this is somewhat simpler for the callers and more consistent because
the systemd backend needs to control the naming pattern to allow
update/removal anyway
The systemd backend is relatively unique, as it is only used by one
interface. The GPIO interface uses it to create systemd units which
export GPIOs from kernel / firmware to userspace and back.
The specification system for the systemd backend is comprised of named
services. The code allows for repeated generation of identical services,
sharing the same name, that are coalesced as long as their definitions
are identical.
Based on a customer report, we found a mistake in how this coalescing
was performed. The code performed pointer comparison, not object
equality comparison. This patch fixes this issue, adds unit tests
checking that case and improves the diagnostic error message to simplify
debugging in the future.
Fixes: https://bugs.launchpad.net/tillamook/+bug/1892804
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This is a small stylistic change that doesn't impact semantics. Since
the pre-seed mode of fundamental importance I'd prefer if the condition
checking it was the earlier in the line, not at the very end.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
The directory synchronization code grew out of the desire to have a set
of files described by a glob and short, in-memory contents be reflected
to the disk in an efficient and predictable way.
Recently this code has started to be used to install icon themes shipped
by snaps. This means it may be used to coerce snapd to read arbitrary
amount of data into memory.
This address this issue by generalizing the directory sync APIs to take
an interface instead of a concrete representation of the desired file.
There are now three concrete implementations, one that keeps the content
in memory, just like before, called MemoryBlob and two new ones:
FileReference and FileContentReference. Those both refer to an existing
file for content, opening up the possibility to refer to large files.
They only differ in the treatment of file mode, either mirroring the
mode of the file being referred or using a fixed mode, respectively.
Behind the scenes the EnsureFileState function will no longer read all
of the file into memory. Instead if will use FileReference to stream it,
chunk by chunk, in an attempt to see if the file is identical to what we
expected.
On top of that, if the file is not the same and the caller has provided
a FileReference or FileContentReference, the logic that writes a new
file and replaces the original is also using streaming, again saving a
in-memory copy.
This way we can now process files of arbitrary size using fixed amount
of memory. This involves the new icon wrapper which has been switched to
use FileContentReference.
The patch contains some verbose automatic changes around the code using
maps of FileState structure to replace them with maps of FileState
interface instead.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
In preparation for parallel installation of snaps, introduce the necessary
rename of snap.Info.Name() to snap.Info.InstanceName(). The change is benign and
will make subsequent parallel installs reviews easier and smaller.
Leave TODO notes about possible issues with parallel installation where
possible.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* many: add "snap debug sandbox" and needed bits
This patch adds a way to inspect the features of the sandbox from a new
hidden, debugging command. The command shows a set of tags for each of
the security backends that are in use.
Having access to this command helps in two ways:
First of all, this is far more comprehensive and informative than the
very dry "partial" vs "full" output of "snap debug confinement". Snapd
offers a wide range of confinement technologies when used on a mainline
kernel and this should be celebrated.
Second of all having this allows us to write more precise tests. If a
test needs to be skipped because a specific thing is absent can now be
codified directly. This will allow both Debian and openSUSE to run far
more confinement-specific tests than we currently do simply because
"partial" apparmor is reported. Mainline kernel is very close to full
apparmor patch used by Ubuntu and the remaining differences don't apply
to many existing tests.
Technically this patch adds the key "sandbox", defined as a map of lists
of strings, to the sysinfo API and uses it in the new hidden command.
Each of the security backends can now optionally offer sandbox tags that
are associated with the backend name in the said map.
* interfaces: namespace kernel features with "kernel:"
This arrangement will allow the seccomp and apparmor backends to report
additional sandbox feature tags without risking any clash with kernel
reported things.
* interfaces/seccomp: return at least one sandbox tag from seccomp
In case the kernel doesn't advertise seccomp kernel features we don't
want to make the seccomp backend appear as missing or unused. Add an
explicitly managed tag to achieve that.
* interfaces/apparmor: dbus mediates more than just bus names
* many: rename sandbox tags to sandbox features
* cmd/snap: add support for "sandbox-features --required=..."
This patch allows using the sandbox-features command for simple
scripting, especially in spread tests, where we could check if a given
sandbox feature is present before checking confinement is effective.
* tests: fix and expand sandbox-features tests
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
