New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
o/ifacestate: update security profiles in connect undo handler #8932
o/ifacestate: update security profiles in connect undo handler #8932
Conversation
…o handler unless delayed-setup-profiles flag was set for connect task. This ensure that if manual 'snap connect ..' fails because of a connect hook, then profiles are back to previous state. With delayed-setup-profiles we don't have to regenerate profiles, because that flag is used in the context of changes such as refresh or install, where undo of the entire op restore security profiles. Update connect-undo spread test with checks for effective security profile.
4d7320a
to
9bd7019
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small comment inline.
@@ -0,0 +1,2 @@ | |||
#!/bin/sh | |||
nc -h > /dev/null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick, always use exec to have the application process without shell waiting to forward the exit code.
nc -h > /dev/null | |
exec nc -h > /dev/null |
…ociated test - thanks zyga!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the changes. Some tests are not happy due to nethack though, please see the logs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you
This should be ready to land now, as precaution/preparation I have now merged master into it, let's see how that goes. |
When working on previous fix for connect undo handler (#8914) and a test for disconnect undo (#8928) I realized that connect undo has one more bug: it doesn't restore security profiles, which is important for manual 'snap connect ...' ops where we don't reset security profiles as part of undoing entire change. Due to this bug, if connect is undone, effective security profile has the permissions as if it succeeded, even though 'snap connections' will not report the connection.
To be clear, this is a bit of an edge case because such connect needs to be undone only if there is a failing connect- hook.