Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces: generate real security file content #617
Conversation
|
@jdstrand can you please review this? |
zyga
added some commits
Mar 10, 2016
jdstrand
reviewed
Mar 10, 2016
| +@{INSTALL_DIR}="{/snaps,/gadget}" | ||
| +# Deprecated: | ||
| +@{CLICK_DIR}="{/snaps,/gadget}" | ||
| +`, |
jdstrand
Mar 10, 2016
Contributor
On Thu, 2016-03-10 at 10:51 -0800, Zygmunt Krynicki wrote:
- header = strings.Replace(header, "###WRITES###", "", 1)
- return []byte(header)
+}
+func (aa *appArmor) varsForApp(snapName, snapVersion, snapOrigin,
appName string) string {
- return fmt.Sprintf(
+# Specified profile variables +@{APP_APPNAME}="%s" +@{APP_ID_DBUS}="%s" +@{APP_PKGNAME_DBUS}="%s" +@{APP_PKGNAME}="%s" +@{APP_VERSION}="%s" +@{INSTALL_DIR}="{/snaps,/gadget}" +# Deprecated: +@{CLICK_DIR}="{/snaps,/gadget}" +,
Sure, now or in next commit/branch?
Whichever is easiest.
Jamie Strandboge | http://www.canonical.com
jdstrand
reviewed
Mar 10, 2016
| + header = strings.Replace(header, "###ABSTRACTIONS###", "", 1) | ||
| + header = strings.Replace(header, "###POLICYGROUPS###", "", 1) | ||
| + header = strings.Replace(header, "###READS###", "", 1) | ||
| + header = strings.Replace(header, "###WRITES###", "", 1) |
jdstrand
Mar 10, 2016
Contributor
If these aren't going to be used anymore, perhaps instead of setting these to empty strings they should be removed from interfaces/apparmor.go. I would be ok with that happening in a separate commit.
jdstrand
reviewed
Mar 10, 2016
| + | ||
| + return buf.String() | ||
| +} | ||
| + |
jdstrand
Mar 10, 2016
Contributor
dbusPath here is a near code copy of dbusPath in ./snappy/security.go. What are the plans for snappy/security.go? I'm guessing it needs to stick around for old-security/security-policy and old-security/security-override? The former is going to need the same sorts of apparmor variables so shouldn't dbusPath() be refactored? I imagine there is other similar code that could be refactored in snappy/security.go and interfaces/security.go surrounding old-security and interfaces.
zyga
Mar 10, 2016
Contributor
snappy/security.go will be killed IMHO (with the grand switch over to interfaces tomorrow-ish/next-week-ish)
jdstrand
reviewed
Mar 10, 2016
| +@{APP_VERSION}="version" | ||
| +@{INSTALL_DIR}="{/snaps,/gadget}" | ||
| +# Deprecated: | ||
| +@{CLICK_DIR}="{/snaps,/gadget}" |
jdstrand
reviewed
Mar 10, 2016
| +@{APP_VERSION}="version" | ||
| +@{INSTALL_DIR}="{/snaps,/gadget}" | ||
| +# Deprecated: | ||
| +@{CLICK_DIR}="{/snaps,/gadget}" |
jdstrand
reviewed
Mar 10, 2016
| - }) | ||
| + c.Check(blobs["/var/lib/snappy/seccomp/profiles/producer.origin_hook_version"], DeepEquals, []byte(""+ | ||
| + "# Mocked seccomp header\n"+ | ||
| + "allow open\n")) |
jdstrand
Mar 10, 2016
Contributor
Note, this isn't a valid seccomp profile entry. It would be nicer to have:
"# Mocked seccomp header\n"
"open\n"))
zyga
Mar 10, 2016
Contributor
Oh, thanks, I'll correct that.
I got fooled by "deny open" syntax elsewhere.
jdstrand
reviewed
Mar 10, 2016
| - }) | ||
| + c.Check(blobs["/var/lib/snappy/seccomp/profiles/consumer.origin_app_version"], DeepEquals, []byte(""+ | ||
| + "# Mocked seccomp header\n"+ | ||
| + "deny kexec\n")) |
|
Functionally, I'm not seeing that this branch is used. I tested by modifying ./interfaces/security.go to include an extra comment in varsForApp(), then I built and installed hello-world with 'sudo ./snappy install hello-world', but I didn't see the extra comment in /var/lib/snappy/apparmor/profiles/hello-world*. Note, hello-world does not use old-security, so I was expecting this branch to generate the profiles. Is this branch supposed to do that? |
|
@jdstrand yes, this branch is supposed to bring more parts before we glue them together. None of this code is live yet, you can only observe it via unit tests. |
zyga
referenced this pull request
Mar 10, 2016
Merged
interfaces/apparmor: add apparmor support code #635
zyga
added some commits
Mar 11, 2016
|
I'm merging this as-is. We'll work on tweaks to things like profile names so that's everything is compliant with the requirements of the security team but I'd like to move forward. |
added a commit
that referenced
this pull request
Mar 14, 2016
zyga
merged commit efd380e
into
snapcore:master
Mar 14, 2016
|
Sorry, I think it was not ideal that this got merged without a (go) code review, I don't see a +1 on this branch in the comments(?). There are some points that are worth looking at, e.g. the |
|
Hey @mvo5, I merged it because it was getting stale and the key here was the security side of the review which we did do. The temporary method you refer to will be removed before this thing is actually used (the method was pulled from a demo code I wrote a month ago and the design has evolved since). |
zyga commentedMar 9, 2016
This patch builds on the existing foundation to generate non-fake
content of all the files related to security.
The internal security helper interface is extended to contain additional
data for any snap (version, origin and list of apps). This is required
to construct correct content and to locate it in the right directories.
The "xmanager" (read as cross-manager) file is a temporary helper before
all of this moves to the state engine and we can query the state
directly from there. It only exists so that we can ask about the
version, origin and list of apps in a given snap.
Tests are somewhat tweaked since now the real contents of the security
files is very long, a set of mocking functions is provided to replace
the real (very long) seccomp and apparmor header with a shorter version
that is easier to analyze and compare.
Finally, the repository method that writes all the security files (which
is also supposed to move to the interface manager) is extended to pass
the new arguments.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com