o/ifacestate: update security profiles in connect undo handler #8932
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…o handler unless delayed-setup-profiles flag was set for connect task. This ensure that if manual 'snap connect ..' fails because of a connect hook, then profiles are back to previous state. With delayed-setup-profiles we don't have to regenerate profiles, because that flag is used in the context of changes such as refresh or install, where undo of the entire op restore security profiles. Update connect-undo spread test with checks for effective security profile.
stolowski
force-pushed
the
fix-connect-undo-profiles
branch
from
4d7320a
to
9bd7019
Compare
stolowski
changed the title
stolowski
changed the title
zyga
requested changes
Jun 29, 2020
| @@ -0,0 +1,2 @@ | |||
| #!/bin/sh | |||
| nc -h > /dev/null | |||
There was a problem hiding this comment.
Nitpick, always use exec to have the application process without shell waiting to forward the exit code.
Suggested change
| nc -h > /dev/null | |
| exec nc -h > /dev/null |
…ociated test - thanks zyga!
zyga
requested changes
Jun 30, 2020
|
This should be ready to land now, as precaution/preparation I have now merged master into it, let's see how that goes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When working on previous fix for connect undo handler (#8914) and a test for disconnect undo (#8928) I realized that connect undo has one more bug: it doesn't restore security profiles, which is important for manual 'snap connect ...' ops where we don't reset security profiles as part of undoing entire change. Due to this bug, if connect is undone, effective security profile has the permissions as if it succeeded, even though 'snap connections' will not report the connection.
To be clear, this is a bit of an edge case because such connect needs to be undone only if there is a failing connect- hook.