tests: do not run degraded test in autopkgtest env
The autopkgtest environment sometimes has failing services. This
means that our degraded test leads to false positivies here. This
PR disables the test in the autopkgtest environment because we
have no control over the images in autopkgtest (unlike in our
spread CI) so the test is not useful here.
This patch adds a workaround for apparmor and overlayfs not playing
together on the ephemeral Ubuntu 18.10 server images. On such images
there's an overlayfs mounted over / with the upper directory in
/media/root-rw/overlay. Snapd detects this and generates a directive
with read access to said directory. At runtime we get a denial, however,
one that looks like this:
As we can see apparmor decided to resolve the path to "/overlay/" (which
notably does not exist in the filesystem at all). The reason for that is
not understood but as a special-case workaround we detect this and
return "/overlay" instead.
tests: tweak greps, run only with strict confinement
The greps needed tweaking because the logged denial differs across
kernel versions. The move away from sandbox-features is mandatory
because on opensuse 43.2 we run with classic confinement instead,
even though parts of apparmor are available in the kernel.
Signed-off-by: Zygmunt Krynicki <email address hidden>