Anything that imports the release module would trigger probing of apparmor
support in the system. This is wasteful and can be done lazily on demand. This
patch makes that so.
Signed-off-by: Zygmunt Krynicki <email address hidden>
overlord,daemon: mock security backends for testing
Testing the overlord involves initializing the overlord, which in turn
does the same to each of the managers. The interface manager is
particularly active during the initialization phase. It will initialize
all the security backends, some which deeply interrogate the system .
It will compute and compare the system key. Lastly it will regenerate
security profiles for all the snaps if said profile is mismatching. When
setting up core the apparmor security backend performs special handling
for the snap-confine program running from core or from snapd snaps.
All of that interacts with the system. While we could, with enough
effort, mock it away at a very fine grained level we could just replace
all the real security backends with a test backend. This is easy and has
no consequences because we were not measuring anything about the
interactions of the security backend anyway.
This patch does just that. In addition, now-useless mocking of various
system commands has been removed.
Signed-off-by: Zygmunt Krynicki <email address hidden>
The apparmor-support was supposed to be in libsnap-confine-private (long
time ago) but at the time I didn't move it there because unlike what the
name says, it was being used from tools other than snap-confine,
bringing along the libapparmor and libcap dependencies to places where
that was undesirable.
With shaving the yak in snap-discard-ns we can now do just that.
Signed-off-by: Zygmunt Krynicki <email address hidden>