Snapd from the snap generate udev rules that executes snap-device-helper
from the host. In cases when the snap is newer than the package, the
new command line is rejected by the old snap-device-helper from the
package. Because the new snap-device-helper accepts old command-line,
but just ignores the extra parameters, it is safer for now to generate
rules with the old command line.
The test uses host parser unconditionally, which may not understand
future syntax that is present in cases when apparmor is carried
by snapd snap package.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* o/snapstate: store unlinked component information in change
As we will need this information in the component discard task.
* o/snapstate: discard previous component on a component refresh
Only one can be installed in the system at the same time.
* tests/component: check removal of older component after refresh
* o/snapstate: add function to retrieve component setup
Add function to find ComponentSetup for a task that is part of the
tasks created to do a component operation.
* o/snapstate: store unlinked component in ComponentSetup
* o/snapstate/backend: remove component related directories if empty
* o/snapstate: use SnapSetup to store the previous kernel revision
instead of having an object directly in the change.
* o/snapstate: store unlinked component in setup task
* o/snapstate: set previous kernel in setup task
instead of making it part of SnapSetup.
* o/snapstate: some additional tests
* tests: fix fake-netplan-apply test
The test was meant to fail in a clear way on unsupported releases but due to an
unintentional refactor, it was just running on the wrong base.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* tests: fake-netplan-apply equate jammy and mantic
Co-authored-by: Zeyad Yasser <zeyady98@gmail.com>
* tests: install core24 from edge for fake-netplan-apply
The netplan-snap is removed so that we can remove the base later.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
---------
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Co-authored-by: Zeyad Yasser <zeyady98@gmail.com>
* cmd/snap: record snap-run-inhibit notice
Record a snap-run-inhibit notice when snap run is inhibited due refresh.
* cmd/snap: remove old desktop notifications (thanks @pedronis @zyga)
* cmd/snap: always send notices when snap run is inhibited
+ fallback to text if no snap has the marker snap-refresh-observe
interface connected and a terminal is detected.
* cmd/snap: send text fallback notification to stderr (thanks @bboozzoo)
* cmd/snap: initialize inhibition flow only when it is needed
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* tests/main: add test for snap run inhibition flows
* test/main/snap-run-inhibition-flow: remove text fallback check
Text fallback is inconsistent across systems due to the terminal
checks in snapd. It is hard to mock a real terminal in all systems
while redirecting output to a file for testing.
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
---------
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* daemon,cmd/snap: support for user services in snap services
* NEWS: update news to reflect this functionality
* cmd/snap: add missing unit tests
* many: use interface instead for StatusDecorator to allow for unit testing
* daemon: fix a static check for a range loop where a variable could be omitted
* daemon,cmd/snap: support user-service status of the root user with a --user switch
* t/main/services-user: add a case for root user
* t/main/services-user: fix wrong filename
* cmd/snap: fix TestAppStatus unit test failing
* cmd/snap: extend help for "snap services" to describe the new --global and --user switches
remove errors on redundant switches, remove unneeded argument, move validation of arguments closer to entry of Execute
* cmd/snap: refer directly to fields in the help docs
* interfaces/builtin/system_observe: allow listing systemd units and their properties
Allow listing systemd units and querying their properties. This enables service
plugging system-observe to obtain more information about the state of the
system. Specifically, this enables Prometheus' systemd_exporter to work.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* tests/main/interfaces-system-observe: verify dbus permissions
Update the test to exercise dbus permissions to call system and get properties
of the manager and its units.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* NEWS: add a note about changes to system-observe interface
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
---------
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* snap-{seccomp,confine}: rework seccomp denylist
When a denylist was introduced in PR#12849 we reached the limits
of the API of libseccomp and some things are now hard to reason
about [1]. This is mostly because what we try to do does not
match the libseccomp API very well and a slightly different
approach is probably more aligned with it's design (see also
this libseccomp issue [2] that is related to our issue).
So this commit changes the approach and instead of trying to use
a single filter the work is split into two filters:
1. explicit allow list
2. explicit deny list
and then load both filters into the kernel. The way the kernel
works is that it selects the most restrictive action.
So in the case of PR#12849:
```
~ioctl - TIOCSTI
~ioctl - TIOCLINUX
ioctl
```
For `ioctl(TIOCLINUX)` the first allow filter would pass `ioctl`
but the second deny filter would correctly deny the TIOCLINUX.
The file format of the `snap.snap.app.bin` changes to `.bin2`
and includes a proper header that would allow us to extend more
easily in the future.
The exiting tests for negative filtering got also updated so that
the deny/allow is tested via different errno numbers to ensure that
the expected filter denies the access.
The `snap-seccomp` spread test now also runs on all ubuntu releases.
This work will also allow us to remove the `global.bin` seccomp
filter in a followup PR.
[1] https://github.com/snapcore/snapd/pull/12849#discussion_r1206855700
[2] https://github.com/seccomp/libseccomp/issues/44
* snap-confine: tweak sc_seccomp_file_header struct (thanks Philip!)
* snap-confine: tweak struct init workaround in sc_apply_seccomp_profile_for_security_tag (thanks Philip)
* snap-seccomp: remove outdated comment about big endian
* snap-confine: rename sc_must_read_header_from_file->sc_must_read_and_validate_header_from_file
* snap-seccomp: rework exportBPF() to not require a temp file
Thanks to Valentin for the suggestion. Also reverts the change to
the `install-store-laaaarge` tests because there is no need for
space in /tmp anymore.
* tests: improve messae in security-seccomp deny test
* snap-confine: rename "struct stat buf" -> "struct stat stat_buf"
* snap-confine: check that filer size if multiple of sock_filter
Thanks to Valentin for the suggestion. Also adds a bunch of
C unit tests to check that the code works correctly. Sadly
C makes it hard to write this in a concise way so there is
a bit of repetition.
* snap-confine: extract must_read_and_validate_header_from_file_dies_with() helper
* snap-confine: workaround bug in gcc from 14.04
The gcc (4.8.4) in 14.04 will not compile the following code:
```
struct sc_seccomp_file_header hdr = {0};
```
and will error with:
```
snap-confine/seccomp-support.c: In function ‘sc_apply_seccomp_profile_for_security_tag’:
snap-confine/seccomp-support.c:246:9: error: missing braces around initializer [-Werror=missing-braces]
struct sc_seccomp_file_header hdr = {0};
^
snap-confine/seccomp-support.c:246:9: error: (near initialization for ‘hdr.header’) [-Werror=missing-braces]
```
to workaround this a pragma is added.
* snap-confine: check filters are not empty and keep read access to global.bin file
* tests: add details field to security-profiles and snap-seccomp spread tests
* snap-confine: move empty filter validation to sc_must_read_filter_from_file to avoid conflicts with classic snaps
* snap-{seccomp,confine}: add tests for missing seccomp profile and explicit deny has precedence to to explicit allow
* snap-confine: run make fmt
* cmd/snap-confine: make fmt again with indent 2.2.13+
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* snap-confine: Several code improvements
* snap-confine: Fix format
* snap-confine: Test fix and update deprecated SEEK_CUR
* snap-confine: Fix test
* snap-confine: Use inclusive language where possible
* snap-confine: Make woke happy until we can remove cmd/snap-seccomp-blacklist
---------
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
Co-authored-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* tests: move ubuntu core os.query logic to prepare.sh
As in snapd to prepare ubuntu core first it is booted a classic image.
The logic needed to manage that fact has been moved from os.query to
prepare.sh
This change is needed because os.query is a generic tool that is used in
other projects and shouln't have logic specific to snapd project.
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 1c8efb77e1..226114641f
226114641f os.query won't check SPREAD_SYSTEM anymore to compare core systems
b89ec98b23 use local variables in os.query tool
dacfd81de9 fix is_core functions
1db5214d5f Improve the remote docs (#36)
2e4a3153a2 1 more comment
3a0fc57e1e add explanation about why we check for ( Do | Doing )
4cf8e635bf fix os.query test after merge
b89b4f8647 fix artifacts name
d30cee6da0 Merge remote-tracking branch 'upstream/main'
5ef5dcbe8f Tests use artifacts in spread tests (#51)
555c43d2ab Support auto-refresh with Do instead of Doing
96c2b0c19c remove tests support for ubuntu 23.04 (EoL)
74082c0c34 Tests improve remote wait (#49)
5121bfb659 remove support for opensuse leap 15.4 (#48)
30df700d08 Add new systems support (#47)
1f08938925 Support check amazon linux version (#46)
43533bdd97 Change the exit value checking for test formats (#45)
3c88244c04 Update check-test-format to support a dir and a list of files (#44)
510d95f429 add extra check for error in auto-refresh detection function
3289d4031b Try open the log with latin-1 encoding when utf-8 is not working
9db785499f improved how the tools are waiting for system reboot
2a5c4414a3 fix shellcheck errors
5e7b63883d Fixes for osquery and tests pkgs (#43)
4c9145e2ac support reboot waiting for auto-refresh
45768f5188 show changes in unknown status after refresh
8013c30c2a Remove support for ubuntu 22.10
b32b80bf54 Fix remote.rait-for test in bionic
5675c625e9 Enable fedora 38
55f4471957 Support for new oss
f2e88b357c New tool used to query spread json reports
cacd35ede0 utils/spread-shellcheck: explain disabled warnings (#42)
c82afb2dee Support --no-install-recommends parameter when installing dependencies with tests.pkgs
b84eea92e2 spread-shellcheck: fix quotes in environment variables (#41)
ab1e51c29f New comparison in os-query for core systems (#40)
e5ae22a5d4 systemd units can be overwritten
63540b845a Fix error messages in remote pull and push
75e8a426a5 make sure the unit is removed in tests.systemd test
9089ff5c02 Update tests to use the new tests.systemd stop-unit
44ecd5e56a Move tests.systemd stop-units to stop-unit
01a2a83b4b Update tests.systemd to have stop units as systemd.sh
162e93bd35 update tests.systemd CLI options to be the same than retry command
14aa43a405 new feature to re-run failed spread tests (#39)
604cb782db Fix shellcheck in systemd tool
bfc71082c8 Update the tests.systemd to allow parameters waiting for service status
8a2d0a99df Adding quiet tool and removing set +-x from tests.pkgs
d90935d2a4 A comment explaining about the default values for wait-for
3232c5dba7 Add support for ubuntu 23.04
a7164fba07 remove fedora 35 support, add fedora 37 support
89b9eb5301 Update systems supported
92bb6a0664 Include snap-sufix in the snaps.name tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 226114641f71b2264ff2cfc857855a6b089cded7
* fix shellcheck
* add details to listing test
* Update tests/lib/prepare.sh
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 226114641f..e8929207ff
e8929207ff fix os-query for ubuntu comparing with core
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: e8929207ffe6f48915e48199726b5d163e73baba
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from e8929207ff..501578c719
501578c719 add more checks in os.query to check is-core_xx
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 501578c719d6677241dda845c3082182a8c2dc76
* update os.query
---------
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
When a gadget is installed, we compare the previous gadget to detect
removed files and remove them. Preserved files that are removed from
content list are kept.
This is important to be able to remove old boot firmware since some,
like shim, change behavior depending of files that are present.
This does not support directories. If the gadget install directories
with content, the files in the directories will not be removed.
* tests/main/high-user-handling: force kill test user's session
Apparently some test user processes may still be running when we try to remove
it.
2024-04-09 12:47:47 Restoring google-central:fedora-38-64:tests/main/high-user-handling (apr091230-325924)...
Error: 2024-04-09 12:47:47 Error restoring google-central:fedora-38-64:tests/main/high-user-handling (apr091230-325924) :
-----
+ tests.session -u hightest restore
umount: /run/user/4294967294/gvfs: no mount point specified.
umount: /run/user/4294967294/doc: no mount point specified.
+ userdel -r hightest
userdel: user hightest is currently used by process 39295
-----
.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* tests/main/high-user-handling: fix description and summary
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
---------
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* snap: return NotFoundError when current symlink is missing in ReadCurrentInfo
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* cmd/snap: use updated "current" revision after snap refresh run inhibition
* cmd/snap: retry snap-run when race condition is detected
* cmd/snap: remove commented out test (thanks @olivercalder)
* cmd/snap: add doc comments for {w,maybeW}aitWhileInhibited (thanks @olivercalder)
* cmd/snap: add better comments and debug logs (thanks @bboozzoo)
* cmd/snap: explain why we cannot rely on O_CLOEXEC (thanks @zyga)
* cmd/snap: simplify snap refresh conflict detection
Only check that if we start without a hint lock file and after creating
the tracking cgroup it exists then it means that a refresh was started
for the snap.
* cmd/snap: retry on failure due to missing current symlink (thanks @pedronis)
We could have started without a hint lock file and then we have
an ongoing refresh which removed current symlink.
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* tests/main/snap-run-symlink-error: fix error matching
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
---------
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* tests: first set of test fixes for uc24
* add details and 2 more fixes
* fix 2 more tests
* gix user-state test
* fix lp-1813365
* Add missing details
* fix listing test
this changes needs to be done like this until the os.query is-core-* is
fixed
* fix shellcheck
* fix merge saving jobs
* interfaces/udev: add non-strict flag to snap cgroup device file
Add a non-strict=true flag to the snap's cgroup device file, to inform
snap-confine that the snap was indeed installed in a non-strict confinement mode
(eg. devmode, or classic). This supplements an earlier mechanism in which snapd
would not generate any rules tagging devices for a specific snap and can be used
as an explicit indicator to avoid mandatory device cgroup even when using bare
or core24 and later bases (as well as custom base snaps).
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* cmd/snap-confine: account for non-strict confinement when setting up device cgroup
Snaps may be installed in a non-strict confinement mode. In which case, expect
an explicit non-strict=true in the per snap /var/lib/snapd/cgroup/snap.*.file.
This replaces an earlier mechanism of implicit non-strict confinement when no
devices are assigned to the snap.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* tests/main/security-device-cgroups-required-or-optional: update to check non-strict confinement
Update the test to check that --devmode results in a non-strict confinement
device cgroup setup.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
---------
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* fix run-tests test to allow to run multiple tests on custom variant
Ths is needed to re-exec failed tests on beta validation
* add acho to show tests to be executed
* fix shellcheck disable=SC2086
* add stderr to spread.log
* tests:new perf test to install many snaps with --no-wait and check changes
Install different snaps many times based on arch availability. In this
scenario all the snaps are installed in parallel and the test checks
the system can handel all the installs and remains active.
* performance tests reorganization
To avoid executing perf tests when the nested tests are executed, the
tests have been moved under tests/perf
tests/perf/main -> suite with the tests executed in the target device
tests/perf/nested -> suite with the tests executed in a nested
environment
* Update tests/perf/nested/install-many-snaps-no-wait/task.yaml
Co-authored-by: Miguel Pires <miguelpires94@gmail.com>
* Update tests/perf/nested/install-many-snaps-no-wait/task.yaml
Co-authored-by: Miguel Pires <miguelpires94@gmail.com>
* Update tests/perf/main/install-many-snaps-no-wait/task.yaml
Co-authored-by: Miguel Pires <miguelpires94@gmail.com>
* improve logs check and fixes based on review comments
* addressing review comments
---------
Co-authored-by: Miguel Pires <miguelpires94@gmail.com>
The reset code runs purge, but give how purge works, it may happen that there
are unexpected snap units. Specifically, lxd tends to start
snap.lxd.workaround.service unit directly through systemd-run, which is not
known to snapd and thus will not be stopped during purge.
This should fix the following issue in tests/main/postrm-purge:
```
+ systemctl --plain --no-legend --full
+ grep -E 'snap\..*\.(service|timer|socket)'
snap.lxd.workaround.service loaded active exited /bin/true
+ echo 'found unexpected leftovers'
found unexpected leftovers
+ exit 1
```
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
