Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

snapstate: do not allow classic mode for strict snaps #6039

Merged
merged 15 commits into from
Nov 13, 2018
Merged

snapstate: do not allow classic mode for strict snaps #6039

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c611736
snapstate: do not allow classic mode for strict snaps
mvo5 Oct 24, 2018
21c6993
Merge remote-tracking branch 'origin/master' into bboozzoo/pr-6039
bboozzoo Oct 26, 2018
9dbe291
overlord/snapstate: run tests for classic snaps even on systems that …
bboozzoo Oct 26, 2018
b55a5db
Merge remote-tracking branch 'origin/master' into bboozzoo/pr-6039
bboozzoo Oct 26, 2018
a82c8ba
overlord/snapstate: fix typo
bboozzoo Oct 26, 2018
ccd4623
overlord/snapstate: fix handling of classic on updates & install, ext…
bboozzoo Oct 26, 2018
a960454
tests/main/install-errors: fix error matching, fix systems not suppor…
bboozzoo Oct 26, 2018
b9c8127
tests/lib/fakestore: return confinement in snap details
bboozzoo Oct 29, 2018
e0c146b
Update overlord/snapstate/snapstate.go
zyga Oct 29, 2018
563744b
overlord/snapstate: drop superfluous info and flags validation
bboozzoo Oct 30, 2018
4b243d1
Merge remote-tracking branch 'origin/master' into bboozzoo/pr-6039
bboozzoo Nov 9, 2018
0afa031
many: separate error for a non classic confined snap
bboozzoo Nov 9, 2018
c21e3a2
tests/main/install-errors: update to match new error message
bboozzoo Nov 9, 2018
be6bd59
snap: improve ErrorKindSnapNotClassic message
mvo5 Nov 12, 2018
99eab3a
tests/main/install-errors: update to match snap error changes
bboozzoo Nov 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions overlord/snapstate/check_snap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,10 @@ func (e *SnapNeedsClassicSystemError) Error() string {
// determine whether the flags (and system overrides thereof) are
// compatible with the given *snap.Info
func validateFlagsForInfo(info *snap.Info, snapst *SnapState, flags Flags) error {
if flags.Classic && !info.NeedsClassic() {
return fmt.Errorf("classic confinment requested for a non classic confined snap")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

confinement

}

switch c := info.Confinement; c {
case snap.StrictConfinement, "":
// strict is always fine
Expand Down
21 changes: 21 additions & 0 deletions overlord/snapstate/check_snap_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,27 @@ confinement: classic
c.Assert(err, ErrorMatches, ".* requires classic confinement which is only available on classic systems")
}

func (s *checkSnapSuite) TestCheckSnapErrorClassicModeForStrictOrDevmode(c *C) {
const yaml = `name: hello
version: 1.10
confinement: strict
`
info, err := snap.InfoFromSnapYaml([]byte(yaml))
c.Assert(err, IsNil)

var openSnapFile = func(path string, si *snap.SideInfo) (*snap.Info, snap.Container, error) {
c.Check(path, Equals, "snap-path")
c.Check(si, IsNil)
return info, emptyContainer(c), nil
}
restore := snapstate.MockOpenSnapFile(openSnapFile)
defer restore()

err = snapstate.CheckSnap(s.st, "snap-path", "hello", nil, nil, snapstate.Flags{Classic: true})

c.Assert(err, ErrorMatches, "classic confinment requested for a non classic confined snap")
}

func (s *checkSnapSuite) TestCheckSnapKernelUpdate(c *C) {
reset := release.MockOnClassic(false)
defer reset()
Expand Down
7 changes: 7 additions & 0 deletions tests/main/install-errors/task.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,3 +76,10 @@ execute: |
exit 1
fi
MATCH 'characters that look like dashes but are not' < stderr.out

echo "Installing a strict snap in classic mode does not work"
if snap install --classic test-snapd-tools 2>stderr.out; then
echo "snap install ––classic test-snapd-tools should have failed but did not"
exit 1
fi
MATCH 'classic confinment requested for a non classic confined snap' < stderr.out