snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
* snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
The current snap-bootstrap has a race when mounting the seed
partition in `mountNonDataPartitionMatchingKernelDisk` on EFI
systems.
The code determines the partUUID of the disk that booted the
kernel by reading the EFI LoaderDevicePartUUID variable. However
there is no guarantee that this partition is available when
snap-bootstrap runs, the kernel may still enumerate the HW.
This can be observed on a fast NUC when booting from a USB
stick.
Note that the `the-tool.serice` already has a
"After=systemd-udev-settle.service" set but that is still
racy because any `udev settle` (or `udev trigger --settle`)
is racy, the only option is to poll for the part uuid to
appear.
This is a minimal commit to avoid too much churn in code.
Thanks to Sertac for reporting this bug.
* snap-bootstrap: rework waitPartSrc to improve testing (thanks to Alberto and Ian)
* snap-bootstrap: show a log message if waitPartSrc needs to wait
If waitPartSrc needs to wait for the device this commit makes it
show a logger.Noticef() message. The message is only shown once
because waiting for the device is usually super quick and if it
is not that is most likely an error anyway so spamming the
terminal will not help.
* snap-bootstrap: add test that ensures that if no waiting is needed for partSrc no log message is displayed
* snap-bootstrap: rename waitPartSrc -> waitFile
* snap-bootstrap: fix time.Duration() casting on 32bit systems
many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts (#10871)
* daemon: introduce system-restart-immediate flag in the snaps APIs
this gets reflected on the Change
* overlord: make Changes respect system-restart-immediate
have all system restart requests that don't use Now already
use snapstate.RestartSystem which consults system-restrat-immediate
on the Change as set by daemon
make[1]: Leaving directory '/builddir/build/BUILD/snapd-2.51/cmd'
libsnap-confine-private/test-utils.c: In function 'rm_rf_tmp':
libsnap-confine-private/test-utils.c:63:9: error: 'g_spawn_check_exit_status' is deprecated: Use 'g_spawn_check_wait_status' instead [-Werror=deprecated-declarations]
63 | g_assert_true(g_spawn_check_exit_status(exit_status, NULL));
| ^~~~~~~~~~~~~
In file included from /usr/include/glib-2.0/glib.h:81, from libsnap-confine-private/test-utils.c:24:
/usr/include/glib-2.0/glib/gspawn.h:280:10: note: declared here
280 | gboolean g_spawn_check_exit_status (gint wait_status,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:2705: libsnap-confine-private/libsnap_confine_private_unit_tests-test-utils.o] Error 1
make[1]: *** Waiting for unfinished jobs....
Signed-off-by: Maciej Borzecki <email address hidden>
interfaces/seccomp: add clone3 to default template
Recent combinations of Go 1.17, glibc 2.34 and Linux 5.14 ended up triggering
pthread_create() code paths that try to use clone3() syscall when executing
snap-exec. Since snap-exec runs under the seccomp profile of the application,
make sure that clone3 is allowed in the default template. Also, applications may
trigger this code path themselves anyway.
The strace output when this fails looks like this:
interfaces/apparmor/template.go: allow inspection of dbus mediation level
This does not leak any information since an app could always try to send dbus
messages and see what fails to perform the same inspection, but this helps
eliminate some messages when using i.e. dbus-run-session legitimately for some
applications.