interfaces: don't udev tag devmode or classic snaps (2.29) #4130

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
3 participants
Contributor

jdstrand commented Nov 2, 2017

Corresponding PR for 2.29 for PR #4114

pedronis and others added some commits Oct 31, 2017

Merge pull request #4117 from pedronis/sticky-n-send-ignore-validatio…
…n-2.29

many: make ignore-validation sticky and send the flag with refresh requests (2.29)
interfaces: don't udev tag devmode or classic snaps
devmode and classic snaps are meant to run without confinement, but the udev
backend unconditionally udev tags devices resulting in permission denied errors
when for devices not in connected interfaces. While classic snaps currently
aren't allowed to plugs interfaces, this is expected to change so fix this now
too.

Reference:
https://forum.snapcraft.io/t/device-cgroup-is-applied-to-devmode-snap/2663

While we could simply not generate the files in /etc/udev/rules.d when in
devmode or classic, we instead generate those files with commented out the
udev rules. This makes the testsuite changes much smaller, but also allows
someone working in devmode to see what would be done, and to adjust the file in
/etc/udev/rules.d as needed when developing their snap.

This adds four spread tests: devmode, classic, jailmode and strict mode. While
much of the cgroup handling is done in tests/main/security-device-cgroups,
these tests are more about high-level blackbox testing in the manner a
developer would experience things.

This is for 2.29 and incorporates all the feedback from PR #4114

@jdstrand jdstrand added this to the 2.29 milestone Nov 2, 2017

@jdstrand jdstrand closed this Nov 2, 2017

@jdstrand jdstrand deleted the jdstrand:fix-cgroup-with-devmode-2.29 branch Nov 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment