Checkbox

Merge lp:~kissiel/checkbox/cep-9 into lp:checkbox

  1. cep-9
  2. Merge into trunk
Proposed by Maciej Kisielewski
Status: Merged
Approved by: Maciej Kisielewski
Approved revision: 4403
Merged at revision: 4407
Proposed branch: lp:~kissiel/checkbox/cep-9
Merge into: lp:checkbox
Diff against target: 125 lines (+121/-0)
1 file modified
cep/CEP-9.rst (+121/-0)
To merge this branch: bzr merge lp:~kissiel/checkbox/cep-9
Reviewer Review Type Date Requested Status
Checkbox Developers Pending
Review via email: mp+265107@code.launchpad.net

Description of the change

Well, this been for a while in the oven.
I've fixed all issues pointed out in the comments. The thing has been implemented last year, so I guess for docs' sake we should just land it :)

To post a comment you must log in.
Revision history for this message
Zygmunt Krynicki (zyga) wrote :
Download full text (5.4 KiB)

+1

As we go on I'd like to see the same things people can put in their
manifest.json files supported. In reality the actual apparmor profile
is generated from a template. I'd like to mimic that.

On Fri, Jul 17, 2015 at 4:05 PM, Maciej Kisielewski
<email address hidden> wrote:
> Maciej Kisielewski has proposed merging lp:~kissiel/checkbox/cep-9 into lp:checkbox.
>
> Requested reviews:
> Checkbox Developers (checkbox-dev)
>
> For more details, see:
> https://code.launchpad.net/~kissiel/checkbox/cep-9/+merge/265107
>
> -- WIP --
>
> Sandboxed tests CEP
>
> Early feedback welcome!
> --
> You are subscribed to branch lp:checkbox.
>
> === added file 'cep/CEP-9.rst'
> --- cep/CEP-9.rst 1970-01-01 00:00:00 +0000
> +++ cep/CEP-9.rst 2015-07-17 13:43:21 +0000
> @@ -0,0 +1,119 @@
> +===================================================
> +Checkbox Enhancement Proposal 9: Confined QML jobs
> +===================================================
> +
> +Summary
> +=======
> +
> +This CEP defines 'confined' flag for qml-native jobs that makes
> +checkbox-converged run them as seperate apps.
> +
> +Rationale
> +=========
> +
> +Currently when qml-jobs are run by checkbox-converged, they are run with the
> +same apparmor profile as checkbox-converged. For some tests we want to change
> +the security profile the test will run in. This CEP proposes a new way of
> +running qml-native jobs in which the polciies are changed.
> +
> +
> +Example
> +=======
> +
> +We need to provide a test that checks if the device asks for permission, when
> +an app asks for location data. Let's call it "the Test"
> +This job cannot be an ordinary qml-job, as apparmor policy defined for
> +checkbox-converged would be used to carry the test out.
> +
> +Expected behaviour when running tests is as follows:
> +- checkbox-converged gets to the Test
> +- device runs the Test with different set of policies
> +- prompt asking whether to let the Test use location information
> +- testing concludes
> +- checkbox-converged switches to the next test
> +
> +Changing apparmor policies
> +===========================
> +
> +Confined tests will have additional syntax in their definition to allow
> +user-defined policy.
> +Flag ``confined`` will be used, to inform that the test should run in a
> +confined manner.
> +This field - ``apparmor`` - will point to the file that
> +should be used as apparmor profile. Should this file be missing, the test will
> +have no priviliges and will run fully confined.
> +
> +Impact
> +======
> +
> +Adding confined tests requires change in how providers are handled by
> +Checkbox-Converged. Instead of copying them as-is, they need to be built. This
> +*does not* require any change to exisitng providers and *does not* change
> +behaviour of the app.
> +For other Checkbox Applications (cli, gui), confined tests will be executed as
> +ordinary qml-native jobs, because apparmor policies don't affect platforms
> +that those front-ends run on.
> +
> +Implementation
> +==============
> +
> +Proposed flow
> +-------------
> +Checkbox-Converged launches an app containing the test and holds its execution.
> +Device switches to running the test-app.
> +T...

Read more...

Revision history for this message
Zygmunt Krynicki (zyga) :
Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

+1, I've made some comments only to continue the discussion about how to generate the consumer apps at build time.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Nitpicking for some typos.

Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :
Download full text (5.4 KiB)

The attempt to merge lp:~kissiel/checkbox/cep-9 into lp:checkbox failed. Below is the output from the failed tests.

[precise] starting container
[precise] (timing) 0.09user 0.10system 0:05.37elapsed 3%CPU (0avgtext+0avgdata 10252maxresident)k
[precise] (timing) 0inputs+32outputs (0major+8774minor)pagefaults 0swaps
[precise] provisioning container
[precise] (timing) 48.05user 19.53system 1:17.74elapsed 86%CPU (0avgtext+0avgdata 96456maxresident)k
[precise] (timing) 0inputs+19072outputs (0major+3207947minor)pagefaults 0swaps
[precise-testing] Starting tests...
Found a test script: ./checkbox-ng/requirements/container-tests-checkbox-ng-unit
[precise-testing] container-tests-checkbox-ng-unit: PASS
[precise-testing] (timing) 0.69user 0.15system 0:00.86elapsed 98%CPU (0avgtext+0avgdata 48332maxresident)k
[precise-testing] (timing) 0inputs+1384outputs (0major+22257minor)pagefaults 0swaps
Found a test script: ./checkbox-support/requirements/container-tests-checkbox-support
[precise-testing] container-tests-checkbox-support: PASS
[precise-testing] (timing) 32.69user 0.26system 0:33.00elapsed 99%CPU (0avgtext+0avgdata 150644maxresident)k
[precise-testing] (timing) 0inputs+1368outputs (0major+39230minor)pagefaults 0swaps
Found a test script: ./checkbox-touch/requirements/container-tests-touch-unit-tests
[precise-testing] container-tests-touch-unit-tests: PASS
[precise-testing] (timing) 0.01user 0.00system 0:00.02elapsed 69%CPU (0avgtext+0avgdata 2180maxresident)k
[precise-testing] (timing) 0inputs+8outputs (0major+2376minor)pagefaults 0swaps
Found a test script: ./plainbox/plainbox/impl/providers/categories/requirements/container-tests-provider-categories
[precise-testing] container-tests-provider-categories: PASS
[precise-testing] (timing) 0.99user 0.13system 0:01.14elapsed 98%CPU (0avgtext+0avgdata 46064maxresident)k
[precise-testing] (timing) 0inputs+64outputs (0major+14200minor)pagefaults 0swaps
Found a test script: ./plainbox/requirements/001-container-tests-plainbox-egg-info
[precise-testing] 001-container-tests-plainbox-egg-info: PASS
[precise-testing] (timing) 0.31user 0.07system 0:00.39elapsed 97%CPU (0avgtext+0avgdata 20260maxresident)k
[precise-testing] (timing) 0inputs+88outputs (0major+11874minor)pagefaults 0swaps
Found a test script: ./plainbox/requirements/container-tests-plainbox
[precise-testing] container-tests-plainbox: PASS
[precise-testing] (timing) 53.69user 1.32system 0:55.18elapsed 99%CPU (0avgtext+0avgdata 198948maxresident)k
[precise-testing] (timing) 0inputs+3264outputs (0major+198801minor)pagefaults 0swaps
Found a test script: ./plainbox/requirements/container-tests-plainbox-documentation
[precise-testing] container-tests-plainbox-documentation: PASS
[precise-testing] (timing) 146.32user 0.73system 2:27.39elapsed 99%CPU (0avgtext+0avgdata 188728maxresident)k
[precise-testing] (timing) 0inputs+43208outputs (0major+57319minor)pagefaults 0swaps
Found a test script: ./plainbox/requirements/container-tests-plainbox-integration
[precise-testing] container-tests-plainbox-integration: PASS
[precise-testing] (timing) 0.83us...

Read more...

lp:~kissiel/checkbox/cep-9 updated
4403. By Maciej Kisielewski

add CEP-9

Revision history for this message
Maciej Kisielewski (kissiel) wrote :

> The attempt to merge lp:~kissiel/checkbox/cep-9 into lp:checkbox failed. Below
> is the output from the failed tests.
> (...)

The auto-branch-testing failed because the branch had test scripts from yesteryear. I fiddled with history and got it rebased. Should be good now.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'cep/CEP-9.rst'
2--- cep/CEP-9.rst 1970-01-01 00:00:00 +0000
3+++ cep/CEP-9.rst 2016-06-20 21:14:57 +0000
4@@ -0,0 +1,121 @@
5+===================================================
6+Checkbox Enhancement Proposal 9: Confined QML jobs
7+===================================================
8+
9+Summary
10+=======
11+
12+This CEP defines 'confined' flag for qml-native jobs that makes
13+checkbox-converged run them as separate apps.
14+
15+Rationale
16+=========
17+
18+Currently when qml-jobs are run by checkbox-converged, they are run with the
19+same apparmor profile as checkbox-converged. For some tests we want to change
20+the security profile the test will run in. This CEP proposes a new way of
21+running qml-native jobs in which the policies are changed.
22+
23+
24+Example
25+=======
26+
27+We need to provide a test that checks if the device asks for permission, when
28+an app asks for location data. Let's call it "the Test"
29+This job cannot be an ordinary qml-job, as apparmor policy defined for
30+checkbox-converged would be used to carry the test out.
31+
32+Expected behaviour when running tests is as follows:
33+- checkbox-converged gets to the Test
34+- device runs the Test with different set of policies
35+- prompt asking whether to let the Test use location information
36+- testing concludes
37+- checkbox-converged switches to the next test
38+
39+Changing apparmor policies
40+===========================
41+
42+Confined tests will have additional syntax in their definition to allow
43+user-defined policy.
44+Flag ``confined`` will be used, to inform that the test should run in a
45+confined manner.
46+This field - ``apparmor`` - will point to the file that
47+should be used as apparmor profile. Should this file be missing, the test will
48+have no privileges and will run fully confined.
49+
50+Impact
51+======
52+
53+Adding confined tests requires change in how providers are handled by
54+Checkbox-Converged. Instead of copying them as-is, they need to be built. This
55+*does not* require any change to existing providers and *does not* change
56+behaviour of the app.
57+For other Checkbox Applications (cli, gui), confined tests will be executed as
58+ordinary qml-native jobs, because apparmor policies don't affect platforms
59+that those front-ends run on.
60+
61+Implementation
62+==============
63+
64+Proposed flow
65+-------------
66+Checkbox-Converged launches an app containing the test and holds its execution.
67+Device switches to running the test-app. ::
68+
69+- Test is performed.
70+- Test-app prepares test result object.
71+- Test-app pushes result object to ContentHub with Checkbox-Converged as the
72+- destination requesting immediate consumption.
73+- Test-app terminates.
74+- Device switches back to Checkbox-Converged and processes the result object.
75+- Checkbox-Converged carries on with normal execution.
76+
77+Multi-app
78+---------
79+Current architecture of click bundles lets us to bundle multiple apps in one
80+click. Every app may have different apparmor policy so the easiest way is to
81+provide means for checkbox-converged to be delivered with all confined tests
82+packaged as seperate apps within the same click package. Proof of concept of
83+that is here: https://code.launchpad.net/~kissiel/+git/multi-app/+ref/master
84+
85+
86+Generating apps
87+---------------
88+The sandboxed test needs to communicate its result back to checkbox-converged;
89+to achieve this goal Content Hub can be used. Normally the communication
90+initiator (confined test) would have to ask user to pick the app which they
91+would like to send the results to. This can be avoided by hardcoding qualified
92+name of the destination. This qualified name requires precise information about
93+current version of Checkbox-Converged. To make this part reliable, information
94+about consumer and sender must be generated during creation of the click
95+package. The whole process can be governed by the ``build`` command of
96+``manage.py`` script of the provider. Building a provider that has confined
97+test would mean generating those applications and generating hook entry for the
98+'global' click manifest to contain.
99+
100+
101+Job definition examples
102+=======================
103+::
104+
105+ id: normal-qml-job
106+ _summary: A QML job that runs with the default apparmor settings
107+ plugin: qml
108+ qml_file: foo.qml
109+ flags: preserve-locale
110+ estimated_duration: 10
111+
112+ id: confied-qml-job
113+ _summary: A QML job that is fully confined
114+ plugin: qml
115+ qml_file: bar.qml
116+ flags: confined preserve-locale
117+ estimated_duration: 10
118+
119+ id: custom-confinement-qml-job
120+ _summary: A QML job that is run using custom apparmor settings
121+ plugin: qml
122+ qml_file: baz.qml
123+ flags: confined preserve-locale
124+ apparmor: baz_apparmor.json
125+ estimated_duration: 10

Subscribers

People subscribed via source and target branches