mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
15e53b3712
* interfaces: posix-mq: add new interface - Add support for a new posix-mq interface, including AppArmor and seccomp rules. This allows creating, sending, and receiving IPC messages over POSIX message queues between snaps. - Remove commented out seccomp rules for POSIX message queues in template.go Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: updated static information - Added a declaration for plugs to allow snaps from the same publisher to automatically connect - Added slot declaration to static information - Changed slot to disallow auto connections by default - Allow slot installation for all snap types - Remove implicit interfaces Signed-off-by: Isaac True <isaac.true@canonical.com> * apparmor: add feature detection for POSIX message queues Check if the AppArmor implementation supports the "mqueue" keyword. Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: extend validation and testing - Permissions are now also validated in the BeforePrepare* functions - Check if the AppArmor system supports the mqueue feature - Extend unit tests to also check that unwanted permissions are not included - Additionally change mq_notify syscall to be included when the read permission is used Signed-off-by: Isaac True <isaac.true@canonical.com> * apparmor: update unit tests to include mqueue feature detection Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: extend MQ path validation - Ensure the given path is not an AppArmor regex and is a clean path - Surround the path with quotes in the AppArmor rule - Update unit tests to with the new validation Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: remove unneeded aliases Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: mark slot as super-privileged Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: update path handling - If the path does not begin with '/', add a '/' - Use the name of the slot as the path if no path has been given Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: remove get/setattr These permissions are not supported by AppArmor * interfaces: posix-mq: remove redundant connected slot rule Additionally added indenting the AppArmor rules Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: add open permission * interfaces: posix-mq: update AppArmor snippet generation - The permanent slot snippet is now generated from the complete list of available permissions, rather than hard-coded specific permissions. - Append open to the connected plug permissions array rather than directly entering it into the snippet. - Update unit tests to reflect new changes. Signed-off-by: Isaac True <isaac.true@canonical.com> * tests: add posix-mq to interfaces-many-snap-provided * interfaces: posix-mq: replace function with strutil.ListContains Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: mock AppArmor feature in unit tests Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: add posix-mq test cases to base declaration tests Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: change test variable names to reflect test cases Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: improve comments and error messages - Remove slot name from error messages - Standardise comment format - Additionally remove permission validation from BeforePreparePlug as the permissions are configured in the slot Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: add additional unit tests and rework permission parsing - Test to ensure that the path attribute is a string - Test that the permissions attribute only contains valid permissions - Add functionality and unit test to ensure that the permissions attribute is a list of strings Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: rename path attribute to "posix-mq" This change brings the interface in line with other interfaces which also use paths. Signed-off-by: Isaac True <isaac.true@canonical.com> * Revert "interfaces: posix-mq: rename path attribute to "posix-mq"" This reverts commit 47b9e5f72a84b085784c6e21eeadf4adb26978b5. * interfaces: posix-mq: add "posix-mq" label attribute This adds an additional attribute called "posix-mq" which can be used to help identify which plugs should connect to which slots, similar to the `shared-memory` interface. Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: validate posix-mq attribute in BeforePreparePlug Additionally add more unit tests to validate posix-mq label handling. Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: improve unit tests by checking for explicit errors Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: various code cleanups to improve readability Signed-off-by: Isaac True <isaac.true@canonical.com> * interfaces: posix-mq: fix unit test not being run - Additionally check for an explicit error Signed-off-by: Isaac True <isaac.true@canonical.com> Co-authored-by: Michael Vogt <mvo@ubuntu.com>