interfaces: don't udev tag devmode or classic snaps (2.29) #4130

Closed

jdstrand wants to merge 3 commits into snapcore:master from jdstrand:fix-cgroup-with-devmode-2.29

Contributor

jdstrand commented Nov 2, 2017

Corresponding PR for 2.29 for PR #4114

pedronis and others added some commits Oct 31, 2017


      make ignore-validation sticky and send the flag with refresh requests

bb4410c


      Merge pull request #4117 from pedronis/sticky-n-send-ignore-validatio…

…n-2.29

many: make ignore-validation sticky and send the flag with refresh requests (2.29)

37761a6


      interfaces: don't udev tag devmode or classic snaps

devmode and classic snaps are meant to run without confinement, but the udev
backend unconditionally udev tags devices resulting in permission denied errors
when for devices not in connected interfaces. While classic snaps currently
aren't allowed to plugs interfaces, this is expected to change so fix this now
too.

Reference:
https://forum.snapcraft.io/t/device-cgroup-is-applied-to-devmode-snap/2663

While we could simply not generate the files in /etc/udev/rules.d when in
devmode or classic, we instead generate those files with commented out the
udev rules. This makes the testsuite changes much smaller, but also allows
someone working in devmode to see what would be done, and to adjust the file in
/etc/udev/rules.d as needed when developing their snap.

This adds four spread tests: devmode, classic, jailmode and strict mode. While
much of the cgroup handling is done in tests/main/security-device-cgroups,
these tests are more about high-level blackbox testing in the manner a
developer would experience things.

This is for 2.29 and incorporates all the feedback from PR #4114

52bc5f1

jdstrand added this to the 2.29 milestone Nov 2, 2017

jdstrand closed this Nov 2, 2017

jdstrand deleted the jdstrand:fix-cgroup-with-devmode-2.29 branch Nov 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

You can't perform that action at this time.