New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/snap-discard-ns: add support for per-user mount namespaces #6010
Commits on Oct 17, 2018
-
cmd/snap-discard-ns: add support for per-user mount namespaces
This patch rewrites snap-discard-ns to support user mounts. This involves scanning for the new per-user mount namespaces and mount profiles. The program was simplified to not use the "abstraction" of provided by "ns-support.h". The abstraction was poor and with the upcoming changes to snap-confine to accommodate per-user mount namespaces it is easier to audit and understand the code directly. This change makes "ns-support.h" private to snap-confine so it can evolve separately. The manual page was updated to reflect the new functionality and refresh some cruft like project bug report URL. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 24d0a12 - Browse repository at this point
Copy the full SHA 24d0a12View commit details
Commits on Oct 18, 2018
-
tests: create dummy per-user mount namespace using stdlib, not libmount
This patch fixes an issue that only manifests itself on Ubuntu 14.04 where /etc/mtab is a real file and not a symbolic link to /proc/mtab. On such system mount(1) which uses libmount internally, keeps track of all the operations by editing the mtab file. Sadly, our hackery inside snap-confine and snap-discard-ns is totally not editing mtab. This causes confusion when umount(1) is asked to detach a mount namespace file. The problem is that at that time the file is already unmounted, thanks to updated snap-discard-ns. Because the test had atificially created the .mnt file with touch and mount(1) there is now a stale mount entry in mtab. In the cleanup section of each test (actually the prepare section but conceptually it is the cleanup after previous test) we, via snapd.postrm or snap-mgmt.sh unmount and remove all the preserved mount namespaces. When umount(1) is given a file that is not a mount point it goes to search mtab, treating it as a mount _source_ (not target) and proceeds to umount the target of whatever is found. To avoid this issue, since we are not using libmount in snap-discard-ns or snap-confine, simply avoid using libmount driven mount(1) in the test as well. This patch implements a thin python wrapper around mount and uses it for the construction of the fake per-user mount namespace. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for b803e1c - Browse repository at this point
Copy the full SHA b803e1cView commit details -
tests: provide python 2 / 3 version of mount.py
On Amazon Linux 2 we don't have Python 3 but we do have Python 2. Implement a Python 2.7 compatible version of mount.py and use it automatically if Python 3 is not available. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for a5ba684 - Browse repository at this point
Copy the full SHA a5ba684View commit details
Commits on Oct 22, 2018
-
cmd/snap-discard-ns: make sure fdopendir worked
Thanks to Maciej for spotting this. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for b83f92d - Browse repository at this point
Copy the full SHA b83f92dView commit details -
tests: return non-zero if unmount fails
Thanks to Maciej for spotting this. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for d268415 - Browse repository at this point
Copy the full SHA d268415View commit details
Commits on Oct 24, 2018
-
tests: unify mount.py for Python 2 and 3
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 65e0b22 - Browse repository at this point
Copy the full SHA 65e0b22View commit details -
tests: catch and handle only OSError
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 236eb62 - Browse repository at this point
Copy the full SHA 236eb62View commit details
Commits on Oct 25, 2018
-
cmd/snap-discard-ns: check for FNM_NOMATCH
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for f315dae - Browse repository at this point
Copy the full SHA f315daeView commit details -
cmd/snap-discard-ns: don't abbreviate pattern
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 1b16aa3 - Browse repository at this point
Copy the full SHA 1b16aa3View commit details -
cmd/snap-discard-ns: validate snap instance name
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 95f32ac - Browse repository at this point
Copy the full SHA 95f32acView commit details -
cmd/snap-discard-ns: add comment about PATH_MAX
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 3201251 - Browse repository at this point
Copy the full SHA 3201251View commit details -
cmd/snap-discard-ns: reformat with clang-format
Since this is a "clean-slate" due to the rewrite we can introduce alternate formatting mode. After some experimentation I picked clang-format and used the following style: {BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 120} This makes the code read better than with defaults, especially due to longer column limit. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 0ecf144 - Browse repository at this point
Copy the full SHA 0ecf144View commit details