New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
many: fix handling of jail mode in security setup #2310
Conversation
This large patch semi-mechanically changes all of devMode bool flag to snap.ConfinementType with values such as DevmodeConfinemetn (old true) and StrictConfinement (old false). The intent is to have more than two states (so that we can have classic confinement later) and so that the effective confinement is conveyed, regardless of flags such as devmode and jailmode elsewhere. The code in the interface manager is kept as-is (same logic as before, just trivial adjustments to let it compile) so that a subsequent branch can use EffectiveConfinement and fix the jailmode bug neatly. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch adds a helper function that returns the effective confinement, given declared snap confinement and flags such as devmode or jailmode. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch changes all calls to setup snap security that were done with DevModeAllowed to use EffectiveConfinement. The former was incorrectly marking all jailmode snaps to use devmode confinement as the function really meant "is devmode a valid flag" not "is devmode the effective confinement". Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This patch adds a (currently failing) regression test for a jalimode bug. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
1a6cbc5
to
359b468
Compare
if f.JailMode { | ||
// jailmode flag overrides devmode flag | ||
return snap.StrictConfinement | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At a minimum, the comment here is not right and is confusing, but does this f.JailMode check make sense within the context of snap.StrictConfinement or can it just be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that having both flags (jail and dev mode) set is an edge case but I think that we should respect the jail mode flag just to err on the strict side. I don't think the code actually allows such a combination.
FYI: please let's continue to review this function in #2312 where it is coming from.
I'll close this pull request and open a new one with different fix based on |
This branch is based on #2312 and #2315 and fixes jail mode flag handling when setting up security.
Fixes: https://bugs.launchpad.net/snappy/+bug/1641885