snappy-hwe-snaps

Merge ~morphis/snappy-hwe-snaps/+git/network-manager:f/add-firewall-control-iface into ~snappy-hwe-team/snappy-hwe-snaps/+git/network-manager:master

  1. Git
  2. lp:~morphis/snappy-hwe-snaps/+git/network-manager
  3. f/add-firewall-control-iface
  4. Merge into master
Proposed by Simon Fels
Status: Merged
Approved by: Alfonso Sanchez-Beato
Approved revision: 1b168b391c2b34cc67c7dd66772736107f4bbce4
Merged at revision: 7b1a6ace4f57913689b21832919bbea75bb34bf5
Proposed branch: ~morphis/snappy-hwe-snaps/+git/network-manager:f/add-firewall-control-iface
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/network-manager:master
Diff against target: 65 lines (+17/-2)
5 files modified
snapcraft.yaml (+1/-1)
tests/lib/prepare.sh (+3/-0)
tests/lib/utilities.sh (+1/-1)
tests/main/can-exec-iptables/task.yaml (+10/-0)
tests/main/installation/task.yaml (+2/-0)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Alfonso Sanchez-Beato Approve
Review via email: mp+320021@code.launchpad.net

Description of the change

Add firewall-control interface to allow NetworkManager accessing the iptables binary from the core snap to modify the system iptables configuration

To post a comment you must log in.
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:4036095b846ab48d52b13ebeab4df52954604682
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1322/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/511
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1230/console
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/1153
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/168

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1322/rebuild

review: Approve (continuous-integration)
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

FAILED: Continuous integration, rev:1b168b391c2b34cc67c7dd66772736107f4bbce4
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1324/
Executed test runs:
    FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/513/console
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1231/console
    FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/1154/console
    None: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/169/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1324/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

LGTM

review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:1b168b391c2b34cc67c7dd66772736107f4bbce4
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1325/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/514
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1232/console
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/1155
    None: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/170/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1325/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/snapcraft.yaml b/snapcraft.yaml
index fc22731..9e0dcc3 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -31,7 +31,7 @@ apps:
31 command: bin/networkmanager31 command: bin/networkmanager
32 daemon: simple32 daemon: simple
33 slots: [service]33 slots: [service]
34 plugs: [modem-manager, ppp, network-setup-observe, wpa]34 plugs: [modem-manager, ppp, network-setup-observe, wpa, firewall-control]
35 # FIXME: This will create currently a symlink inside /snap/bin35 # FIXME: This will create currently a symlink inside /snap/bin
36 # which points nowhere as the service isn't exposed as application36 # which points nowhere as the service isn't exposed as application
37 # for the user. Instead snapd needs to gain support to handle37 # for the user. Instead snapd needs to gain support to handle
diff --git a/tests/lib/prepare.sh b/tests/lib/prepare.sh
index 57d24b5..12a76da 100644
--- a/tests/lib/prepare.sh
+++ b/tests/lib/prepare.sh
@@ -27,6 +27,9 @@ rm -f /home/network-manager/snapd-state.tar.gz
27rm -f /home/network-manager/nm-state.tar.gz27rm -f /home/network-manager/nm-state.tar.gz
2828
29snap_install network-manager29snap_install network-manager
30# FIXME: Until the store snap-declaration is updated we need to connect
31# this plug manually.
32snap connect network-manager:firewall-control
3033
31# Snapshot of the current snapd state for a later restore34# Snapshot of the current snapd state for a later restore
32systemctl stop snapd.service snapd.socket35systemctl stop snapd.service snapd.socket
diff --git a/tests/lib/utilities.sh b/tests/lib/utilities.sh
index 8ca1418..14dbebb 100644
--- a/tests/lib/utilities.sh
+++ b/tests/lib/utilities.sh
@@ -59,4 +59,4 @@ mac_to_ipv6() {
59 mac=${mac#*:*:}59 mac=${mac#*:*:}
60 ipv6_address=$ipv6_address${mac%:*}${mac##*:}60 ipv6_address=$ipv6_address${mac%:*}${mac##*:}
61 echo $ipv6_address61 echo $ipv6_address
62}
63\ No newline at end of file62\ No newline at end of file
63}
diff --git a/tests/main/can-exec-iptables/task.yaml b/tests/main/can-exec-iptables/task.yaml
64new file mode 10064464new file mode 100644
index 0000000..878df5d
--- /dev/null
+++ b/tests/main/can-exec-iptables/task.yaml
@@ -0,0 +1,10 @@
1summary: Verify the NetworkManager snap is allowed to modify the iptables firewall configuration
2
3execute: |
4 # Running a simple command in the runtime environment of our service
5 # binary will tell us if we're allowed to execute the iptables binary
6 # from the core snap or not.
7 snap run --shell network-manager.networkmanager <<EOF
8 set -ex
9 /sbin/iptables -L
10 EOF
diff --git a/tests/main/installation/task.yaml b/tests/main/installation/task.yaml
index 2f1fe97..0dc8cf8 100644
--- a/tests/main/installation/task.yaml
+++ b/tests/main/installation/task.yaml
@@ -12,4 +12,6 @@ execute: |
12 # Ensure all necessary plugs/slots are connected12 # Ensure all necessary plugs/slots are connected
13 snap interfaces | grep -Pzq ":network-setup-observe +network-manager"13 snap interfaces | grep -Pzq ":network-setup-observe +network-manager"
14 snap interfaces | grep -Pzq ":ppp +network-manager"14 snap interfaces | grep -Pzq ":ppp +network-manager"
15 snap interfaces | grep -Pzq ":firewall-control +network-manager"
16 snap interfaces | grep -Pzq ":network-setup-observe +network-manager"
15 snap interfaces | grep -Pzq "network-manager:service +network-manager:nmcli"17 snap interfaces | grep -Pzq "network-manager:service +network-manager:nmcli"

Subscribers

People subscribed via source and target branches