forked from snapcore/snapd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
task.yaml
57 lines (45 loc) · 2.2 KB
/
task.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
summary: Regression test for LP 1802581
description: |
When using the snapd GPIO interface the slot side needs to export the GPIO
pint so that a file appears under /sys/class/gpio/gpioNNN. That file is a
symbolic link to a special, platform specific device path. The symbolic
link needs to be evaluated so that apparmor rules for the plug side can be
constructed.
A customer has reported that when a snap is disabled and then re-enabled
the GPIO pin is not exported and apparmor backend cannot setup security
of the snap being enabled.
A similar issue has occurred once in the past where the order in which
security backends operated was not deterministic. We fixed the issue by
applying a fixed order so that the systemd backend, responsible for
exporting the pin, would always run before the apparmor backend, which
could now rely on the pin being exposed to userspace.
systems: [ubuntu-core-16-64]
prepare: |
# shellcheck source=tests/lib/systemd.sh
. "$TESTSLIB/systemd.sh"
echo "Create/enable fake gpio"
systemd_create_and_start_persistent_unit fake-gpio "$TESTSLIB/fakegpio/fake-gpio.py" "[Unit]\nBefore=snap.core.interface.gpio-100.service\n[Service]\nType=notify"
restore: |
# shellcheck source=tests/lib/systemd.sh
. "$TESTSLIB/systemd.sh"
system_stop_and_remove_persistent_unit fake-gpio
# for good measure, fake-gpio.py does this umount already on exit
umount /sys/class/gpio || true
debug: |
journalctl -u fake-gpio.service
execute: |
echo "Install a snap that uses the gpio consumer"
#shellcheck source=tests/lib/snaps.sh
. "$TESTSLIB"/snaps.sh
install_local gpio-consumer
echo "And connect the gpio pin"
snap connect gpio-consumer:gpio :gpio-pin
snap interfaces | MATCH ":gpio-pin.*gpio-consumer:gpio"
# LP-1802581
echo "Now disable and enable the snap to ensure lp: #1802581 is fixed"
snap disable gpio-consumer
snap enable gpio-consumer
echo "Check that the connection is still here after enable"
snap interfaces | MATCH ":gpio-pin.*gpio-consumer:gpio"
echo "Ensure that our mock service is full functional"
systemctl status fake-gpio.service | MATCH "Active: active"