New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
interfaces: add common support for udev #3658
interfaces: add common support for udev #3658
Conversation
Many interfaces will need to support udev-based device tagging. To counter the explosion of custom interface types the common interface can be grown to support per-app udev tags. There's also some helper for testing, placed in export_test.go, since common_test is not using builtin_test package. I'll clean that up separately. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
736194b
to
a370824
Compare
Codecov Report
@@ Coverage Diff @@
## master #3658 +/- ##
==========================================
+ Coverage 75.16% 75.18% +0.01%
==========================================
Files 388 388
Lines 33628 33637 +9
==========================================
+ Hits 25278 25289 +11
+ Misses 6534 6532 -2
Partials 1816 1816
Continue to review full report at Codecov.
|
@@ -142,3 +145,15 @@ func (iface *commonInterface) SecCompConnectedPlug(spec *seccomp.Specification, | |||
} | |||
return nil | |||
} | |||
|
|||
func (iface *commonInterface) UDevConnectedPlug(spec *udev.Specification, plug *interfaces.Plug, plugAttrs map[string]interface{}, slot *interfaces.Slot, slotAttrs map[string]interface{}) error { | |||
old := "###SLOT_SECURITY_TAGS###" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to use the following code for a few reasons here, instead of introducing tags and doing the string.Replace here.
- less code for consistency with other functions in commonInterface
- In favor of "format" here rather than "replace" for performance consideration (nitpicking, we have a large code snippet udev rules for udisk2, modemManager, maybe more in the future)
if iface.connectedPlugUdev != "" {
for appName := range plug.Apps {
tag := udevSnapSecurityName(plug.Snap.Name(), appName)
spec.AddSnippet(fmt.Sprintf(iface.connectedPlugUdev, tag))
}
}
People could use %[1]s if there're multiple udev entries there or simply use "%s" if only one entry exists.
I'll leave the decision to you though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used format first but then changed this so that it is consistent with ###replaceme###
markers we use elsewhere in the interface code. We can revisit that but then we should do it consistently in the whole stack (all of builtin/*.go
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. Sounds good!
@@ -142,3 +145,15 @@ func (iface *commonInterface) SecCompConnectedPlug(spec *seccomp.Specification, | |||
} | |||
return nil | |||
} | |||
|
|||
func (iface *commonInterface) UDevConnectedPlug(spec *udev.Specification, plug *interfaces.Plug, plugAttrs map[string]interface{}, slot *interfaces.Slot, slotAttrs map[string]interface{}) error { | |||
old := "###SLOT_SECURITY_TAGS###" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. Sounds good!
Many interfaces will need to support udev-based device tagging. To
counter the explosion of custom interface types the common interface can
be grown to support per-app udev tags.
There's also some helper for testing, placed in export_test.go, since
common_test is not using builtin_test package. I'll clean that up
separately.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com