* tets: remove support for centos-7
Centos-7 is EOL since June-30
Signed-off-by: Sergio Cazzolato <sergio.cazzolato@canonical.com>
* update the release_tst.go with the real centos 9 info
---------
Signed-off-by: Sergio Cazzolato <sergio.cazzolato@canonical.com>
Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
Context
On Sept 21st, Microsoft anounced systemd support for WSL 2 ([see anouncement](https://devblogs.microsoft.com/commandline/systemd-support-is-now-available-in-wsl/)), and Ubuntu-Preview already ships with systemd enabled by default.
Changes
Snap now works on WSL 2. Hence some of the current system checks in snapd have to be updated in response.
Bugfixes
This PR fixes:
- [#1991823](https://bugs.launchpad.net/snapd/+bug/1991823) WSL detection is now incorrect / inappropriate
- [#1991826](https://bugs.launchpad.net/snapd/+bug/1991826) snapd is intentionally broken under WSL and shouldn't be
* release: Implemented WLS 1/2 distinction
* syscheck: enabled snapd on WSL 2
* snapd-apparmor: Applied distiction, split tests
* Made WSL1 check more robust
* release: Removed redundant isWSL
* snapd-apparmor: WSL2 has internal policy
* release: Strenghtened detection of WSL1 vs. WSL2
* cmd/snap: Allowed snap on WSL2
* release: getting filesystem type with syscal
* release: added unit test for filesystemRootType
* release: use Assert to check errors
as we usually do
Co-authored-by: Samuele Pedroni <pedronis@lucediurna.net>
Not all security backends are fully supported on a system using unified cgroup
hierarchy. Make sure this is reflected in the release package.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
The patch moves seccomp related APIs from the release pacakge into the
sandbox/seccomp one.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
As part of the work to collect all of sandbox related pieces under the sandbox
pacakge, the patch moves the SELinux APIs from release under sandbox/selinux.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
The AppArmor related code was moved to
github.com/snapcore/snapd/sandbox/apparmor package. Update the remaining code to
use the package.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Move the selinux package to be under sandbox, where other sandbox related pieces
live.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Some state data in the release package, namely AppArmor level/summary &
kernel/parser features as well as Seccomp feature set, is only initialized when
needed. Since there is a chance, this information could be accessed in
concurrently, we need to add some locking around the code that mutates the data.
This also shrinks the number of globals used to keep the state
and uses pointers to structs instead. This makes the Mock*
methods for the state a little bit clearer.
