Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces: support permanent security snippets #583
Conversation
zyga
added some commits
Mar 4, 2016
jdstrand
reviewed
Mar 4, 2016
| + return nil, fmt.Errorf("cannot compute static snippet for consumer") | ||
| + }, | ||
| + StaticPlugSecuritySnippetCallback: func(plug *Plug, securitySystem SecuritySystem) ([]byte, error) { | ||
| + return nil, fmt.Errorf("cannot compute static snippet for provider") |
jdstrand
Mar 4, 2016
Contributor
The language of 'consumer' and 'provider' here seems at odds with the changes above where you renamed consumer to slot and producer to plug. Should this be more consistent?
zyga
Mar 4, 2016
Contributor
I've added a TODO to do a quick pass over all the test data to use consistent wording.
I wonder what that wording should be though? Any suggestions
jdstrand
reviewed
Mar 4, 2016
| + c.Assert(err, ErrorMatches, "cannot compute static snippet for provider") | ||
| + c.Check(snippets, IsNil) | ||
| + snippets, err = repo.SecuritySnippetsForSnap(s.slot.Snap, testSecurity) | ||
| + c.Assert(err, ErrorMatches, "cannot compute static snippet for consumer") |
|
Without doing full code-review, the direction of the branch LGTM and is consistent with my understanding of the meeting yesterday. I do have some small questions inline. |
niemeyer
reviewed
Mar 4, 2016
| @@ -101,6 +101,12 @@ func (iface *BoolFileInterface) SlotSecuritySnippet(plug *interfaces.Plug, slot | ||
| } | ||
| } | ||
| +// StaticSlotSecuritySnippet returns the configuration snippet required to provide a bool-file interface. | ||
| +func (iface *BoolFileInterface) StaticSlotSecuritySnippet(slot *interfaces.Slot, securitySystem interfaces.SecuritySystem) ([]byte, error) { |
niemeyer
Mar 4, 2016
Contributor
Let's please call these "Permanent" rather than "Static".
Let's please have these method names instead:
PermanentSlotSnippetPermanentPlugSnippetConnectedSlotSnippetConnectedPlugSnippet
niemeyer
reviewed
Mar 4, 2016
| @@ -78,23 +78,61 @@ type Interface interface { | ||
| // SanitizeSlot checks if a slot is correct, altering if necessary. | ||
| SanitizeSlot(slot *Slot) error | ||
| - // SlotSecuritySnippet returns the configuration snippet needed by the | ||
| - // given security system to allow a snap to offer a slot of this interface. | ||
| + // StaticPlugSecuritySnippet returns static, plug-side security snippet. |
niemeyer
Mar 4, 2016
Contributor
// PermanentPlugSnippet returns the snippet of text for the given security system that is used
// during the whole lifetime of affected applications, whether the plug is connected or not.
Others should be changed in an equivalent way.
niemeyer
changed the title from
interfaces: support static and connections-specific security snippets
to
interfaces: support permanent security snippets
Mar 4, 2016
|
LGTM, assuming the indicated changes land with it. |
|
Please note the description needs to be tweaked before using it as the commit message. |
zyga commentedMar 4, 2016
This branch changes the Interface interface to expose four security-related
methods. The methods are Connected{Slot,Plug}Snippet(), which replace the older
{Slot,Plug}SecuritySnippet(), and a pair of new Permanent{Slot,Plug}Snippet().
This change is driven by the realization that we can simplify security
and number of interfaces by disassociating some permissions from
established connections.
For example, a display server interface can now be just a single
interface rather than two. Consider this example:
The mir snap, simply because it has the mir slot gets to have access
to graphics cards and all the required machinery. Mir can start even
without xeyes running yet.
As a connection is made between xeyes and mir, a new set of permissions
are granted: Xeyes can now talk to mir socket.
The same example works with any managed, shared resource that the
managing snap needs to be able to control regardless of who is connected
at a particular moment.
This patch also changes test interface that is use for testing to
support the extra methods.