* cmd/snap-update-ns/bootstrap.go: fix comment typos
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries
Sort new mount entries by their mimic creation directories, such that the mimic
directories that end up being created are done so in lexographical order.
Also update a single unit test where there were multiple mimic directories
being created because now all mount entries that create mimic directories are
performed first.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: stop using experimental flag
This experimental flag is not necessary anymore, and in fact is actively
harmful in that it is causing snaps to crash when they are running and an
update happens either to snapd or to their content snap dependencies and we end
up completely discarding the per-snap namespace, which leads to some
destructive effects inside the "sort of inheriting" per-user namespaces, that
then later do not get undone and thus recreated in the per-user namespace as
those namespaces aren't properly setup to inherit the constructive updates.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: remove old implementation
It's not used anymore, so we can just delete this code wholesale.
Also undo a typo fix, "s" is the British spelling so this can be left as-is.
Thanks to Alberto for spotting that this was leftover.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: unconditionally perform the "overname" mounts first
* cmd/snap-update-ns: ignore errors on unexisting mounts
When unmounting, we can get the EINVAL error if the given mount point
does not exist. Previously, this code was handling this fine for the
umount() syscall, but we do also need the same logic when attempting to
remount a mount as private.
* data/selinux: update policy to allow more mounts
When supporting appstream-metadata interface, snap-update-ns will mount
directories labeled as usr_t (eg. /usr/share/metainfo, /usr/share/appdata) and
fwdupd_cache_t (eg. /var/cache/app-info).
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/regression/lp-1855596: test parallel installs + $SNAP/... layouts too
Test that with parallel installs and layouts which trigger mounts on top of
$SNAP/... (which itself will be an overname mount in a parallel install snap)
still work and we can still refresh such mount setups.
This is successful because we always handle overname mounts first when creating
the mounts and any such mounts underneath the overname are then ordered
properly.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: remove duplicate tests
With commit df6bbd5c64d2820836e74039726a10dfe844cd91
(cmd/snap-update-ns/change.go: stop using experimental flag) a bunch of
tests which were nearly identical save for the fact that they were
exercising different implementations of the NeededChanges() function,
have become exact duplicates, since now there's only one implementation.
So, let's keep only one copy of them.
* cmd/snap-update-ns: add unit test for existing directories
Verify that the order of the changes matches the expectations when some
of the paths already exist.
* cmd/snap-update-ns: address review comments
* cmd/snap-update-ns: update doc-comments, eliminate code duplication
Thanks to Samuele for pointing out the inconsistency in the comment here.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: regression test for firefox crash
This ensures that files which are shared via mounts in the MountConnectedPlug
method in an interface like the desktop interface remain shared in the per-user
mount namespace when the content snap is refreshed (not the main snap itself
even). We don't expect this situation to happen much when refresh app awareness
is fully enabled by default, but it is still important to test that the
snap-update-ns isn't horribly breaking apps when refreshes happen to take place
when apps are still running (this could be the case for desktop systems which
have a running app for more than 14 days for example).
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix newline at EOF
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: fix firefox crash regression test
To actually reproduce the crash, we need to use layouts with sources from the
files that the content interface is sharing with the snap.
Additionally, create the fonts dir and restart snapd before installing the
snap, actually exit 1 if the process died and kill the parent process last with
the other child processes in the restore section, and fix the shellcheck issue.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: don't run on core
The rootfs is read-only and can't have the fonts directory created there.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix exiting in happy case
It works much better to have the loop just exit itself and then kill the
process too just in case.
Finally, limit to 10 minutes in case we do get something wrong so we don't
waste too much time waiting for processes to exit.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: improve process handling
The `-p` option to `ps` was missing, and we can just use `wait` for
checking process termination.
* tests: sort yaml keys according to predefined order
Co-authored-by: Alberto Mardegan <mardy@users.sourceforge.net>
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Tweak snapd.fish to be compatible with even older releases of fish, going back to 2.7, which was shipped with Ubuntu 18.04.
* data/env: make fish setup compatible with fish 2.7
Make the environment setup script compatible with fish 2.7 which was shipped
with Ubuntu 18.04.
Thanks to @faho for the review.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: verify env in fish shell
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: tweak comments
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* data/env: provide reasonable default if XDG_DATA_DIRS is unset in fish shell
Fixes: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1960702
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: verify that XDG_DATA_DIRS contains reasonable defaults
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
It is possible that system.d may be missing if no services were installed on the
system yet. In which case, snapd will create the directory and thus trigger the
denial.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
During boot, the initial transaction may contain both snapd.socket and
snapd.service at the same time. In such cases, snapd.service should be
started strictly after snapd.socket (After+Requires), instead of just
simultaniously with it (Requires alone).
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Tell fish to treat XDG_DATA_DIRS as a column separated list and not space separated (default).
Otherwise, get corrupted list with mixed separators:
XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop /var/lib/snapd/desktop /var/lib/snapd/desktop
When running in a Xen guest, systemd-detect-virt when invoked by snapd may
trigger the following denial:
type=PROCTITLE msg=audit(1640771959.147:236972): proctitle="systemd-detect-virt"
type=AVC msg=audit(1640771959.147:236972): avc: denied { search } for pid=21113
comm="systemd-detect-" name="xen" dev="proc"
ino=4026532003
scontext=system_u:system_r:snappy_t:s0
tcontext=system_u:object_r:proc_xen_t:s0
tclass=dir permissive=1
See https://forum.snapcraft.io/t/snapd-unavailable-red-hat-enterprise-linux/28004/15
for details.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Snapd needs to poke the org.freedesktop.timedate1 service to find out whether
NTP was synchronized. That DBus API is provide by systemd-timesyncd (most
systems) or timedatex (CentOS mostly). The SELinux policy does not currently
allow talking to either service, so upon startup snapd will enter a deadlock
after getting blocked in the timeutil.IsNTPSynchronized() waiting for dbus
messages, while this is called in a code path that acquired state.Lock(), thus
blocking all Ensure() calls and interaction through the snapd socket.
Extend the SELinux policy to allow dbus communication to either timedate1
provider service.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
