many: fix test cases to work with different DistroLibExecDir

[morphis]

This is needed to allow execution of our unit tests within the package build on other distributions like Fedora.

[zyga]

Just quick comments. I'll read more soon

[zyga]

Wait, this feels wrong. If core path is the path where core is mounted the rest of the string can be a constant because it's not depending on the distribution anymore.

[morphis]

I will look into this again. However all tests except refresh-delta-from-core on Ubuntu 14.04 seem to pass. However for Fedora/SUSE/Arch/... this might fail. We really need CI for all of these.

[zyga]

This looks correct now.

[zyga]

Wait, this is not what I expected (the diff looked different before). So on Fedora the core path is /var/lib/snapd/snap/core/current/ but then the dirs.DistroLibExecDir will contain /usr/libexec/snapd, I don't understand how this is supposed to work.

[morphis]

@zyga Please note that the code now uses dirs.CoreLibExecDir which will expand to /usr/lib/snapd even on Fedora. A previous version of the code was using dirs.DistroLibExecDir which is, as you pointed out, wrong.

In summary: The new code filepath.Join(corePath, dirs.CoreLibExecDir, "info") will take the corePath as determined before through /proc/self/exe and append dirs.CoreLibExecDir so that we end up with /snap/core/current/usr/libexec/snapd/info on Ubuntu and /var/lib/snapd/snap/core/current/usr/libexec/snapd/info

[zyga]

Again, isn't this constant?

[morphis]

For now yes, but when we have switch to different core/base snaps it may not. Using dirs.CoreLibExecDir here now.

[zyga]

using CoreLibExecDir is fine. For core/base split I don't know how it will work yet so it's hard to say.

[zyga]

Wait, this feels wrong. If core path is the path where core is mounted the rest of the string can be a constant because it's not depending on the distribution anymore.

[morphis]

I will look into this again. However all tests except refresh-delta-from-core on Ubuntu 14.04 seem to pass. However for Fedora/SUSE/Arch/... this might fail. We really need CI for all of these.

[zyga]

This looks correct now.

[zyga]

Wait, this is not what I expected (the diff looked different before). So on Fedora the core path is /var/lib/snapd/snap/core/current/ but then the dirs.DistroLibExecDir will contain /usr/libexec/snapd, I don't understand how this is supposed to work.

[morphis]

@zyga Please note that the code now uses dirs.CoreLibExecDir which will expand to /usr/lib/snapd even on Fedora. A previous version of the code was using dirs.DistroLibExecDir which is, as you pointed out, wrong.

In summary: The new code filepath.Join(corePath, dirs.CoreLibExecDir, "info") will take the corePath as determined before through /proc/self/exe and append dirs.CoreLibExecDir so that we end up with /snap/core/current/usr/libexec/snapd/info on Ubuntu and /var/lib/snapd/snap/core/current/usr/libexec/snapd/info

[zyga]

Just nitpick. I'd prefer a flag like ReExecEnabled or something similar. The false/true that is in tests above is hard to grok just by looking.

[morphis]

Let me change that.

[niemeyer]

Or even simpler, pass libExecDir as a parameter.

[morphis]

Using libExecDir now.

[niemeyer]

This should be done only once in this function. Right now it's being done twice, and it's also bogus because code right below will test for a path that does not exist. Proper way is likely to bring the code currently at the bottom here, and make sure snapConfine points to the proper thing upfront.

[morphis]

Reworked the logic a bit.

[zyga]

Just nitpick. I'd prefer a flag like ReExecEnabled or something similar. The false/true that is in tests above is hard to grok just by looking.

[morphis]

Let me change that.

[niemeyer]

Or even simpler, pass libExecDir as a parameter.

[morphis]

Using libExecDir now.

[Conan-Kudo]

I'm confused... Why are so many things changing from DistroLibExecDir to CoreLibExecDir? That seems to indicate it'd be running/testing a completely different/wrong thing...

[morphis]

@Conan-Kudo Many of the changes are for paths are in the code path for the re-execution feature which never worked on Fedora/Suse. So you never saw anything going wrong. This PR fixes those cases and brings us a bit closer to working re-execution too.

[mvo5]

Looks good, but some review comments (like #3222 (comment) are not addressed yet)

[morphis]

Fixed all review comments and rebased on latest master

[mvo5]

Some unit test failures, e.g. https://travis-ci.org/snapcore/snapd/builds/226369117#L2580

[morphis]

@mvo5 Pushed a change to fix the failing unit tests.

[zyga]

Sorry for taking so long to verify this. This part is incorrect. The generated mount profile is only processed after pivot_root has happened so it must use the internal layout.

[morphis]

How that? On Debian & Ubuntu we have /snap and on Fedora we have /var/lib/snapd/snap in and outside of the snap or do I miss anything?

[zyga]

You are missing one thing. After pivot_root whatever the snap mount directory is it ends up being /snap. Only then do we process those mount directives so the hard-coded paths are actually always correct.

[morphis]

Running the following

$ snap run --shell hello-world
bash-4.3$ echo $SNAP
/var/lib/snapd/snap/hello-world/27

Please also note that I didn't change builting.ResolveSpecialVariable. It is using dirs.BaseSnapMountDir already without this PR. See https://github.com/snapcore/snapd/blob/master/interfaces/builtin/content.go#L123

[zyga]

As discussed on IRC there are a host of bugs here:

• snap execution environment should look the same everywhere
• $SNAP is always /snap/$SNAP_NAME/$SNAP_REVISION when seen from inside snap execution environment
• various other things are wrong but we'll discuss and fix them in separate PRs

[morphis]

The code is now changed to use /snap as static prefix.

[mvo5]

Silly question - if the code got changed to use /snap as static prefix, do we still need to change:

- "/snap/foo"
+ filepath.Join(dirs.CoreSnapMountDir, "foo")

I guess the answer is yes to make it more obvious when we mean "context-is-inside-core" and "context-is-outside"(?)

[morphis]

I would say, we should do it this way, With that we always have a clear bind to the context and know what we're dealing with.

[zyga]

This is more of a prepare: stage to me but the actual section looks curious. Is this intentional?

[morphis]

Fixed and reworked the test case a bit more.

[niemeyer]

We can't use the "BaseSnap" term here, even more when we have a matching variable with "CoreSnap". Base snaps are around the block and this is unrelated.

[Conan-Kudo]

HostSnapMountDir would make more sense, ne?

[morphis]

HostSnapMountDir still has a notion of not saying that it is absolute or not. BaseSnapMountDir was my attempt to word that. What about RawSnapMountDir?

[niemeyer]

That makes it Raw, except other things raw are not Raw. Still pretty misleading and error prone. Not to mention "raw" doesn't really say much in this context.

See the suggestion in the other point.

[niemeyer]

What's the line for deciding what has a prefix or not? Why do we have BaseSnapMountDir with rootdir, but the ones above not? Hard to guess on call sites, which makes it quite error prone.

[morphis]

We need a variable which has just the clean mount dir without the root prefix as otherwise we end up with something $prefix/$prefix/$snapmountdir in the unit tests. See https://github.com/snapcore/snapd/pull/3222/files#diff-76f691a17e89c1330742e51bb468ef76R203 as an example. The only place where it is ever being used are unit tests. I can move these variables into test code and keep it away from dirs/dirs.go but actually it would be nice to keep these things in a central place.

Also CoreLibExecDir/CoreSnapMountDir are needed as these describe where in the core snap those directories are located. These are different on Fedora than the outside SnapMountDir/LibExecDir so we have to keep them distinct.

[pedronis]

if a unit test tries to write to those Core* dirs missing the rootdir will creates errors

[morphis]

The unit test doesn't try to write into those dirs. They are used for example in the content interface where we check if the mount entries generated are ok. @zyga told me that those should never use SnapMountDir (which might be prefixed) but the mount dir without any prefix so /snap on Ubuntu and /var/lib/snapd/snap on Fedora.

[niemeyer]

I suggest keeping the rootdir as originally, and stripping GlobalRootDir out of it when really needed. That makes it consistent.

[morphis]

@niemeyer Doing that now. Please have another look.

[pedronis]

we probably want a newline to separate things here

[morphis]

Will add one.

[codecov-io]

Codecov Report

Merging #3222 into master will decrease coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #3222      +/-   ##
==========================================
- Coverage   77.16%   77.15%   -0.01%     
==========================================
  Files         373      373              
  Lines       25793    25792       -1     
==========================================
- Hits        19902    19900       -2     
  Misses       4134     4134              
- Partials     1757     1758       +1

Impacted Files	Coverage Δ
dirs/dirs.go	96.77% <ø> (-0.06%)	⬇️
cmd/snap/cmd_run.go	64.51% <100%> (ø)	⬆️
interfaces/builtin/content.go	80.73% <100%> (ø)	⬆️
cmd/cmd.go	100% <100%> (ø)	⬆️
overlord/snapstate/snapstate.go	81.28% <0%> (-0.24%)	⬇️
overlord/ifacestate/helpers.go	65.54% <0%> (ø)	⬆️
interfaces/sorting.go	96.66% <0%> (+3.33%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1495246...999789f. Read the comment docs.

[zyga]

Given its nature maybe?

[zyga]

My head hurts with all the new snap variables everywhere. LGTM

[zyga]

Why don't we const those?

[zyga]

This would feel better with a dedicated type.

[zyga]

Wait, are those even used?

[morphis]

Hm, they aren't. Seems to be a leftover. Good spot!

[morphis]

Drop these now.

[morphis]

@pedronis @zyga @Conan-Kudo @niemeyer Can you have another look so we get this reviewed and merged soon?

[mvo5]

Looks good, some comments inline. I am in favour of merging even if imperfect and do a followup to ease the burden of fixing this branch, it has a lot of conflicts potential.

[mvo5]

Pardon my ignorance, but it looks like the argument for mockSnapConfine() is always dirs.DistroLibExecDir - do we really need this new argument in this case?

[morphis]

There is exactly one case where it isn't. See https://github.com/snapcore/snapd/pull/3222/files/f78d7918f26f71239000599fd11db988cd605cc0#diff-78f744cbc3eb83652f8ed773dceac016R466

[mvo5]

Aha, silly me. I even found this in subsequent reading but then forgot to delete the comment. Sorry for the noise.

[mvo5]

filepath.Join() is probably more natural here

[morphis]

Fixed.

[zyga]

Sorry for taking so long to verify this. This part is incorrect. The generated mount profile is only processed after pivot_root has happened so it must use the internal layout.

[morphis]

How that? On Debian & Ubuntu we have /snap and on Fedora we have /var/lib/snapd/snap in and outside of the snap or do I miss anything?

[zyga]

You are missing one thing. After pivot_root whatever the snap mount directory is it ends up being /snap. Only then do we process those mount directives so the hard-coded paths are actually always correct.

[morphis]

Running the following

$ snap run --shell hello-world
bash-4.3$ echo $SNAP
/var/lib/snapd/snap/hello-world/27

Please also note that I didn't change builting.ResolveSpecialVariable. It is using dirs.BaseSnapMountDir already without this PR. See https://github.com/snapcore/snapd/blob/master/interfaces/builtin/content.go#L123

[zyga]

As discussed on IRC there are a host of bugs here:

• snap execution environment should look the same everywhere
• $SNAP is always /snap/$SNAP_NAME/$SNAP_REVISION when seen from inside snap execution environment
• various other things are wrong but we'll discuss and fix them in separate PRs

[morphis]

The code is now changed to use /snap as static prefix.

[mvo5]

Silly question - if the code got changed to use /snap as static prefix, do we still need to change:

- "/snap/foo"
+ filepath.Join(dirs.CoreSnapMountDir, "foo")

I guess the answer is yes to make it more obvious when we mean "context-is-inside-core" and "context-is-outside"(?)

[morphis]

I would say, we should do it this way, With that we always have a clear bind to the context and know what we're dealing with.

[mvo5]

This feels a bit repetitive and relatively long, I wonder if we could compute the dirs only once at the beginning of the test. OTOH it was repetitive before so maybe that is something for a later branch.

[morphis]

+1 (change + later branch)

[mvo5]

Would it be possible to move everything that needs classic confinement into a single snapmgrWithClassicConfinementTestSuite and simply skip the entire suite on the above condition?

[morphis]

Not sure, something I would have to look into but would prefer to do it with a follow up PR to not put more burden on this one.

[mvo5]

Slightly strange that SupportsClassicConfinement() is a member of dirs - I understand why but still feels wrong. Anyway, not something to be concerned about for this branch.

[niemeyer]

LGTM assuming it drops the function mentioned below.

[niemeyer]

Let's please drop this function. We don't need a special (and long) name for filepath.Join. :-)

[morphis]

Done.