Zhaoxuan Zhai

lp:~kxuan/+git/snapd

  1. Git
  2. lp:~kxuan/+git/snapd
Owned by Zhaoxuan Zhai
Get this repository:
git clone https://git.launchpad.net/~kxuan/+git/snapd
Only Zhaoxuan Zhai can upload to this repository. If you are Zhaoxuan Zhai please log in for upload directions.

Branches

Name Last Modified Last Commit
kxuan-debug 2024-01-17 09:41:42 UTC
force ensureBootOk return a error

Author: Zhaoxuan Zhai
Author Date: 2024-01-17 09:41:42 UTC

force ensureBootOk return a error

Signed-off-by: Zhai Zhaoxuan <zhai.zhaoxuan@canonical.com>
master 2024-01-15 17:16:14 UTC
tests/main/userns: add a spread test for the userns interface (#12844)

Author: Alex Murray
Author Date: 2024-01-15 17:16:14 UTC

tests/main/userns: add a spread test for the userns interface (#12844)

Test that when plugging userns snaps can create new unprivileged user namespaces
and also test that when this interface is not connected, this is denied, both
via seccomp and also via AppArmor.

Also update the spread configuration to support local qemu testing of ubuntu-22.10-64

* spread: add ubuntu-22.10-64 to local qemu backend

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/userns: add a spread test for the userns interface

Test that when plugging userns snaps can create new unprivileged user namespaces
and also test that when this interface is not connected, this is denied, both
via seccomp and also via AppArmor.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/userns: ensure apparmor_parser doesn't pin the ABI

Instead specify to use the ABI presented by the kernel itself to ensure that the
parser does not silently downgrade the policy.

In the future I suspect we want snapd to always use the kernel ABI for
apparmor_parser and then store this ABI within the system-key to ensure policy
gets regenerated if / when the AppArmor kernel feature set changes.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/userns: support other platforms

Some of the CLONE_NEWXXXX flags are quite new so only use these in the test
unshare implementation if they are defined, plus adapt to arch's different
naming of the nogroup group as nobody.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/interfaces-userns: rename userns spread test

This ensures the naming is consistent across all the tests.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/interfaces-userns: simplify logic for arch specifics

On arch the nobody group is called nobody whereas on Ubuntu etc it is nogroup -
parameterise this instead of duplicating the code logic

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/lib/snaps/test-snapd-userns/bin/sh: add missing newline at EOF

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* spread.yaml: remove unnecessary addition of ubuntu-22.10-64 to qemu backend

Signed-off-by: Alex Murray <alex.murray@canonical.com>

* tests/main/interfaces-userns: restore sysctls and cleanups

Restore sysctl values to their originals on cleanup, plus remove the unnecessary
cleanup of the modified apparmor profile as these are restored automatically
during the generic cleanup and finally remove trailing blank lines.

Thanks to @sergiocazzolato for the suggestions.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

---------

Signed-off-by: Alex Murray <alex.murray@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
12 of 2 results FirstPreviousNextLast
This repository contains Public information 
Everyone can see this information.

Subscribers