Snappy

Merge lp:~sergiusens/snappy/seccomp into lp:~snappy-dev/snappy/snappy-moved-to-github

  1. seccomp
  2. Merge into snappy-moved-to-github
Proposed by Sergio Schvezov
Status: Merged
Approved by: John Lenton
Approved revision: 519
Merged at revision: 519
Proposed branch: lp:~sergiusens/snappy/seccomp
Merge into: lp:~snappy-dev/snappy/snappy-moved-to-github
Diff against target: 46 lines (+14/-0)
3 files modified
snappy/errors.go (+2/-0)
snappy/security.go (+5/-0)
snappy/security_test.go (+7/-0)
To merge this branch: bzr merge lp:~sergiusens/snappy/seccomp
Reviewer Review Type Date Requested Status
John Lenton (community) Approve
Review via email: mp+262880@code.launchpad.net

Commit message

Provide a more specific error than '%f is a directory' when missing a seccomp entry

To post a comment you must log in.
lp:~sergiusens/snappy/seccomp updated
519. By Sergio Schvezov

Provide a more specific error than '%f is a directory' when missing a seccomp entry

Revision history for this message
John Lenton (chipaca) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'snappy/errors.go'
2--- snappy/errors.go 2015-06-04 22:21:51 +0000
3+++ snappy/errors.go 2015-06-24 17:05:42 +0000
4@@ -140,6 +140,8 @@
5
6 // ErrInvalidSeccompPolicy is returned when policy-version and policy-vender are not set together
7 ErrInvalidSeccompPolicy = errors.New("policy-version and policy-vendor must be specified together")
8+ // ErrNoSeccompPolicy is returned when an expected seccomp policy is not provided.
9+ ErrNoSeccompPolicy = errors.New("no seccomp policy provided")
10 )
11
12 // ErrArchitectureNotSupported is returned when trying to install a snappy package that
13
14=== modified file 'snappy/security.go'
15--- snappy/security.go 2015-06-02 16:31:01 +0000
16+++ snappy/security.go 2015-06-24 17:05:42 +0000
17@@ -151,6 +151,11 @@
18 syscalls := []string{}
19
20 if sd.SecurityOverride != nil {
21+ if sd.SecurityOverride.Seccomp == "" {
22+ logger.Noticef("No seccomp policy found")
23+ return nil, ErrNoSeccompPolicy
24+ }
25+
26 fn := filepath.Join(baseDir, sd.SecurityOverride.Seccomp)
27 var s securitySeccompOverride
28 err := readSeccompOverride(fn, &s)
29
30=== modified file 'snappy/security_test.go'
31--- snappy/security_test.go 2015-06-08 16:26:25 +0000
32+++ snappy/security_test.go 2015-06-24 17:05:42 +0000
33@@ -58,6 +58,13 @@
34 c.Assert(string(content), Equals, expected)
35 }
36
37+func (a *SecurityTestSuite) TestSnappyNoSeccompOverrideEntry(c *C) {
38+ sd := SecurityDefinitions{SecurityOverride: &SecurityOverrideDefinition{}}
39+
40+ _, err := generateSeccompPolicy(c.MkDir(), "appName", sd)
41+ c.Assert(err, Equals, ErrNoSeccompPolicy)
42+}
43+
44 // no special security settings generate the default
45 func (a *SecurityTestSuite) TestSnappyHandleApparmorSecurityDefault(c *C) {
46 sec := &SecurityDefinitions{}

Subscribers

People subscribed via source and target branches