Use systemd-tmpfiles to create the private tmp mount namespace root
dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive
permissions. We can use this as a known location to then create per-snap
private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE)
etc.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
`snapd.mounts-pre.target` will be before any mount unit,
`snapd.mounts.target`. Now we can schedule before or after mounts
without needing to modify the mount units.
We also install those mounts to `snapd.mounts.target` so that we can
make snapd.service for example, "want" all mounts.
The implementation of these services is not yet ready, but in order to
be able to deliver it in a snap package, we need to have at least the
service files installed on the system by the distribution package.
These stubs just reexecute the binaries from the snap.
* tests: add spread test for reexec of prompt services
* packaging: update distros for prompt services
Ship them in Debian and Ubuntu, remove them elsewhere.
* cmd: update error message with unimplemented prompt services
* tests: do not disable prompt-reexec tests in UC
* many: disable prompting for 14.04
The kernel changes will most likely not land there.
* many: install prompt services for Ubuntu Core
* tests: exclude UC16 from reexec-prompt test
The services are installed, but disabled; enabling them is not trivial
and not worth the effort, since prompting will most likely not be
backported there.
* wrappers/core18: don't fail if the prompt service is missing in snapd
This fixes a spread failure in the tests/core/snapd-refresh-vs-services
test, where we install an old version of snapd (2.49) which does not
have the Prompt service.
* tests: fix typo in comment
Thanks @pedronis.
* cmd: add license header
Thanks @Meulengracht
Commit 5545f79af9 introduced a check for
WSL that causes our spread tests (in particular, selinux-clean) to fail
on Fedora and CentOS.
Add the rules from `audit2allow -a` to the SELinux rules, to suppress
those warnings.
This fixes an error occurring in our spread tests on Centos:
2022-08-17T12:52:45.7861235Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { open } for pid=71804 comm=snap path=/etc/pki/tls/openssl.cnf dev="sda2" ino=33578739 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=1
2022-08-17T12:52:45.7898682Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { read } for pid=71804 comm=snap name=openssl.cnf dev="sda2" ino=33578739 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=1
2022-08-17T12:52:45.7899442Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { search } for pid=71804 comm=snap name=pki dev="sda2" ino=50341665 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=1
Note that with this change we are not removing the call to
miscfiles_read_all_certs(snappy_t)
because it was actually present twice in this file.
When collecting preseeded data, include also snapd/mounts.
This directory contains layout info and is essential to have
a correct layout functionality on preseeded system.
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* Initial changes to support centos-9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 3b56339b88..9b7b4e9bf1
9b7b4e9bf1 Merge pull request #28 from snapcore/add-centos-9-support
7fe2087423 Add support for centos-9
64a830b933 Merge pull request #27 from snapcore/improve-log-analyzer
7fe27d4aea Improve log analyzer utility
207536268e Merge pull request #19 from snapcore/new-spread-manager
2f2ff2e282 Update spread manager to support csv
33a44ca3be Merge branch 'main' into new-spread-manager
b4654950d4 Merge pull request #26 from snapcore/support-csv-for-expressions
3250bbd885 Support expressions with comma separation
2540135b90 Merge pull request #25 from snapcore/add-indent-to-log-parser
2536b0f070 Minor improvements in log-parser and log-analyzer based con review comments
84dc8092b1 Merge pull request #24 from snapcore/improve-log-parser
515770b3bf Add support for fedora-35
875c29b5ce Updated results with latest log-parser changes
d27f2bcdb7 Fix log-parser
b2cce1fcce fix wording
14d15e4fe4 Fixes for log-parser and changes for log analyzer
438d92d241 Log analyzer updated to support reexecute in all the scenarios
1c9dff58ff Merge pull request #23 from snapcore/improve-log-parser
cc7ee488d1 Fix shellcheck
324b99e719 revert change in log-analyzer test
f746f40ebe Fix shellcheck
2d7dbbe1bd Fix spelling
728dd64c2c Last set of changes for log analizer tools
bf389dcd01 New fixes for log parses
6b2b56afc3 Fix another shellcheck
56163e170b Fix shellcheck
d96ab8094f Merge branch 'main' into new-spread-manager
60fb99f02f new dir task5
259a7e188c Fix spread test
e674234454 New spread-manager tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 9b7b4e9bf102d9520be02959b184ee09d4021ec7
* Adding centos-9 to workflow
* Skip centos-9 on some tests
* data/selinux: update the policy to allow snap to access openssl certificates
As observed in the spread tests:
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { open } for
pid=47406 comm=snap path=/etc/pki/tls/openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { read } for
pid=47406 comm=snap name=openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { search } for
pid=47406 comm=snap name=pki dev="sda2" ino=50341780
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=dir permissive=1
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* Work around the snap version unknown issue
* Revert chnage to force mkversion for centos-9
* Change spec used to build centos
In centos 9 if we use the spec "$packaging_path/snapd.spec" them
rpmbuild takes the packages from $packaging_path
* sources are also built from rpm_dir
* Updaing spec to support rhel 9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 9b7b4e9bf1..54909c304d
54909c304d Merge pull request #29 from snapcore/udpate-os-query-new-systems
cc1729c2f4 preserve size for amazon-linux
bb3d8db60e preserve size for centos
d1089d5ce3 Fixing the tests
47793a6465 Fix auto-merge problem
f50be4ac5e Merge branch 'main' into udpate-os-query-new-systems
1a40a224c9 os.query tool cli simplified
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 54909c304ddbe284ee49142d3247aeb7876d1feb
* Update os.query uses following changes in the cli
* Skip test on centos-9
* fix os.query usage
* Skip rhbz-1708991 on centos-9
* Fix os.query error in tests
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* Handle var/lib/extrausers when preseeding uc20.
Fixes LP: #1978850
* Also test that extrausers are included in the preseed.tgz.
* Fix unit tests.
* Tweak formatting.
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
* Use PROJECT_PATH var instead of hardcoded path.
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
Snapd installs bash completion files from snaps in
`/usr/share/bash-completion/completions` which in some distributions
is a read-only filesystem.
Instead of installing them in `/usr` we can install them within
`/var/lib/snapd` which should always be writable.
Because `/var/lib/snapd/desktop` is already in `XDG_DATA_DIRS`, we can
save the files there.
Because bash-completion 2.1 and prior do not support `XDG_DATA_DIRS`,
on older distributions, the legacy path
`/usr/share/bash-completion/completions` will still be used.
* cmd/snap-update-ns/bootstrap.go: fix comment typos
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries
Sort new mount entries by their mimic creation directories, such that the mimic
directories that end up being created are done so in lexographical order.
Also update a single unit test where there were multiple mimic directories
being created because now all mount entries that create mimic directories are
performed first.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: stop using experimental flag
This experimental flag is not necessary anymore, and in fact is actively
harmful in that it is causing snaps to crash when they are running and an
update happens either to snapd or to their content snap dependencies and we end
up completely discarding the per-snap namespace, which leads to some
destructive effects inside the "sort of inheriting" per-user namespaces, that
then later do not get undone and thus recreated in the per-user namespace as
those namespaces aren't properly setup to inherit the constructive updates.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: remove old implementation
It's not used anymore, so we can just delete this code wholesale.
Also undo a typo fix, "s" is the British spelling so this can be left as-is.
Thanks to Alberto for spotting that this was leftover.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: unconditionally perform the "overname" mounts first
* cmd/snap-update-ns: ignore errors on unexisting mounts
When unmounting, we can get the EINVAL error if the given mount point
does not exist. Previously, this code was handling this fine for the
umount() syscall, but we do also need the same logic when attempting to
remount a mount as private.
* data/selinux: update policy to allow more mounts
When supporting appstream-metadata interface, snap-update-ns will mount
directories labeled as usr_t (eg. /usr/share/metainfo, /usr/share/appdata) and
fwdupd_cache_t (eg. /var/cache/app-info).
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/regression/lp-1855596: test parallel installs + $SNAP/... layouts too
Test that with parallel installs and layouts which trigger mounts on top of
$SNAP/... (which itself will be an overname mount in a parallel install snap)
still work and we can still refresh such mount setups.
This is successful because we always handle overname mounts first when creating
the mounts and any such mounts underneath the overname are then ordered
properly.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: remove duplicate tests
With commit df6bbd5c64d2820836e74039726a10dfe844cd91
(cmd/snap-update-ns/change.go: stop using experimental flag) a bunch of
tests which were nearly identical save for the fact that they were
exercising different implementations of the NeededChanges() function,
have become exact duplicates, since now there's only one implementation.
So, let's keep only one copy of them.
* cmd/snap-update-ns: add unit test for existing directories
Verify that the order of the changes matches the expectations when some
of the paths already exist.
* cmd/snap-update-ns: address review comments
* cmd/snap-update-ns: update doc-comments, eliminate code duplication
Thanks to Samuele for pointing out the inconsistency in the comment here.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: regression test for firefox crash
This ensures that files which are shared via mounts in the MountConnectedPlug
method in an interface like the desktop interface remain shared in the per-user
mount namespace when the content snap is refreshed (not the main snap itself
even). We don't expect this situation to happen much when refresh app awareness
is fully enabled by default, but it is still important to test that the
snap-update-ns isn't horribly breaking apps when refreshes happen to take place
when apps are still running (this could be the case for desktop systems which
have a running app for more than 14 days for example).
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix newline at EOF
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: fix firefox crash regression test
To actually reproduce the crash, we need to use layouts with sources from the
files that the content interface is sharing with the snap.
Additionally, create the fonts dir and restart snapd before installing the
snap, actually exit 1 if the process died and kill the parent process last with
the other child processes in the restore section, and fix the shellcheck issue.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: don't run on core
The rootfs is read-only and can't have the fonts directory created there.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix exiting in happy case
It works much better to have the loop just exit itself and then kill the
process too just in case.
Finally, limit to 10 minutes in case we do get something wrong so we don't
waste too much time waiting for processes to exit.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: improve process handling
The `-p` option to `ps` was missing, and we can just use `wait` for
checking process termination.
* tests: sort yaml keys according to predefined order
Co-authored-by: Alberto Mardegan <mardy@users.sourceforge.net>
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
