* tets: remove support for centos-7
Centos-7 is EOL since June-30
Signed-off-by: Sergio Cazzolato <sergio.cazzolato@canonical.com>
* update the release_tst.go with the real centos 9 info
---------
Signed-off-by: Sergio Cazzolato <sergio.cazzolato@canonical.com>
The global.bin seccomp filter was written before we had support for
explicit deny rules in snap-seccomp. With these rules we can replace
the hard to followup logic of the global filter and just make the
rules part of the standard seccomp template.
The global rules are best summarized in this comment:
```
struct scmp_arg_cmp no_tty_inject = {
/* We learned that existing programs make legitimate requests with all
* bits set in the more significant 32bit word of the 64 bit double
* word. While this kernel behavior remains suspect and presumably
* undesired it is unlikely to change for backwards compatibility
* reasons. As such we cannot block all requests with high-bits set.
*
* When faced with ioctl(fd, request); refuse to proceed when
* request&0xffffffff == TIOCSTI. This specific way to encode the
* filter has the following important properties:
*
* - it blocks ioctl(fd, TIOCSTI, ptr).
* - it also blocks ioctl(fd, (1UL<<32) | TIOCSTI, ptr).
* - it doesn't block ioctl(fd, (1UL<<32) | (request not equal to TIOCSTI), ptr); */
.arg = 1,
.op = SCMP_CMP_MASKED_EQ,
.datum_a = 0xffffffffUL,
.datum_b = TIOCSTI,
};
sc_err = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), sys_ioctl_nr, 1, no_tty_inject);
```
and the same for `TIOCLINUX`.
Snapctl creates systemd mount units that may be activated again, so plain
umount is insufficient to correctly undo all the changes.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
The test uses host parser unconditionally, which may not understand
future syntax that is present in cases when apparmor is carried
by snapd snap package.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* tests: first set of test fixes for uc24
* add details and 2 more fixes
* fix 2 more tests
* gix user-state test
* fix lp-1813365
* Add missing details
* fix listing test
this changes needs to be done like this until the os.query is-core-* is
fixed
* fix shellcheck
* fix merge saving jobs
In certain cases, the kernel packaging may not contain the directory
/usr/share/linux-image-$(uname -r). Since we do not precisely care about kernel
packaging or special kernel packages for the cloud, isolate the test from this
factor by automatically creating the directory if required.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This version of the test depends on the real test-snapd-busybox-static from the
bare/edge channel.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
d0023970be
seems to have introduced a regression on Arch where we have the AppArmor
userspace and kernel support, but apparently the profiles generated are not
accepted by 3.1.6 parser currently present in Arch.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* First part of the improvements done for pkg management
The idea of this change is to use the tests.pkg tools instead of the
pkgdb.sh helper when possible
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 1c8efb77e1..c82afb2dee
c82afb2dee Support --no-install-recommends parameter when installing dependencies with tests.pkgs
b84eea92e2 spread-shellcheck: fix quotes in environment variables (#41)
ab1e51c29f New comparison in os-query for core systems (#40)
e5ae22a5d4 systemd units can be overwritten
63540b845a Fix error messages in remote pull and push
75e8a426a5 make sure the unit is removed in tests.systemd test
9089ff5c02 Update tests to use the new tests.systemd stop-unit
44ecd5e56a Move tests.systemd stop-units to stop-unit
01a2a83b4b Update tests.systemd to have stop units as systemd.sh
162e93bd35 update tests.systemd CLI options to be the same than retry command
14aa43a405 new feature to re-run failed spread tests (#39)
604cb782db Fix shellcheck in systemd tool
bfc71082c8 Update the tests.systemd to allow parameters waiting for service status
8a2d0a99df Adding quiet tool and removing set +-x from tests.pkgs
d90935d2a4 A comment explaining about the default values for wait-for
3232c5dba7 Add support for ubuntu 23.04
a7164fba07 remove fedora 35 support, add fedora 37 support
89b9eb5301 Update systems supported
92bb6a0664 Include snap-sufix in the snaps.name tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: c82afb2dee93a6f2ee047608f0e27d3c4af10a88
* defer tests.pkgs remove inotify-tools
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from c82afb2dee..5e7b63883d
5e7b63883d Fixes for osquery and tests pkgs (#43)
4c9145e2ac support reboot waiting for auto-refresh
45768f5188 show changes in unknown status after refresh
8013c30c2a Remove support for ubuntu 22.10
b32b80bf54 Fix remote.rait-for test in bionic
5675c625e9 Enable fedora 38
55f4471957 Support for new oss
f2e88b357c New tool used to query spread json reports
cacd35ede0 utils/spread-shellcheck: explain disabled warnings (#42)
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 5e7b63883df49cdc72e2fc1fe0a23dd79224ab27
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 5e7b63883d..2a5c4414a3
2a5c4414a3 fix shellcheck errors
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 2a5c4414a3db1ec8f8e37ee78d7d3c5b5b7a082b
We recently ran into a real world profile bug where the option
`-O no-expr-simplify` causes a 10x increase in apparmor_parser
runtime and memory usage [1] that breaks existing customers.
The decision to use `-O no-expr-simplify` was taken in 2014 [2]
and the profiles back then where simpler. This commit will
make some profile generation slower but it will avoid going
into the exponential memory usage when compiled with
`apparmor_parser -O no-expr-simplify`.
[1] https://bugs.launchpad.net/snapd/+bug/2025030
[2] https://bugs.launchpad.net/ubuntu-rtm/+source/apparmor/+bug/1383858
* Update the tests to start using tests.systemd tool instead of systemd.sh helper
This is the second part of the migration from systemd.sh helper to
tests.systemd tool
* fix names of stop-unit command
* fix op-remove-retry test
* Use journal-state tool instead of journalctl command
Update tests to avoid using the journalctl command. The idea of the
journal-state command is that it is just checking in the logs generated
during the test execution, and journactl is checking the full log.
* o/devicestate: fix build after merge with un-rebased master
* Fix shellchecks
---------
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
Co-authored-by: Philip Meulengracht <philip.meulengracht@canonical.com>
Add test case for docker-support regression, when docker snap is
upgraded to base:core20 or base:core22.
LP: #2011485
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
