* data: fix snapd.aa-prompt-ui.service to actually get started
The current snapd.aa-prompt-ui.service user service is dbus activated.
However this does not work with the latest prompt design.
* packaing: add snapd.aa-prompt-ui.service to auto-start
This is required by upower-observe interface.
Some tests are failing in centos and fedora after the
upowerObserveInterface was update in this way.
func (iface *upowerObserveInterface) StaticInfo() interfaces.StaticInfo
{
...
ImplicitOnCore:
osutil.IsExecutable("/usr/libexec/upowerd"),
...
}
This is to avoid this denial:
type=SYSCALL msg=audit(1679948376.046:1319): arch=c000003e syscall=262
success=yes exit=0 a0=ffffffffffffff9c a1=c0001e47b0 a2=c0001246b8 a3=0
items=0 ppid=1 pid=40320 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd"
exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0
key=(null)
type=AVC msg=audit(1679948376.046:1319): avc: denied { getattr } for
pid=40320 comm="snapd" path="/usr/libexec/upowerd" dev="sda2"
ino=2180887 scontext=system_u:system_r:snappy_t:s0
tcontext=system_u:object_r:devicekit_power_exec_t:s0 tclass=file
permissive=1
This commit ensures that the snapcraft icon is shown in the lock screen notifications. Unfortunately, to make it work it requires to be modified in the .deb package; it seems that there is no way of doing this in the snap package because the required change must be set in the "first" .desktop file, and /usr/share(/applications) is before than /var/lib/snapd/desktop(/applications) in the XDG_DATA_DIRS order.
Jira: DT-862
Use systemd-tmpfiles to create the private tmp mount namespace root
dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive
permissions. We can use this as a known location to then create per-snap
private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE)
etc.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
`snapd.mounts-pre.target` will be before any mount unit,
`snapd.mounts.target`. Now we can schedule before or after mounts
without needing to modify the mount units.
We also install those mounts to `snapd.mounts.target` so that we can
make snapd.service for example, "want" all mounts.
The implementation of these services is not yet ready, but in order to
be able to deliver it in a snap package, we need to have at least the
service files installed on the system by the distribution package.
These stubs just reexecute the binaries from the snap.
* tests: add spread test for reexec of prompt services
* packaging: update distros for prompt services
Ship them in Debian and Ubuntu, remove them elsewhere.
* cmd: update error message with unimplemented prompt services
* tests: do not disable prompt-reexec tests in UC
* many: disable prompting for 14.04
The kernel changes will most likely not land there.
* many: install prompt services for Ubuntu Core
* tests: exclude UC16 from reexec-prompt test
The services are installed, but disabled; enabling them is not trivial
and not worth the effort, since prompting will most likely not be
backported there.
* wrappers/core18: don't fail if the prompt service is missing in snapd
This fixes a spread failure in the tests/core/snapd-refresh-vs-services
test, where we install an old version of snapd (2.49) which does not
have the Prompt service.
* tests: fix typo in comment
Thanks @pedronis.
* cmd: add license header
Thanks @Meulengracht
Commit 5545f79af9 introduced a check for
WSL that causes our spread tests (in particular, selinux-clean) to fail
on Fedora and CentOS.
Add the rules from `audit2allow -a` to the SELinux rules, to suppress
those warnings.
This fixes an error occurring in our spread tests on Centos:
2022-08-17T12:52:45.7861235Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { open } for pid=71804 comm=snap path=/etc/pki/tls/openssl.cnf dev="sda2" ino=33578739 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=1
2022-08-17T12:52:45.7898682Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { read } for pid=71804 comm=snap name=openssl.cnf dev="sda2" ino=33578739 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file permissive=1
2022-08-17T12:52:45.7899442Z type=AVC msg=audit(08/17/22 12:52:06.099:6583) : avc: denied { search } for pid=71804 comm=snap name=pki dev="sda2" ino=50341665 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=1
Note that with this change we are not removing the call to
miscfiles_read_all_certs(snappy_t)
because it was actually present twice in this file.
When collecting preseeded data, include also snapd/mounts.
This directory contains layout info and is essential to have
a correct layout functionality on preseeded system.
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* Initial changes to support centos-9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 3b56339b88..9b7b4e9bf1
9b7b4e9bf1 Merge pull request #28 from snapcore/add-centos-9-support
7fe2087423 Add support for centos-9
64a830b933 Merge pull request #27 from snapcore/improve-log-analyzer
7fe27d4aea Improve log analyzer utility
207536268e Merge pull request #19 from snapcore/new-spread-manager
2f2ff2e282 Update spread manager to support csv
33a44ca3be Merge branch 'main' into new-spread-manager
b4654950d4 Merge pull request #26 from snapcore/support-csv-for-expressions
3250bbd885 Support expressions with comma separation
2540135b90 Merge pull request #25 from snapcore/add-indent-to-log-parser
2536b0f070 Minor improvements in log-parser and log-analyzer based con review comments
84dc8092b1 Merge pull request #24 from snapcore/improve-log-parser
515770b3bf Add support for fedora-35
875c29b5ce Updated results with latest log-parser changes
d27f2bcdb7 Fix log-parser
b2cce1fcce fix wording
14d15e4fe4 Fixes for log-parser and changes for log analyzer
438d92d241 Log analyzer updated to support reexecute in all the scenarios
1c9dff58ff Merge pull request #23 from snapcore/improve-log-parser
cc7ee488d1 Fix shellcheck
324b99e719 revert change in log-analyzer test
f746f40ebe Fix shellcheck
2d7dbbe1bd Fix spelling
728dd64c2c Last set of changes for log analizer tools
bf389dcd01 New fixes for log parses
6b2b56afc3 Fix another shellcheck
56163e170b Fix shellcheck
d96ab8094f Merge branch 'main' into new-spread-manager
60fb99f02f new dir task5
259a7e188c Fix spread test
e674234454 New spread-manager tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 9b7b4e9bf102d9520be02959b184ee09d4021ec7
* Adding centos-9 to workflow
* Skip centos-9 on some tests
* data/selinux: update the policy to allow snap to access openssl certificates
As observed in the spread tests:
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { open } for
pid=47406 comm=snap path=/etc/pki/tls/openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { read } for
pid=47406 comm=snap name=openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { search } for
pid=47406 comm=snap name=pki dev="sda2" ino=50341780
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=dir permissive=1
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* Work around the snap version unknown issue
* Revert chnage to force mkversion for centos-9
* Change spec used to build centos
In centos 9 if we use the spec "$packaging_path/snapd.spec" them
rpmbuild takes the packages from $packaging_path
* sources are also built from rpm_dir
* Updaing spec to support rhel 9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 9b7b4e9bf1..54909c304d
54909c304d Merge pull request #29 from snapcore/udpate-os-query-new-systems
cc1729c2f4 preserve size for amazon-linux
bb3d8db60e preserve size for centos
d1089d5ce3 Fixing the tests
47793a6465 Fix auto-merge problem
f50be4ac5e Merge branch 'main' into udpate-os-query-new-systems
1a40a224c9 os.query tool cli simplified
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 54909c304ddbe284ee49142d3247aeb7876d1feb
* Update os.query uses following changes in the cli
* Skip test on centos-9
* fix os.query usage
* Skip rhbz-1708991 on centos-9
* Fix os.query error in tests
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
