-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: add test to run snap inside lxd as a user #4230
Commits on Nov 16, 2017
-
Configuration menu - View commit details
-
Copy full SHA for 1ab5b67 - Browse repository at this point
Copy the full SHA 1ab5b67View commit details
Commits on Nov 17, 2017
-
cmd,packaging: make snap-confine setgid root
This patch makes snap-confine also setgid root (after being setuid-root since forever). This is required to manipulate cgroups inside LXD containers. To limit the scope of the change, snap-confine hides the setgid aspect for most of the code and only restores it for the cgroup manipulation. Forum: https://forum.snapcraft.io/t/snapcraft-adt-failures-with-the-new-core-release/2850 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 7722c04 - Browse repository at this point
Copy the full SHA 7722c04View commit details -
cmd/snap-update-ns: address review feedback
Thanks to jdstrand for the quick patch. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for c382f9a - Browse repository at this point
Copy the full SHA c382f9aView commit details -
cmd/snap-update-ns: check real_gid too, thanks jdstrand
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 0edd01c - Browse repository at this point
Copy the full SHA 0edd01cView commit details -
cmd/snap-update-ns: add secureMkfileAll
This patch adds a function similar to secureMkdirAll that instead of creating a number of directories instead creates a number of directories and a final leaf file. The purpose of this function is to create empty files as bind mount targets for files present in a read-only location that needs to become writable. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for ead87d6 - Browse repository at this point
Copy the full SHA ead87d6View commit details -
interfaces/builtin/account_control: drop group filter from seccomp rules
The /etc/shadow file is owned by user root across all supported distributions. However, the group owning that file is either 'shadow' or 'root' (Arch). Drop the group filter to avoid the need for detecting the right group at runtime. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 0c7027f - Browse repository at this point
Copy the full SHA 0c7027fView commit details -
interfaces/builtin/account_control: add catchall group rule in fchown…
…* seccomp rule The make sure there is a rule to ignore group ID. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for b8fd197 - Browse repository at this point
Copy the full SHA b8fd197View commit details -
interfaces/account_control: use /etc/shadow to obtain group informati…
…on for seccomp rules Some distributions may not use the 'shadow' group. In such case, seccomp rules will be incorrect, thus account-control interface may not work as expected. Instead of assuming a particular group, obtain this information by directly finding the owning group of /etc/shadow. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for bd5da06 - Browse repository at this point
Copy the full SHA bd5da06View commit details -
interfaces/account_control: update seccomp rule comments on chown
Be more specific about required chown() call on /etc/shadow. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 28150e1 - Browse repository at this point
Copy the full SHA 28150e1View commit details -
interfaces/builtin/account_control: use base 10 when formatting group ID
Use proper base when formatting group ID for seccomp template Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 8fdffab - Browse repository at this point
Copy the full SHA 8fdffabView commit details -
interfaces/builtin/account_control: simplify code in SecCompConnected…
…Plug() Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 074af4c - Browse repository at this point
Copy the full SHA 074af4cView commit details -
interfaces/account_control: cache seccomp snippet on first successful…
… run In order to avoid stat()ing /etc/shadow too frequently, cache the snippet on first successful run. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 285db54 - Browse repository at this point
Copy the full SHA 285db54View commit details -
intefaces/builtin/account_control: leave a note that the seccomp snip…
…pet is cached Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for fcae222 - Browse repository at this point
Copy the full SHA fcae222View commit details -
interfaces/builtin/account_control: reformat registerIface() call
Reformat the call to registerIface() in hope for smaller deltas when applying auto-refactoring in the future. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 1aba545 - Browse repository at this point
Copy the full SHA 1aba545View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7946031 - Browse repository at this point
Copy the full SHA 7946031View commit details -
cmd/snap-update-ns: detect read only filesystems in SecureMkfileAll
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 7925f2d - Browse repository at this point
Copy the full SHA 7925f2dView commit details -
cmd/snap-update-ns: tweak comment
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 578fd3a - Browse repository at this point
Copy the full SHA 578fd3aView commit details -
cmd/snap-update-ns: add smoke test for behavior of filepath.Clean
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for f45b4b1 - Browse repository at this point
Copy the full SHA f45b4b1View commit details -
cmd/snap-update-ns: tweak comment
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 633233a - Browse repository at this point
Copy the full SHA 633233aView commit details -
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 576faba - Browse repository at this point
Copy the full SHA 576fabaView commit details -
cmd/snap-update-ns: document secureMkFile
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 1930a82 - Browse repository at this point
Copy the full SHA 1930a82View commit details -
cmd/snap-update-ns: add splitIntoSegments
This patch adds a small helper that is used by SecureMk{File,Dir}All to ensure there's consistent behavior on unclean paths. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 6e264c2 - Browse repository at this point
Copy the full SHA 6e264c2View commit details -
snap/validate: extend socket validation tests
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5735b9d - Browse repository at this point
Copy the full SHA 5735b9dView commit details -
snap/validate: add SocketMode validation and test
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 56f6e60 - Browse repository at this point
Copy the full SHA 56f6e60View commit details -
snap: add test for invalid socket-mode in YAML
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0b8a9cd - Browse repository at this point
Copy the full SHA 0b8a9cdView commit details -
tests: add new
fakestore new-snap-{declaration,revision}
helpersThis allows to create snap-{declaration,revision} assertions signed with the TestStore keys. This allows us to put arbitrary snaps into the fakestore for testing.
Configuration menu - View commit details
-
Copy full SHA for fb720e5 - Browse repository at this point
Copy the full SHA fb720e5View commit details -
cmd/snap-update-ns: tweak changePerform
As suggested by Chipaca Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for d9d8e38 - Browse repository at this point
Copy the full SHA d9d8e38View commit details -
interfaces,tests: skip unknown plug/slot interfaces
This patch changes the Repository.AddSnap method to skip unknown interfaces when adding constituent plugs and slots. This regression happened because the repository no longer validates the snap, assuming the loader did. The loader did notice but did not remove the offending interfaces. As it is unclear what should happen, this patch implements a minimal solution to prevent snapd from crashing on nil interface. Fixes: https://bugs.launchpad.net/snappy/+bug/1732555 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 554c8a9 - Browse repository at this point
Copy the full SHA 554c8a9View commit details -
interfaces: add "refresh-schedule" attribute to snapd-control
Add a "refresh-schedule" attribute to the snapd-control interface that can be set to "managed".
Configuration menu - View commit details
-
Copy full SHA for a733fbc - Browse repository at this point
Copy the full SHA a733fbcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5999c8d - Browse repository at this point
Copy the full SHA 5999c8dView commit details -
snap/validate: add port range validation
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f0cbb21 - Browse repository at this point
Copy the full SHA f0cbb21View commit details -
store: add support for flags in ListRefresh()
For the upcoming snapd control managed code we will need a way to tell the store that we want the refresh information but that the actual refresh policy is managed. In preparation for this add a new "RefreshFlags" to allow expressing this. Initially we support one flag: - RefreshManaged which indicates that refreshes are managed by a snap via the snapd-control interface
Configuration menu - View commit details
-
Copy full SHA for afe7e98 - Browse repository at this point
Copy the full SHA afe7e98View commit details -
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ff596dd - Browse repository at this point
Copy the full SHA ff596ddView commit details -
Configuration menu - View commit details
-
Copy full SHA for 612b096 - Browse repository at this point
Copy the full SHA 612b096View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0b20676 - Browse repository at this point
Copy the full SHA 0b20676View commit details -
Configuration menu - View commit details
-
Copy full SHA for e04d846 - Browse repository at this point
Copy the full SHA e04d846View commit details -
snap: use field names when initializing composite literals
This makes go vet happy again. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 8a87db7 - Browse repository at this point
Copy the full SHA 8a87db7View commit details -
snap: use proper helper for constructing revision in validation tests
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 409aa13 - Browse repository at this point
Copy the full SHA 409aa13View commit details -
debian: add missing udev dependency
We run udevadm in our udev backend. So we need to ensure we have a dependency on this binary via the "udev" package.
Configuration menu - View commit details
-
Copy full SHA for c2578ab - Browse repository at this point
Copy the full SHA c2578abView commit details -
Configuration menu - View commit details
-
Copy full SHA for fcf4bfc - Browse repository at this point
Copy the full SHA fcf4bfcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5e9e0cb - Browse repository at this point
Copy the full SHA 5e9e0cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 61d7acf - Browse repository at this point
Copy the full SHA 61d7acfView commit details -
cmd/snap-update-ns: re-enable commented-out test
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for fa59284 - Browse repository at this point
Copy the full SHA fa59284View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2497562 - Browse repository at this point
Copy the full SHA 2497562View commit details -
cmd/snap-update-ns: switch to O_RDONLY
We just need to create a file, not write to it, so it's sufficient to O_RDONLY the open call. Thanks to jdstrand for explanation! Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for be02838 - Browse repository at this point
Copy the full SHA be02838View commit details -
Configuration menu - View commit details
-
Copy full SHA for c149809 - Browse repository at this point
Copy the full SHA c149809View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1e14158 - Browse repository at this point
Copy the full SHA 1e14158View commit details