/snapd

add broadcom-asic-control interface #3615

Closed
wants to merge 1 commit into
from

Conversation

Reviewers

@morphis morphis

@zyga zyga

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@knitzsche @morphis @mvo5 @zyga
@knitzsche
Contributor

knitzsche commented Jul 21, 2017

provide an apparmor snippet that grants access to the files associated with the broadcom asic kernel module.
@knitzsche
add broadcom-asic-control interface

Some checks were not successful

2 failing and 5 successful checks
continuous-integration/travis-ci/pr — The Travis CI build failed
Details
@mvo5
xenial-ppc64el — autopkgtest finished (failure)
Details
@mvo5
artful-amd64 — autopkgtest finished (success)
Details
@mvo5
xenial-amd64 — autopkgtest finished (success)
Details
@mvo5
xenial-i386 — autopkgtest finished (success)
Details
@mvo5
yakkety-amd64 — autopkgtest finished (success)
Details
@mvo5
zesty-amd64 — autopkgtest finished (success)
Details
b72277e
@morphis

morphis commented on interfaces/builtin/broadcom-asic-control.go in b72277e Jul 24, 2017

allows -> Allows

morphis replied Jul 24, 2017

broadcom-asic -> Broadcom ASIC
@morphis

morphis commented on interfaces/builtin/broadcom-asic-control.go in b72277e Jul 24, 2017

Why only "sometimes write"? The interface either gives read or write access but there is nothing in between.

"broadcom asic" -> Broadcom ASIC
@morphis

morphis commented on interfaces/builtin/broadcom-asic-control.go in b72277e Jul 24, 2017

broadcom asic -> Broadcom ASIC
@zyga

zyga reviewed Jul 24, 2017
View changes

Some quick comments.

interfaces/builtin/broadcom-asic-control.go
+
+const broadcomAsicControlSummary = `allows using the broadcom-asic kernel module`
+
+const broadcomAsicControlDescription = `
@zyga

zyga Jul 24, 2017

Contributor

Description is now out. Please open a thread on the forum, document the interface there and add a documentation link (I will try to land the related branch today so that you can do this).

interfaces/builtin/broadcom-asic-control.go
+const broadcomAsicControlConnectedPlugAppArmor = `
+# Description: Allow access to broadcom asic kernel module.
+
+/sys/module/linux_kernel_bde/initstate r,
@zyga

zyga Jul 24, 2017

Contributor

Is it necessary to load any modules for this interface to work? Does the required module automatically load by itself? Snapd has a kmod backend where connected interface can trigger a module load without empowering the application process to load arbitrary modules.

@morphis

morphis Jul 26, 2017

Contributor

Good point, will verify this with the relevant people.

interfaces/builtin/broadcom-asic-control.go
+/sys/module/linux_bcm_knet/initstate r,
+/sys/module/linux_bcm_knet/holders/ r,
+/sys/module/linux_bcm_knet/refcnt r,
+/dev/linux-user-bde rw,
@zyga

zyga Jul 24, 2017

Contributor

I think those need to be tagged and added via the udev backend as well.

@morphis

morphis Jul 26, 2017

Contributor

Done.

@morphis
Contributor

morphis commented Jul 24, 2017

@zyga Thanks for the comments. As @knitzsche is out this week I will take this over and open another PR soon with your comments fixed.

Description is now out. Please open a thread on the forum, document the interface there and add a documentation link (I will try to land the related branch today so that you can do this).

Are there already any examples for this? Which PR you're referring to?
@morphis
Contributor

morphis commented Jul 26, 2017

Superseeded by #3623

Can somebody close this? @zyga
@mvo5
Collaborator

mvo5 commented Jul 27, 2017

Closing as requested by morphis in #3615 (comment)

@mvo5 mvo5 closed this Jul 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment