mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
fb502af681
* interfaces/microstack-support: set controlsDeviceCgroup to true This will prevent us from generating any udev rules which in turn should entirely disable the enforcement of the device cgroup for processes in the snap. This is justified by the snap already managing cgroups of its containers and VM's with the Delegate=true setting in serviceSnippets. See also LP bug: https://bugs.launchpad.net/snapd/+bug/1892895 which is partially addressed by this commit, specifically for the microstack snap which uses the microstack-support interface. Signed-off-by: Ian Johnson <ian.johnson@canonical.com> * tests: add spread test for microstack cgroup delegation * tests/main/interfaces-microstack-support: use snap restart This fixes the test by making it fail on master without the change to use controlsDeviceCgroup, but passes in the branch enabling that for the interface. Signed-off-by: Ian Johnson <ian.johnson@canonical.com> * tests: fix microstack-support test for cgroup v2 * i/b/microstack_support: add comment about delegation * tests/microstack: make the service more verbose Making the service more verbose might help debugging; these lines will end up in journald. * interfaces/udev/spec.go: leave TODO about cgroup interaction w/ Delegate=true Signed-off-by: Ian Johnson <ian.johnson@canonical.com> Co-authored-by: Alberto Mardegan <alberto.mardegan@canonical.com>
31 lines
1012 B
YAML
31 lines
1012 B
YAML
summary: Ensure that the microstack-support device delegation works.
|
|
|
|
details: |
|
|
The microstack-support interface delegates device cgroup handling to the
|
|
snap.
|
|
|
|
environment:
|
|
SNAP_NAME: test-snapd-sh
|
|
|
|
prepare: |
|
|
"$TESTSTOOLS"/snaps-state install-local test-snapd-sh
|
|
|
|
execute: |
|
|
echo "When the interface is connected"
|
|
snap connect "$SNAP_NAME":microstack-support
|
|
|
|
snap restart "$SNAP_NAME"
|
|
|
|
retry -n 50 --wait 0.1 sh -c "test -f /var/snap/$SNAP_NAME/common/proc_self_cgroup"
|
|
CGROUP=$(grep ':devices:' "/var/snap/$SNAP_NAME/common/proc_self_cgroup" | cut -d':' -f3)
|
|
if [ -n "$CGROUP" ]; then
|
|
# cgroup v1
|
|
echo "Service cgroup v1 is $CGROUP"
|
|
MATCH 'a \*:\* rwm' < "/sys/fs/cgroup/devices/$CGROUP/devices.list"
|
|
else
|
|
# cgroup v2
|
|
CGROUP=$(grep '^0:' "/var/snap/$SNAP_NAME/common/proc_self_cgroup" | cut -d':' -f3)
|
|
echo "Service cgroup v2 is $CGROUP"
|
|
NOMATCH 'device' < "/sys/fs/cgroup/$CGROUP/cgroup.controllers"
|
|
fi
|