snap-confine

Merge lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 into lp://qastaging/~snappy-dev/snap-confine/trunk

fix-udev-for-1604
Merge into trunk

Proposed by Jamie Strandboge on 2016-04-05

Status:

Merged

Merged at revision:

125

Proposed branch:

lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604

Merge into:

lp://qastaging/~snappy-dev/snap-confine/trunk

Diff against target:

437 lines (+181/-109)

6 files modified

README (+26/-3)
debian/changelog (+21/-0)
debian/usr.bin.ubuntu-core-launcher (+4/-6)
src/80-snappy-assign.rules (+1/-1)
src/main.c (+127/-98)
src/snappy-app-dev (+2/-1)

To merge this branch:

bzr merge lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604

Related bugs:

Bug #1564401: launcher does not apply cgroups on 16.04

High

Fix Released

Remove

Link a bug report

Reviewer	Review Type	Date Requested	Status
Tyler Hicks (community)		2016-04-05	Needs Fixing on 2016-04-14
Review via email: mp+291028@code.qastaging.launchpad.net

Description of the change

  * update cgroup handling for 16.04 (LP: #1564401):
    - debian/usr.bin.ubuntu-core-launcher:
      + allow creating cgroups with snap.*
      + allow ixr of 'tr'
      + remove access to /var/lib/apparmor/clicks/
    - update README to more fully explain the cgroups implementation
    - src/80-snappy-assign.rules: append an app-specific tag instead of
      adding a generic tag and snap-specific property
    - src/snappy-app-dev: convert the new tag to the directory name
    - src/main.c:
      + refactor and simplify control flow to query udev for device assignment
        instead of searching apparmor policy for a specific string
      + adjust udev query for app-specific tag
      + raise real_uid after fork() before calling /lib/udev/snappy-app-dev
        so non-root app launches work with the device cgroup

Revision history for this message

Leo Arias (elopio) on 2016-04-06:

#

lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 updated on 2016-04-06

123. By Jamie Strandboge on 2016-04-06: address typo pointed out be Leo

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-06:

#

Thanks Leo, pushed in r123.

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2016-04-14:

#

See inline comments.

review: Needs Fixing

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2016-04-14:

#

I'll also note that, due to release deadlines, I did not have sufficient time to review the greater design changes that are occurring due to this MP. I really only had a chance to review the code changes.

lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 updated on 2016-04-14

124. By Jamie Strandboge on 2016-04-14: merge from trunk

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-14:

#

>> +const char *static_devices[] = {
>
> I may be missing something but I don't see why this array was lifted from the function that uses it and turned into a global. If it is to remain as global, it should be declared as "static const char *static_devices[]" since it isn't used outside of main.c.

Ah, yes, this should have been moved back down after I made the code simpler.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-14:

#

> This string test is incomplete for a couple reasons:
>
> 1) tagname_len could be greater than the size of the tagname buffer
> 2) the tagname buffer could be unterminated

True. I was thinking about the must_snprintf() that was called to set it would have taken care of this, but if we are doing all these checks for future-proof coding, we should do all the checks.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-14:

#

>> Is it intentional that we don't attempt to setuid(0) (or fail?) if the first conditional is not met? It seems correct to continue on if real_uid is 0 but what about when effective_uid is not 0? I guess snappy-app-dev will simply fail due to insufficient perms and everything will be ok.

Yes, it will fail due to insufficient perms and yes this was intentional. The idea here is to raise if we can but not if we can't. The testsuite will have euid as non-zero, under sudo real_uid and euid are 0, and under suid launcher euid is 0 but real_uid is not.

lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 updated on 2016-04-14

125. By Jamie Strandboge on 2016-04-14: move static_devices into setup_devices_cgroup(), where it should be
126. By Jamie Strandboge on 2016-04-14: src/main.c: further futreproof our tagname checks. Patch thanks to Tyler Hicks
127. By Jamie Strandboge on 2016-04-14: src/main.c: simplify execl() failure
128. By Jamie Strandboge on 2016-04-14: use __func__ in debug() statements

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-04-14:

#

Thanks for the review!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches

to all changes:

Jamie Strandboge

Snappy Developers

Tyler Hicks