/snapd

snap-confine: fix snap-confine under lxd #4246

Merged
merged 5 commits into from Nov 17, 2017

Conversation

Reviewers

@jdstrand jdstrand

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
  2.29
5 participants
@mvo5 @jdstrand @codecov-io @zyga @sergiocazzolato
@mvo5
Collaborator

mvo5 commented Nov 17, 2017
Edited 1 time

This reproduces the error reported in https://forum.snapcraft.io/t/snapcraft-adt-failures-with-the-new-core-release/2850/12 and includes a fix for it.

This also includes #4244 to unblock this from landing.

mvo5 and others added some commits Nov 16, 2017

@mvo5
tests: add test to run snap inside lxd as a user
33bda19
@zyga @mvo5
cmd,packaging: make snap-confine setgid root 
This patch makes snap-confine also setgid root (after being setuid-root
since forever). This is required to manipulate cgroups inside LXD
containers.

To limit the scope of the change, snap-confine hides the setgid aspect
for most of the code and only restores it for the cgroup manipulation.

Forum: https://forum.snapcraft.io/t/snapcraft-adt-failures-with-the-new-core-release/2850
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
186bb83
@zyga @mvo5
cmd/snap-update-ns: address review feedback 
Thanks to jdstrand for the quick patch.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
eb7532d
@zyga @mvo5
cmd/snap-update-ns: check real_gid too, thanks jdstrand 
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

All checks have failed

1 errored and 1 failing checks
continuous-integration/travis-ci/pr — The Travis CI build could not complete due to an error
Details
@mvo5
xenial-i386 — autopkgtest finished (failure)
Details
02f590c

@mvo5 mvo5 referenced this pull request Nov 17, 2017

Closed

tests: add test to run snap inside lxd as a user #4230

@sergiocazzolato @mvo5
disabling opensuse until timeout issue is fixed

All checks have passed

2 successful checks
continuous-integration/travis-ci/pr — The Travis CI build passed
Details
@mvo5
xenial-i386 — autopkgtest finished (success)
Details
344f660

@mvo5 mvo5 added this to the 2.29 milestone Nov 17, 2017

@jdstrand
Contributor

jdstrand commented Nov 17, 2017

Looks good assuming the tests pass.

@mvo5 mvo5 referenced this pull request Nov 17, 2017

Merged

snap-confine: fix snap-confine under lxd (2.29) #4248

@codecov-io

codecov-io commented Nov 17, 2017
Edited 2 times

Codecov Report

Merging #4246 into master will decrease coverage by 0.03%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4246      +/-   ##
==========================================
- Coverage   75.95%   75.92%   -0.04%     
==========================================
  Files         440      438       -2     
  Lines       38427    38404      -23     
==========================================
- Hits        29189    29157      -32     
- Misses       7224     7230       +6     
- Partials     2014     2017       +3
Impacted Files Coverage Δ
cmd/snap-seccomp/main.go 51% <0%> (-3.22%) ⬇️
errtracker/errtracker.go 69.17% <0%> (-2.26%) ⬇️
cmd/snap/cmd_aliases.go 93.33% <0%> (-1.67%) ⬇️
cmd/snap-update-ns/bootstrap.go 85% <0%> (-0.37%) ⬇️
overlord/snapstate/snapstate.go 80.2% <0%> (-0.24%) ⬇️
osutil/group.go 0% <0%> (ø) ⬆️
httputil/redirect17.go
httputil/transport16.go

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db1fc27...344f660. Read the comment docs.

@mvo5 mvo5 merged commit ac72bc1 into snapcore:master Nov 17, 2017
1 of 2 checks passed

1 of 2 checks passed

xenial-i386 autopkgtest running
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment