/snapd

interfaces: don't udev tag devmode or classic snaps (2.29) #4131

Merged
merged 1 commit into from Nov 2, 2017

Conversation

Reviewers

@zyga zyga

@mvo5 mvo5

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
  2.29
4 participants
@jdstrand @codecov-io @zyga @mvo5
@jdstrand
Contributor

jdstrand commented Nov 2, 2017

devmode and classic snaps are meant to run without confinement, but the udev
backend unconditionally udev tags devices resulting in permission denied errors
when for devices not in connected interfaces. While classic snaps currently
aren't allowed to plugs interfaces, this is expected to change so fix this now
too.

Reference:
https://forum.snapcraft.io/t/device-cgroup-is-applied-to-devmode-snap/2663

While we could simply not generate the files in /etc/udev/rules.d when in
devmode or classic, we instead generate those files with commented out the
udev rules. This makes the testsuite changes much smaller, but also allows
someone working in devmode to see what would be done, and to adjust the file in
/etc/udev/rules.d as needed when developing their snap.

This adds four spread tests: devmode, classic, jailmode and strict mode. While
much of the cgroup handling is done in tests/main/security-device-cgroups,
these tests are more about high-level blackbox testing in the manner a
developer would experience things.
@jdstrand
interfaces: don't udev tag devmode or classic snaps (2.29) 
devmode and classic snaps are meant to run without confinement, but the udev
backend unconditionally udev tags devices resulting in permission denied errors
when for devices not in connected interfaces. While classic snaps currently
aren't allowed to plugs interfaces, this is expected to change so fix this now
too.

Reference:
https://forum.snapcraft.io/t/device-cgroup-is-applied-to-devmode-snap/2663

While we could simply not generate the files in /etc/udev/rules.d when in
devmode or classic, we instead generate those files with commented out the
udev rules. This makes the testsuite changes much smaller, but also allows
someone working in devmode to see what would be done, and to adjust the file in
/etc/udev/rules.d as needed when developing their snap.

This adds four spread tests: devmode, classic, jailmode and strict mode. While
much of the cgroup handling is done in tests/main/security-device-cgroups,
these tests are more about high-level blackbox testing in the manner a
developer would experience things.

Some checks were not successful

2 failing and 5 successful checks
@mvo5
artful-i386 — autopkgtest finished (failure)
Details
@mvo5
zesty-amd64 — autopkgtest finished (failure)
Details
@mvo5
artful-amd64 — autopkgtest finished (success)
Details
continuous-integration/travis-ci/pr — The Travis CI build passed
Details
@mvo5
xenial-amd64 — autopkgtest finished (success)
Details
@mvo5
xenial-i386 — autopkgtest finished (success)
Details
@mvo5
xenial-ppc64el — autopkgtest finished (success)
Details
1339755

@jdstrand jdstrand added this to the 2.29 milestone Nov 2, 2017

@zyga

zyga approved these changes Nov 2, 2017
View changes

LGTM

@codecov-io

codecov-io commented Nov 2, 2017

Codecov Report

Merging #4131 into release/2.29 will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@               Coverage Diff                @@
##           release/2.29    #4131      +/-   ##
================================================
+ Coverage         75.79%   75.79%   +<.01%     
================================================
  Files               433      433              
  Lines             37247    37253       +6     
================================================
+ Hits              28230    28236       +6     
  Misses             7044     7044              
  Partials           1973     1973
Impacted Files Coverage Δ
interfaces/udev/backend.go 79.45% <100%> (+1.84%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 37761a6...1339755. Read the comment docs.
@mvo5

mvo5 approved these changes Nov 2, 2017
View changes

@mvo5 mvo5 merged commit 481ba7d into snapcore:release/2.29 Nov 2, 2017
1 of 7 checks passed

1 of 7 checks passed

artful-amd64 autopkgtest running
Details
artful-i386 autopkgtest running
Details
xenial-amd64 autopkgtest running
Details
xenial-i386 autopkgtest running
Details
xenial-ppc64el autopkgtest running
Details
zesty-amd64 autopkgtest running
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jdstrand jdstrand deleted the jdstrand:fix-cgroup-with-devmode-2.29 branch Nov 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment