Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/snap-confine: handle mounted shared /run/snapd/ns #6159

Merged
merged 8 commits into from Nov 27, 2018
Merged

cmd/snap-confine: handle mounted shared /run/snapd/ns #6159

merged 8 commits into from Nov 27, 2018

Conversation

zyga
Copy link
Collaborator

@zyga zyga commented Nov 15, 2018

The code that handles special sharing mode of /run/snapd/ns did cope
with /run/snapd/ns being a private mount point and not being a mount
point at all. When it was a mount point but one with shared mount event
propagation all kinds of hell would break loose. This patch fixes this.

The existing unit tests were nixed and replaced with a much more
readable and comprehensive spread test.

Fixes: https://bugs.launchpad.net/snapd/+bug/1803542
Signed-off-by: Zygmunt Krynicki me@zygoon.pl

@zyga zyga force-pushed the fix/lp-1803542 branch 2 times, most recently from 7db5561 to fe3eae8 Compare November 15, 2018 14:22
bboozzoo
bboozzoo approved these changes Nov 20, 2018
View reviewed changes
Copy link
Collaborator

@bboozzoo bboozzoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, some nitpicks about comments.

tests/regression/lp-1803542/task.yaml Show resolved Hide resolved
tests/regression/lp-1803542/task.yaml Outdated Show resolved Hide resolved
tests/regression/lp-1803542/task.yaml Outdated Show resolved Hide resolved
cmd/snap-confine/ns-support.c Outdated Show resolved Hide resolved
@zyga
cmd/snap-confine: handle mounted shared /run/snapd/ns
e7cabc6 
The code that handles special sharing mode of /run/snapd/ns did cope
with /run/snapd/ns being a private mount point and not being a mount
point at all. When it was a mount point but one with shared mount event
propagation all kinds of hell would break loose. This patch fixes this.

The existing unit tests were nixed and replaced with a much more
readable and comprehensive spread test.

Fixes: https://bugs.launchpad.net/snapd/+bug/1803542
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
cmd/snap-confine: if -> whether
eb6b0f3 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
tests: avoid findmnt features absent on 14.04
a343177 
Instead of using findmnt to find a mount point and show the mount event
propagation with -o PROPAGATION we can look at /proc/self/mountinfo and
do the unholy grep awk cut combo.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
tests: eliminate needless cat
083b58d 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
tests: fix variant name
92103f5 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
tests: tweak comments
4645201 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
tests: don't assume /run/snapd/ns existed
14cde84 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@bboozzoo
Copy link
Collaborator 

+ /usr/lib/snapd/snap-discard-ns test-snapd-sh
+ findmnt --noheadings /run/snapd/ns
+ umount /run/snapd/ns
umount: /run/snapd/ns: target is busy
        (In some cases useful info about processes that
         use the device is found by lsof(8) or fuser(1).)

@zyga
Copy link
Collaborator Author

zyga commented Nov 22, 2018

I saw the failure last night, I need to look at that.

@zyga
tests: show mount table on failure
8fa00fb 
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
@zyga
Copy link
Collaborator Author

zyga commented Nov 22, 2018

I reproduced the bug, looks like something didn't clean up after itself in a prior test.

@zyga
Copy link
Collaborator Author

zyga commented Nov 23, 2018

This is blocked by a bug fixed by #6203

stolowski
stolowski approved these changes Nov 27, 2018
View reviewed changes
Copy link
Contributor

@stolowski stolowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good +1, one question below.

tests/regression/lp-1803542/task.yaml
private)
mkdir -p /run/snapd/ns
mount --bind /run/snapd/ns /run/snapd/ns
mount --make-private /run/snapd/ns
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we do anything about these mount points in restore:?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, snap-confine restores the correct setup on each execution. We don't have to unmount them. The code here is what snap-confine does internally.

tests/regression/lp-1803542/task.yaml
VARIANT/absent: absent
VARIANT/present: present
VARIANT/shared: shared
VARIANT/private: private
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, worked better than the unit test :)

@zyga zyga merged commit 8c2856c into snapcore:master Nov 27, 2018
@zyga zyga deleted the fix/lp-1803542 branch November 27, 2018 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bboozzoo bboozzoo bboozzoo approved these changes

@stolowski stolowski stolowski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@zyga @bboozzoo @stolowski