Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
snap: ensure security polices are re-created #3442
Conversation
mvo5
added some commits
Jun 7, 2017
codecov-io
commented
Jun 8, 2017
Codecov Report
@@ Coverage Diff @@
## master #3442 +/- ##
==========================================
- Coverage 77.23% 77.22% -0.02%
==========================================
Files 373 373
Lines 25645 25658 +13
==========================================
+ Hits 19808 19815 +7
- Misses 4087 4090 +3
- Partials 1750 1753 +3
Continue to review full report at Codecov.
|
| + // permanent failed state if it cannot be activated and at this | ||
| + // point the code will continue (with potentially stale profiles | ||
| + // but at least services will run). | ||
| + for i := 0; i < 500; i++ { |
jdstrand
Jun 8, 2017
•
Contributor
Note that 5 seconds is not very long on armhf. Touch profiles could take as long as 1 second to load each, so a system with many profiles on armhf could fallback to old profiles pretty regularly, depending on when the systemd unit started.
| + // XXX2: the backported systemd on 14.04 does not support | ||
| + // the dbus interface of systemd, only the private | ||
| + // socket which is only available as root, ignore | ||
| + // this error. |
jdstrand
Jun 8, 2017
Contributor
In addition to not being supported on 14.04, it occurred to me that performing a DBus call in snap run is overhead we could avoid with a stamp file. I'm not sure if this fits all the properties you are looking for, but if instead of this DBus call snap run checks for the existence of a file (eg /run/snapd/something-appropriate) and waits on that, this would be a cheap check that would also work on 14.04. This stamp file would be created after profile generation finished and it could be removed on 'stop' so that 'snap run' during a core snap refresh would cause snap run to wait.
mvo5
added some commits
Jun 8, 2017
|
Closing for now, this needs some more work after the latest forum discussions |
mvo5 commentedJun 7, 2017
Based on #3438
For easy review: mvo5/snappy@1dfa2ee