRef)) } - skill, ok := m.Slots[app.SlotsRef[0]] + slot, ok := m.Slots[app.SlotsRef[0]] if !ok { - return nil, fmt.Errorf("can not find skill %q", app.SlotsRef[0]) + return nil, fmt.Errorf("can not find slot %q", app.SlotsRef[0]) } - return skill, nil + return slot, nil } func generatePolicy(m *snapYaml, baseDir string) error { @@ -769,20 +769,20 @@ func generatePolicy(m *snapYaml, baseDir string) error { } for _, app := range m.Apps { - skill, err := findSkillForApp(m, app) + slot, err := findSlotForApp(m, app) if err != nil { return err } - // if no skill is specified, use the defaultSecurityPolicy - if skill == nil { + // if no slot is specified, use the defaultSecurityPolicy + if slot == nil { if err = defaultSecurityPolicy.generatePolicyForServiceBinary(m, app.Name, baseDir); err != nil { logger.Noticef("Failed to generate policy for app %s: %v", app.Name, err) } continue } - err = skill.generatePolicyForServiceBinary(m, app.Name, baseDir) + err = slot.generatePolicyForServiceBinary(m, app.Name, baseDir) if err != nil { foundError = err logger.Noticef("Failed to generate policy for service %s: %v", app.Name, err) @@ -872,15 +872,15 @@ func CompareGeneratePolicyFromFile(fn string) error { baseDir := filepath.Dir(filepath.Dir(fn)) for _, app := range m.Apps { - skill, err := findSkillForApp(m, app) + slot, err := findSlotForApp(m, app) if err != nil { return err } - if skill == nil { + if slot == nil { continue } - p, err := skill.generatePolicyForServiceBinaryResult(m, app.Name, baseDir) + p, err := slot.generatePolicyForServiceBinaryResult(m, app.Name, baseDir) // FIXME: use apparmor_profile -p on both AppArmor profiles if err != nil { // FIXME: what to do here? diff --git a/snappy/security_test.go b/snappy/security_test.go index bac4fcc72d..62ca872868 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -1034,35 +1034,35 @@ version: 123456789 } -func (a *SecurityTestSuite) TestFindSkillForAppEmpty(c *C) { +func (a *SecurityTestSuite) TestFindSlotForAppEmpty(c *C) { app := &AppYaml{} m := &snapYaml{} - skill, err := findSkillForApp(m, app) + skill, err := findSlotForApp(m, app) c.Check(err, IsNil) c.Check(skill, IsNil) } -func (a *SecurityTestSuite) TestFindSkillForAppTooMany(c *C) { +func (a *SecurityTestSuite) TestFindSlotlForAppTooMany(c *C) { app := &AppYaml{ SlotsRef: []string{"one", "two"}, } m := &snapYaml{} - skill, err := findSkillForApp(m, app) + skill, err := findSlotForApp(m, app) c.Check(skill, IsNil) - c.Check(err, ErrorMatches, "only a single skill is supported, 2 found") + c.Check(err, ErrorMatches, "only a single slot is supported, 2 found") } -func (a *SecurityTestSuite) TestFindSkillForAppNotFound(c *C) { +func (a *SecurityTestSuite) TestFindSlotForAppNotFound(c *C) { app := &AppYaml{ SlotsRef: []string{"not-there"}, } m := &snapYaml{} - skill, err := findSkillForApp(m, app) + skill, err := findSlotForApp(m, app) c.Check(skill, IsNil) - c.Check(err, ErrorMatches, `can not find skill "not-there"`) + c.Check(err, ErrorMatches, `can not find slot "not-there"`) } -func (a *SecurityTestSuite) TestFindSkillFinds(c *C) { +func (a *SecurityTestSuite) TestFindSlotFinds(c *C) { app := &AppYaml{ SlotsRef: []string{"skill"}, } @@ -1071,7 +1071,7 @@ func (a *SecurityTestSuite) TestFindSkillFinds(c *C) { "skill": &slotYaml{Interface: "some-type"}, }, } - skill, err := findSkillForApp(m, app) + skill, err := findSlotForApp(m, app) c.Check(err, IsNil) c.Check(skill.Interface, Equals, "some-type") } diff --git a/snappy/snap_local.go b/snappy/snap_local.go index cbd1fe92ac..8f383f9f3d 100644 --- a/snappy/snap_local.go +++ b/snappy/snap_local.go @@ -426,7 +426,7 @@ func (s *SnapPart) CanInstall(allowGadget bool, inter interacter) error { func (s *SnapPart) RequestSecurityPolicyUpdate(policies, templates map[string]bool) error { var foundError error for name, app := range s.Apps() { - skill, err := findSkillForApp(s.m, app) + skill, err := findSlotForApp(s.m, app) if err != nil { logger.Noticef("Failed to find skill for %s: %v", name, err) foundError = err From 806756730b1a04ace671aea202fb0c8517b46131 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Feb 2016 10:34:00 +0100 Subject: [PATCH 7/9] two more skill->interface --- daemon/daemon.go | 2 +- docs/rest.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/daemon.go b/daemon/daemon.go index 625288a8fb..3e275cba15 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -49,7 +49,7 @@ type Daemon struct { router *mux.Router asserts *asserts.Database interfaces *interfaces.Repository - // enableInternalInterfaceActions controls if adding and removing skills and slots is allowed. + // enableInternalInterfaceActions controls if adding and removing slots and plugs is allowed. enableInternalInterfaceActions bool } diff --git a/docs/rest.md b/docs/rest.md index 9f08720b42..f611b08f63 100644 --- a/docs/rest.md +++ b/docs/rest.md @@ -622,7 +622,7 @@ returned assertions, 0 or more. * Description: Get all the plugs and information about the slots connected to them. * Access: authenticated * Operation: sync -* Return: array of plugs containing array of slots using each skill. +* Return: array of plugs containing array of slots using each interface. Sample result: From feae0ef016796a1903e26eb2b37330ae3781b4ff Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Feb 2016 10:41:29 +0100 Subject: [PATCH 8/9] rename some more skill->slot occurances --- snappy/security_test.go | 20 ++++++++++---------- snappy/snap_local.go | 10 +++++----- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/snappy/security_test.go b/snappy/security_test.go index 62ca872868..9ebc844fd8 100644 --- a/snappy/security_test.go +++ b/snappy/security_test.go @@ -1037,9 +1037,9 @@ version: 123456789 func (a *SecurityTestSuite) TestFindSlotForAppEmpty(c *C) { app := &AppYaml{} m := &snapYaml{} - skill, err := findSlotForApp(m, app) + slot, err := findSlotForApp(m, app) c.Check(err, IsNil) - c.Check(skill, IsNil) + c.Check(slot, IsNil) } func (a *SecurityTestSuite) TestFindSlotlForAppTooMany(c *C) { @@ -1047,8 +1047,8 @@ func (a *SecurityTestSuite) TestFindSlotlForAppTooMany(c *C) { SlotsRef: []string{"one", "two"}, } m := &snapYaml{} - skill, err := findSlotForApp(m, app) - c.Check(skill, IsNil) + slot, err := findSlotForApp(m, app) + c.Check(slot, IsNil) c.Check(err, ErrorMatches, "only a single slot is supported, 2 found") } @@ -1057,21 +1057,21 @@ func (a *SecurityTestSuite) TestFindSlotForAppNotFound(c *C) { SlotsRef: []string{"not-there"}, } m := &snapYaml{} - skill, err := findSlotForApp(m, app) - c.Check(skill, IsNil) + slot, err := findSlotForApp(m, app) + c.Check(slot, IsNil) c.Check(err, ErrorMatches, `can not find slot "not-there"`) } func (a *SecurityTestSuite) TestFindSlotFinds(c *C) { app := &AppYaml{ - SlotsRef: []string{"skill"}, + SlotsRef: []string{"slot"}, } m := &snapYaml{ Slots: map[string]*slotYaml{ - "skill": &slotYaml{Interface: "some-type"}, + "slot": &slotYaml{Interface: "some-type"}, }, } - skill, err := findSlotForApp(m, app) + slot, err := findSlotForApp(m, app) c.Check(err, IsNil) - c.Check(skill.Interface, Equals, "some-type") + c.Check(slot.Interface, Equals, "some-type") } diff --git a/snappy/snap_local.go b/snappy/snap_local.go index 8f383f9f3d..a90dbec122 100644 --- a/snappy/snap_local.go +++ b/snappy/snap_local.go @@ -426,18 +426,18 @@ func (s *SnapPart) CanInstall(allowGadget bool, inter interacter) error { func (s *SnapPart) RequestSecurityPolicyUpdate(policies, templates map[string]bool) error { var foundError error for name, app := range s.Apps() { - skill, err := findSlotForApp(s.m, app) + slot, err := findSlotForApp(s.m, app) if err != nil { - logger.Noticef("Failed to find skill for %s: %v", name, err) + logger.Noticef("Failed to find slot for %s: %v", name, err) foundError = err continue } - if skill == nil { + if slot == nil { continue } - if skill.NeedsAppArmorUpdate(policies, templates) { - err := skill.generatePolicyForServiceBinary(s.m, name, s.basedir) + if slot.NeedsAppArmorUpdate(policies, templates) { + err := slot.generatePolicyForServiceBinary(s.m, name, s.basedir) if err != nil { logger.Noticef("Failed to regenerate policy for %s: %v", name, err) foundError = err From 33464ef8df078e691e3545f97af7cb3992896aca Mon Sep 17 00:00:00 2001 From: Steven Wilkin Date: Tue, 1 Mar 2016 14:21:10 +0000 Subject: [PATCH 9/9] s/acitvate/activate/ --- snappy/firstboot.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snappy/firstboot.go b/snappy/firstboot.go index 3f50c710cd..d62244a9df 100644 --- a/snappy/firstboot.go +++ b/snappy/firstboot.go @@ -99,7 +99,7 @@ func gadgetConfig() error { return errNoSnapToActivate } if err := snap.activate(false, pb); err != nil { - logger.Noticef("failed to acitvate %s: %s", FullName(part), err) + logger.Noticef("failed to activate %s: %s", FullName(part), err) } } @@ -150,7 +150,7 @@ func enableSystemSnaps() error { logger.Noticef("Acitvating %s", FullName(part)) if err := activator.SetActive(part.(*SnapPart), true, pb); err != nil { // we don't want this to fail for now - logger.Noticef("failed to acitvate %s: %s", FullName(part), err) + logger.Noticef("failed to activate %s: %s", FullName(part), err) } } }