* o/snapstate: avoid setting up single reboot when update includes base, kernel and gadget
Otherwise there is a circular dependency between base, kernel and gadget, where
the kernel waits for gadget (to handle gadget assets update), gadget waits for
the base, and the base waits for some of the kernel tasks.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* o/snapstate: procure circular dependency and verify abort untangles the state
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: add helper for aborting unready lanes
A helper for aborting all lanes that aren't ready in a given change. An unready
lane is one that carries tasks which have not reached a final status yet.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: drop unused lanes field
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord: wait for up to 3 days before automatically aborting a change
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: use AbortUnreadyLanes when pruning
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord: managers test to verify self healing via abort-unready-lanes in prune
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord: leave a comment about the scenario being tested, test tweaks
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: add helper for aborting unready lanes
A helper for aborting all lanes that aren't ready in a given change. An unready
lane is one that carries tasks which have not reached a final status yet.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: optimize lane check, test tweaks
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* o/state: more tweaks
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* overlord/state: simplify checks, tweak commets
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* cmd/snap-update-ns/bootstrap.go: fix comment typos
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries
Sort new mount entries by their mimic creation directories, such that the mimic
directories that end up being created are done so in lexographical order.
Also update a single unit test where there were multiple mimic directories
being created because now all mount entries that create mimic directories are
performed first.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: stop using experimental flag
This experimental flag is not necessary anymore, and in fact is actively
harmful in that it is causing snaps to crash when they are running and an
update happens either to snapd or to their content snap dependencies and we end
up completely discarding the per-snap namespace, which leads to some
destructive effects inside the "sort of inheriting" per-user namespaces, that
then later do not get undone and thus recreated in the per-user namespace as
those namespaces aren't properly setup to inherit the constructive updates.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: remove old implementation
It's not used anymore, so we can just delete this code wholesale.
Also undo a typo fix, "s" is the British spelling so this can be left as-is.
Thanks to Alberto for spotting that this was leftover.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: unconditionally perform the "overname" mounts first
* cmd/snap-update-ns: ignore errors on unexisting mounts
When unmounting, we can get the EINVAL error if the given mount point
does not exist. Previously, this code was handling this fine for the
umount() syscall, but we do also need the same logic when attempting to
remount a mount as private.
* data/selinux: update policy to allow more mounts
When supporting appstream-metadata interface, snap-update-ns will mount
directories labeled as usr_t (eg. /usr/share/metainfo, /usr/share/appdata) and
fwdupd_cache_t (eg. /var/cache/app-info).
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/regression/lp-1855596: test parallel installs + $SNAP/... layouts too
Test that with parallel installs and layouts which trigger mounts on top of
$SNAP/... (which itself will be an overname mount in a parallel install snap)
still work and we can still refresh such mount setups.
This is successful because we always handle overname mounts first when creating
the mounts and any such mounts underneath the overname are then ordered
properly.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: remove duplicate tests
With commit df6bbd5c64d2820836e74039726a10dfe844cd91
(cmd/snap-update-ns/change.go: stop using experimental flag) a bunch of
tests which were nearly identical save for the fact that they were
exercising different implementations of the NeededChanges() function,
have become exact duplicates, since now there's only one implementation.
So, let's keep only one copy of them.
* cmd/snap-update-ns: add unit test for existing directories
Verify that the order of the changes matches the expectations when some
of the paths already exist.
* cmd/snap-update-ns: address review comments
* cmd/snap-update-ns: update doc-comments, eliminate code duplication
Thanks to Samuele for pointing out the inconsistency in the comment here.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: regression test for firefox crash
This ensures that files which are shared via mounts in the MountConnectedPlug
method in an interface like the desktop interface remain shared in the per-user
mount namespace when the content snap is refreshed (not the main snap itself
even). We don't expect this situation to happen much when refresh app awareness
is fully enabled by default, but it is still important to test that the
snap-update-ns isn't horribly breaking apps when refreshes happen to take place
when apps are still running (this could be the case for desktop systems which
have a running app for more than 14 days for example).
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix newline at EOF
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: fix firefox crash regression test
To actually reproduce the crash, we need to use layouts with sources from the
files that the content interface is sharing with the snap.
Additionally, create the fonts dir and restart snapd before installing the
snap, actually exit 1 if the process died and kill the parent process last with
the other child processes in the restore section, and fix the shellcheck issue.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: don't run on core
The rootfs is read-only and can't have the fonts directory created there.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix exiting in happy case
It works much better to have the loop just exit itself and then kill the
process too just in case.
Finally, limit to 10 minutes in case we do get something wrong so we don't
waste too much time waiting for processes to exit.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: improve process handling
The `-p` option to `ps` was missing, and we can just use `wait` for
checking process termination.
* tests: sort yaml keys according to predefined order
Co-authored-by: Alberto Mardegan <mardy@users.sourceforge.net>
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* interfaces/docker-support: make generic rules not conflict with snap-confine
The rules we inject into the profile to account for allowing devmode snaps to
execute other snaps are in conflict with these, meaning that the docker snap
(and the strictly confined microk8s snap) cannot be installed with devmode
confinement which sometimes needs to be done. So make these generic rules allow
anything except very specifically the transition rules which we inject that
have regular expression wildcards in them to get the policy to compile
properly.
Also adjust the spread test to ensure we are testing that the docker snap can
be installed with devmode, at least to the point where apparmor profiles are
compiled correctly.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/docker-support: re-word comments for clarity
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/docker-support: add additional missing exclusion rules
Thanks to Alex for spotting these being missing.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
We need to specify the PartitionName for ICE decryption since it is currently
based on partition name as well as the mapper device provided in Device.
Also allow mocking the actual call to runFDEDeviceUnlockCommand from other
packages without all the complexity of creating hook scripts and such, and add
some more debug logging.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
