tests: new test for cifs-mount interface

[sergiocazzolato]

No description provided.

[bboozzoo]

Looking good. Some comments inline.

[bboozzoo]

The tests are executed by root anyway, no need to use sudo.

[bboozzoo]

This should work too:

[data]
path=$(pwd)/local_share
writable=yes
browsable=yes

shellcheck will probably suggest something like this:

(echo "[data]"
echo "path=$(pwd)/local_share"
echo "writable=yes"
echo "browsable=yes" ) > /etc/samba/smb.conf

[bboozzoo]

You don't need to touch nmbd, IIRC it's only used for NetBIOS name resolution and shouldn't matter here.

[bboozzoo]

I thin this line and ones below should use $SNAP_DATA, eg:

test-snapd-cifs-mount.sh -c "mount -t cifs //127.0.0.1/data \$SNAP_DATA/local_mount -o user=test-cifs,passowrd=test"

[bboozzoo]

And you probably need to mkdir the mount point first too:

test-snapd-cifs-mount.sh -c "mkdir \$SNAP_DATA/local_mount"

[sergiocazzolato]

@bboozzoo thanks for reviewing this, all the commest have been addressed.

[bboozzoo]

2018-08-27 16:02:15 Error executing google:ubuntu-16.04-64:tests/main/interfaces-cifs-mount : 
-----
+ echo 'The interface is not connected by default'
The interface is not connected by default
+ MATCH -- '^- +test-snapd-cifs-mount:cifs-mount'
+ snap interfaces -i cifs-mount
+ echo 'When the interface is connected'
When the interface is connected
+ snap connect test-snapd-cifs-mount:cifs-mount
+ echo 'Then the snap is able to mount and umount a cifs fs'
Then the snap is able to mount and umount a cifs fs
+ test-snapd-cifs-mount.sh -c 'mount -t cifs //127.0.0.1/data $SNAP_DATA/local_mount -o user=test-cifs,passowrd=test'
/bin/sh: 1: mount: Permission denied
-----
...
[Mon Aug 27 16:02:14 2018] audit: type=1400 audit(1535385735.584:105): 
   apparmor="DENIED" operation="exec" 
   profile="snap.test-snapd-cifs-mount.sh" name="/bin/mount" 
   pid=25232 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

Maybe the interface should add (u)mount to the interface?

/usr/bin/mount ixr,
/usr/bin/umount ixr,

Otherwise when you have for eg. a simple Python app, you cannot really use the interface unless you poke the libc via ctypes or somesuch. @zyga @jdstrand wdyt?

[niemeyer]

@bboozzoo This interface is paired with mount-observe to have access to reading the current mounts.

@sergiocazzolato You'll probably need that too.

[niemeyer]

Some comments, and LGTM once you're happy about their consideration.

[niemeyer]

$ echo -e "foo\nbar"
foo
bar

[sergiocazzolato]

done

[niemeyer]

Probably needs mount-observe, per comments.

[sergiocazzolato]

@niemeyer , thanks for reviewing this. I tried by adding the mount-observe plug but still having the same denial. testlog: https://paste.ubuntu.com/p/X56wt4CHrw/

[niemeyer]

Shouldn't this be installing the local snap?

[sergiocazzolato]

As I need some dependencies as part of this snap, I had to create a snap and upload it to the store.

[niemeyer]

Why the --?

[bboozzoo]

Not strictly needed here because '^.. will be detected as part of the pattern and handled porperly. However, the pattern MATCH '- +test..' will fail because '- will be seen as a -foo switch. So it's either MATCH -- <pattern>. We could use grep .. -e switch which makes grep expec <pattern> as the next argument.

[bboozzoo]

This interface is paired with mount-observe to have access to reading the current mounts.

We're not even getting that far. The problem is that currently the only way of doing the mount is via mount(2) because the policy does not allow executing mount|umount. Looking and udisks2, there's the following entry in the policy (which I think we need in cifs-mount too):

# udisksd execs mount/umount to do the actual operations
/bin/mount ixr,
/bin/umount ixr,

# mount/umount (via libmount) track some mount info in these files
/run/mount/utab* wrl,

Edit: and sorry for accidentally closing the PR, I've clicked the wrong button.

[chipaca]

Can't we call mount.cifs directly?

[sergiocazzolato]

@chipaca, in the test we are already using mount.cifs.

test-snapd-cifs-mount.sh -c "mount.cifs //127.0.0.1/data1 $SNAP_DATA/local_mount -o user=test-cifs,passowrd=test"

[zyga]

LGTM

[zyga]

+ smbpasswd -x test-cifs
/bin/bash: line 64: smbpasswd: command not found

It looks like we need to patch the test to install another package @sergiocazzolato

[zyga]

When the interface is connected
+ snap connect test-snapd-cifs-mount:cifs-mount
+ snap connect test-snapd-cifs-mount:network-control
error: snap "test-snapd-cifs-mount" has no plug named "network-control"

[zyga]

This is now failing on:

+ test-snapd-cifs-mount.sh -c 'mount.cifs //127.0.0.1/data1 $SNAP_DATA/local_mount -o user=test-cifs,passowrd=test'
/bin/sh: 1: mount.cifs: not found

@sergiocazzolato can you look at this next week please. Feels like we are missing something :)

[sergiocazzolato]

It is blocked until we find a solution for the denial trying to access to /run/mount/utab

[sergiocazzolato]

Closeing the PR until a solution to the denial is found