/snapd

overlord: use interfaces for all security aspects #854

Merged
merged 3 commits into from Apr 8, 2016

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@zyga @mvo5
@zyga
Contributor

zyga commented Apr 8, 2016

This branch switches to interfaces for all security tasks.

There are dragons ahead. This branch is not tested except for unit tests. I'm pushing it for early review and for actual testing. I've tested this on KVM with hello-world.snap. Install works (and snap really gets all the security in place) but remove fails on error: cannot find active snap for "hello-world"

@zyga zyga changed the title from overlord: use interfaces for all securiry aspects to overlord: use interfaces for all security aspects Apr 8, 2016

zyga added some commits Apr 7, 2016

@zyga
overlord/ifacestate: start handling security tasks 
This patch adds and registers handler for the setup-snap-security and
remove-snap-security tasks to the interfaces manager. This has several
consequences:

 - All security configuration is now handled with interfaces.
   (a lot of the code in the snappy/ package becomes dead)
 - External security templates from ubuntu-core-security are no longer
   used and the corresponding Debian dependencies can be dropped.
 - The old-security interface is, ironically, not supported yet because
   it is not implemented as in interface.
 - Connections are not supported (yet). Snaps do benefit from permanent
   security snippets on slots and plugs though.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

Some checks were not successful

3 failing and 1 successful checks
@snappy-m-o
Integration tests
Details
@snappy-m-o
autopkgtest
Details
continuous-integration/travis-ci/pr — The Travis CI build failed
Details
coverage/coveralls — Coverage decreased (-0.4%) to 74.498%
Details
4b8b999
@zyga
overlord/snapstate: stop handling security tasks 
This patch removes handlers for security tasks from the snap manager and
replaces them (but only during testing) with fake no-op handlers so that
task structure can be maintained.

This patch should be followed up with the complete removal of related
code (which is now dead). This affects both the snap manager backend and
large parts of the snappy/ package.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
0477830
@mvo5
Collaborator

mvo5 commented Apr 8, 2016

👍
@zyga
Merge remote-tracking branch 'upstream/master' into overlord-ifaces-s… 
…witch

Some checks were not successful

3 failing and 1 successful checks
@snappy-m-o
Integration tests
Details
@snappy-m-o
autopkgtest
Details
continuous-integration/travis-ci/pr — The Travis CI build failed
Details
coverage/coveralls — Coverage decreased (-0.5%) to 74.763%
Details
cfecb79

@mvo5 mvo5 merged commit 4485f4a into snapcore:master Apr 8, 2016
1 of 4 checks passed

1 of 4 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
Integration tests Started
Details
autopkgtest Started
Details
coverage/coveralls Coverage decreased (-0.5%) to 74.763%
Details

@zyga zyga deleted the zyga:overlord-ifaces-switch branch Apr 8, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment