many: fix handling of jail mode in security setup #2310
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This large patch semi-mechanically changes all of devMode bool flag to snap.ConfinementType with values such as DevmodeConfinemetn (old true) and StrictConfinement (old false). The intent is to have more than two states (so that we can have classic confinement later) and so that the effective confinement is conveyed, regardless of flags such as devmode and jailmode elsewhere. The code in the interface manager is kept as-is (same logic as before, just trivial adjustments to let it compile) so that a subsequent branch can use EffectiveConfinement and fix the jailmode bug neatly. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch adds a helper function that returns the effective confinement, given declared snap confinement and flags such as devmode or jailmode. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch changes all calls to setup snap security that were done with DevModeAllowed to use EffectiveConfinement. The former was incorrectly marking all jailmode snaps to use devmode confinement as the function really meant "is devmode a valid flag" not "is devmode the effective confinement". Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch adds a (currently failing) regression test for a jalimode bug. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
zyga
force-pushed
the
lp-jailmode-1641885
branch
from
1a6cbc5
to
359b468
Compare
zyga
changed the title
jdstrand
reviewed
Nov 21, 2016
| if f.JailMode { | ||
| // jailmode flag overrides devmode flag | ||
| return snap.StrictConfinement | ||
| } |
There was a problem hiding this comment.
At a minimum, the comment here is not right and is confusing, but does this f.JailMode check make sense within the context of snap.StrictConfinement or can it just be removed?
There was a problem hiding this comment.
I think that having both flags (jail and dev mode) set is an edge case but I think that we should respect the jail mode flag just to err on the strict side. I don't think the code actually allows such a combination.
FYI: please let's continue to review this function in #2312 where it is coming from.
|
I'll close this pull request and open a new one with different fix based on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This branch is based on #2312 and #2315 and fixes jail mode flag handling when setting up security.
Fixes: https://bugs.launchpad.net/snappy/+bug/1641885