Permalink
Browse files

intefaces/builtin: allow getsockname on connected x11 plugs

This patch allows application using a connected x11 plug to use the
"getsockname" system call. This seems to be required by xeyes.

Fixes: https://bugs.launchpad.net/snappy/+bug/1574526
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
  • Loading branch information...
1 parent 7ec39b9 commit e0f7f3bec17b0f33f3aaf4fa0c0f4273c98a788a @zyga committed Apr 25, 2016
Showing with 9 additions and 0 deletions.
  1. +1 −0 interfaces/builtin/x11.go
  2. +8 −0 interfaces/builtin/x11_test.go
@@ -39,6 +39,7 @@ const x11ConnectedPlugSecComp = `
# Usage: reserved
getpeername
+getsockname
recvfrom
recvmsg
shutdown
@@ -25,6 +25,7 @@ import (
"github.com/ubuntu-core/snappy/interfaces"
"github.com/ubuntu-core/snappy/interfaces/builtin"
"github.com/ubuntu-core/snappy/snap"
+ "github.com/ubuntu-core/snappy/testutil"
)
type X11InterfaceSuite struct {
@@ -130,3 +131,10 @@ func (s *X11InterfaceSuite) TestUnexpectedSecuritySystems(c *C) {
func (s *X11InterfaceSuite) TestAutoConnect(c *C) {
c.Check(s.iface.AutoConnect(), Equals, true)
}
+
+// The getsockname system call is allowed
+func (s *X11InterfaceSuite) TestLP1574526(c *C) {
+ snippet, err := s.iface.ConnectedPlugSnippet(s.plug, s.slot, interfaces.SecuritySecComp)
+ c.Assert(err, IsNil)
+ c.Check(string(snippet), testutil.Contains, "getsockname\n")
+}

0 comments on commit e0f7f3b

Please sign in to comment.