/snapd

cmd/snap-update-ns: do not assume 'nogroup' exists #4191

Merged
merged 5 commits into from Nov 13, 2017

Conversation

Reviewers

@stolowski stolowski

@zyga zyga

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@bboozzoo @codecov-io @stolowski @zyga @mvo5
@bboozzoo
Contributor

bboozzoo commented Nov 9, 2017
Edited 1 time

Group 'nogroup' may not exist in given host system (eg. Arch). Although a
similar purpose group (eg. 'nobody') may be present, prefer using a hardcoded,
well know group name, such as 'root'.

Signed-off-by: Maciej Borzecki maciej.zenon.borzecki@canonical.com

Based on work in #4135 and standup discussions, the change is trying to reduce the number of places where we need actual group lookup calls.
@bboozzoo
cmd/snap-update-ns: do not assume 'nogroup' exists 
Group 'nogroup' may not exist in given host system (eg. Arch). Although a
similar purpose group (eg. 'nobody') may be present, prefer using a hardcoded,
well know group name, such as 'root'.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
2c1d0a3
@stolowski

stolowski requested changes Nov 9, 2017 edited
View changes

Hmm, by using root we're not properly testing XSnapGID, because it falls back to 'return 0, nil' if it doesn't match x-snapd.gid= prefix. In other words we may break XSnapGID and will not notice it.

Not sure what's the best strategy, perhaps the test should try both nogroup and nobody and see if one of them gives non-zero (that's a poor check too)...

bboozzoo added some commits Nov 3, 2017

@bboozzoo
cmd/snap-update-ns: do not assume that nogroup exists 
Some distros may not have a 'nogroup' defined (eg. ArchLinux has 'nobody' group
instead). Try all known alternatives instead of using a hardcoded group name.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
15e6b7b
@bboozzoo
cmd/snap-update-ns: comment on 'nobody' vs 'nogroup' use in tests 
Leave more meaningful comment on why we need to go through the extra hoops.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
43c9be7
@bboozzoo
Merge remote-tracking branch 'origin/master' into bboozzoo/snap-updat… 
…e-ns-no-nogroup
31b868a
@bboozzoo
Contributor

bboozzoo commented Nov 10, 2017

@stolowski pushed commits addressing the issue you raised, can you re-review?
cmd/snap-update-ns/entry_test.go
+ // 'nobody'
+ for _, grp := range []string{"nogroup", "nobody"} {
+ nogroup = grp
+ nogroupGID, _ = osutil.FindGid(nogroup)
@stolowski

stolowski Nov 10, 2017
Edited 1 time

Contributor

You should break the loop when find succeeds I think?

@bboozzoo
cmd/snap-update-ns: fix TestXSnapdGid 
Fix the lookup of 'nogroup' like group in TestXSnapdGid.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
fdbc268
@stolowski

stolowski approved these changes Nov 10, 2017
View changes

Thank you, LGTM.

cmd/snap-update-ns/entry_test.go
+ // try to cover differences between distributions and find a suitable
+ // 'nogroup' like group, eg. Ubuntu uses 'nogroup' while Arch uses
+ // 'nobody'
+ for _, grp := range []string{"nogroup", "nobody"} {
@stolowski

stolowski Nov 10, 2017

Contributor

Thank you for this change, I think that's the right thing to do and if we ever find a distro which has yet another name for nobody, we can add it here.

@zyga

zyga approved these changes Nov 10, 2017
View changes

LGTM

@codecov-io

codecov-io commented Nov 13, 2017

Codecov Report

❗️ No coverage uploaded for pull request base (master@e00b5b1). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #4191   +/-   ##
=========================================
  Coverage          ?   75.56%           
=========================================
  Files             ?      436           
  Lines             ?    37814           
  Branches          ?        0           
=========================================
  Hits              ?    28574           
  Misses            ?     7245           
  Partials          ?     1995

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e00b5b1...fdbc268. Read the comment docs.

@mvo5 mvo5 merged commit 9429119 into snapcore:master Nov 13, 2017
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment