token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
release/2.62
snapd/tests/core/basic18/task.yaml
Alex Murray b0c8a48341 sandbox/apparmor: don't let vendored apparmor conflict with system (#12909) 
* sandbox/apparmor: don't let vendored apparmor conflict with system

Don't enable the vendored apparmor if the system installed apparmor will try and
load policy that would be generated by the vendored apparmor and hence may
conflict with that by using newer features not supported by the system installed
apparmor (LP: 2024637)

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* apparmor: add unit testing for SystemAppArmorLoadsSnapPolicy()

* tests: add test that checks regression in lp-2024637

* apparmor: only log non ENOENT errors in systemAppArmorLoadsSnapPolicy

* tests: fix snapd-snap test on 14.04-18.04

This commit will skip apparmor vendor testing if /lib/apparmor/functions
still references /var/lib/snapd/apparmor/.

See LP:2024637

* tests: fix typo in snapd-snap test

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* i/apparmor: allow read of /lib/apparmor/functions in snap-update-ns

Snapd at startup will inspect this file now to ensure that the
vendored apparmor can be used. So the snap-update-ns profile
also needs to get updated as this happens during an early init().

---------

Signed-off-by: Alex Murray <alex.murray@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
2023-07-03 14:03:27 +02:00

37 lines
1.1 KiB
YAML
Raw Permalink Blame History

summary: Check basic core18 system functionality
systems: [ubuntu-core-18-*]
execute: |
echo "Check that the system snaps are there"
snap list core18
snap list snapd
if snap list core; then
echo "The old core snap is installed but should not"
exit 1
fi
echo "Ensure that the system is fully seeded"
snap changes | MATCH "Done.*Initialize system state"
echo "Check that a simple shell snap"
snap install test-snapd-sh-core18
test-snapd-sh-core18.sh -c 'echo hello' | MATCH hello
if python3 -m json.tool < /var/lib/snapd/system-key | grep '"build-id": ""'; then
echo "The build-id of snapd must not be empty."
exit 1
fi
echo "Ensure passwd/group is available for snaps"
test-snapd-sh-core18.sh -c 'cat /var/lib/extrausers/passwd' | MATCH test
# ensure apparmor works, see LP: 2024637
systemctl status apparmor.service
# reboot to double check that apparmor still works after the reboot
# (LP: 2024637)
if [ "$SPREAD_REBOOT" = 0 ]; then
REBOOT
fi
Reference in New Issue View Git Blame Copy Permalink