mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
122 lines
4.3 KiB
YAML
122 lines
4.3 KiB
YAML
summary: Ensure that the kernel-module-control interface works.
|
|
|
|
details: |
|
|
The kernel-module-control interface allows insertion, removal and querying
|
|
of modules.
|
|
|
|
A snap which defines a kernel-module-control plug must be shown in the
|
|
interfaces list. The plug must not be autoconnected on install and, as
|
|
usual, must be able to be reconnected.
|
|
|
|
A snap declaring a plug on this interface must be able to list the modules
|
|
loaded, insert and remove a module. For the test we use the $MODULE module.
|
|
|
|
# the s390x kernel has no minix module
|
|
systems: [-fedora-*, -opensuse-*, -ubuntu-*-s390x, -arch-*, -amazon-*, -centos-*]
|
|
|
|
environment:
|
|
MODULE: minix
|
|
MODULE_PATH: /lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko
|
|
|
|
prepare: |
|
|
echo "Given a snap declaring a plug on the kernel-module-control interface is installed"
|
|
snap install --edge test-snapd-kernel-module-consumer
|
|
#shellcheck source=tests/lib/snaps.sh
|
|
. "$TESTSLIB"/snaps.sh
|
|
install_generic_consumer kernel-module-control
|
|
|
|
restore: |
|
|
if lsmod | MATCH "$MODULE" && [ ! -f module_present ]; then
|
|
rmmod "$MODULE"
|
|
elif [ -f module_present ] && ! lsmod | MATCH "$MODULE" ; then
|
|
insmod "$MODULE_PATH"
|
|
fi
|
|
|
|
debug: |
|
|
lsmod
|
|
ls -R /lib/modules/"$(uname -r)"/kernel/fs
|
|
|
|
execute: |
|
|
if ! [ -f "/lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko" ]; then
|
|
echo "$MODULE module not available in the system"
|
|
exit 0
|
|
fi
|
|
|
|
echo "The plug is disconnected by default"
|
|
snap interfaces -i kernel-module-control | MATCH '^- +test-snapd-kernel-module-consumer:kernel-module-control'
|
|
|
|
echo "When the plug is connected"
|
|
snap connect test-snapd-kernel-module-consumer:kernel-module-control
|
|
snap connect generic-consumer:kernel-module-control
|
|
|
|
echo "Then the snap is able to list the existing modules"
|
|
test "$(su -l -c "test-snapd-kernel-module-consumer.lsmod" test | wc -l)" -gt 2
|
|
|
|
echo "And the snap is able to insert a module"
|
|
if lsmod | MATCH "$MODULE"; then
|
|
touch module_present
|
|
rmmod "$MODULE"
|
|
fi
|
|
lsmod | NOMATCH "$MODULE"
|
|
test-snapd-kernel-module-consumer.insmod "$MODULE_PATH"
|
|
|
|
echo "And the snap is able to read /sys/module"
|
|
generic-consumer.cmd ls /sys/module | MATCH "$MODULE"
|
|
|
|
echo "And the snap is not able to write to /sys/module"
|
|
if su -l -c "generic-consumer.cmd touch /sys/module/test" test 2> touch.error; then
|
|
echo "Expected permission error writing to /sys/module"
|
|
exit 1
|
|
fi
|
|
MATCH "Permission denied" < touch.error
|
|
|
|
echo "And the snap is able to remove a module"
|
|
test-snapd-kernel-module-consumer.rmmod "$MODULE"
|
|
lsmod | NOMATCH "$MODULE"
|
|
|
|
if [ "$(snap debug confinement)" = partial ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
echo "When the plug is disconnected"
|
|
snap disconnect test-snapd-kernel-module-consumer:kernel-module-control
|
|
snap disconnect generic-consumer:kernel-module-control
|
|
|
|
echo "Then the snap is not able to list modules"
|
|
if su -l -c "test-snapd-kernel-module-consumer.lsmod" test 2> list.error; then
|
|
echo "Expected permission error listing modules with disconnected plug"
|
|
exit 1
|
|
fi
|
|
MATCH "Permission denied" < list.error
|
|
|
|
echo "And the snap is not able to insert a module"
|
|
if test-snapd-kernel-module-consumer.insmod "$MODULE_PATH"; then
|
|
echo "Expected permission error inserting module with disconnected plug"
|
|
exit 1
|
|
fi
|
|
|
|
echo "And the snap is not able to remove a module"
|
|
# first we need to insert the module
|
|
lsmod | NOMATCH "$MODULE"
|
|
insmod "$MODULE_PATH"
|
|
lsmod | MATCH "$MODULE"
|
|
if test-snapd-kernel-module-consumer.rmmod "$MODULE" 2> remove.error; then
|
|
echo "Expected permission error removing module with disconnected plug"
|
|
exit 1
|
|
fi
|
|
MATCH "Permission denied" < remove.error
|
|
|
|
echo "And the snap is not able to read /sys/module"
|
|
if su -l -c "generic-consumer.cmd ls /sys/module" test 2> read.error; then
|
|
echo "Expected permission error reading /sys/module with disconnected plug"
|
|
exit 1
|
|
fi
|
|
MATCH "Permission denied" < read.error
|
|
|
|
echo "And the snap is not able to write to /sys/module"
|
|
if su -l -c "generic-consumer.cmd touch /sys/module/test" test 2> touch.error; then
|
|
echo "Expected permission error writing to /sys/module"
|
|
exit 1
|
|
fi
|
|
MATCH "Permission denied" < touch.error
|