gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/system_observe_test.go

gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/system_observe_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	"os"
    24  	"path/filepath"
    25  	"strings"
    26  
    27  	. "gopkg.in/check.v1"
    28  
    29  	"gitee.com/mysnapcore/mysnapd/dirs"
    30  	"gitee.com/mysnapcore/mysnapd/interfaces"
    31  	"gitee.com/mysnapcore/mysnapd/interfaces/apparmor"
    32  	"gitee.com/mysnapcore/mysnapd/interfaces/builtin"
    33  	"gitee.com/mysnapcore/mysnapd/interfaces/mount"
    34  	"gitee.com/mysnapcore/mysnapd/interfaces/seccomp"
    35  	"gitee.com/mysnapcore/mysnapd/snap"
    36  	"gitee.com/mysnapcore/mysnapd/snap/snaptest"
    37  	"gitee.com/mysnapcore/mysnapd/testutil"
    38  )
    39  
    40  type SystemObserveInterfaceSuite struct {
    41  	iface    interfaces.Interface
    42  	slotInfo *snap.SlotInfo
    43  	slot     *interfaces.ConnectedSlot
    44  	plugInfo *snap.PlugInfo
    45  	plug     *interfaces.ConnectedPlug
    46  }
    47  
    48  const sysobsMockPlugSnapInfoYaml = `name: other
    49  version: 1.0
    50  apps:
    51   app2:
    52    command: foo
    53    plugs: [system-observe]
    54  `
    55  
    56  var _ = Suite(&SystemObserveInterfaceSuite{
    57  	iface: builtin.MustInterface("system-observe"),
    58  })
    59  
    60  func (s *SystemObserveInterfaceSuite) SetUpTest(c *C) {
    61  	s.slotInfo = &snap.SlotInfo{
    62  		Snap:      &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS},
    63  		Name:      "system-observe",
    64  		Interface: "system-observe",
    65  	}
    66  	s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil)
    67  	plugSnap := snaptest.MockInfo(c, sysobsMockPlugSnapInfoYaml, nil)
    68  	s.plugInfo = plugSnap.Plugs["system-observe"]
    69  	s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil)
    70  }
    71  
    72  func (s *SystemObserveInterfaceSuite) TestName(c *C) {
    73  	c.Assert(s.iface.Name(), Equals, "system-observe")
    74  }
    75  
    76  func (s *SystemObserveInterfaceSuite) TestSanitizeSlot(c *C) {
    77  	c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil)
    78  }
    79  
    80  func (s *SystemObserveInterfaceSuite) TestSanitizePlug(c *C) {
    81  	c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil)
    82  }
    83  
    84  func (s *SystemObserveInterfaceSuite) TestUsedSecuritySystems(c *C) {
    85  	// connected plugs have a non-nil security snippet for apparmor
    86  	apparmorSpec := &apparmor.Specification{}
    87  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    88  	c.Assert(err, IsNil)
    89  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"})
    90  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "ptrace")
    91  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "@{PROC}/partitions r,")
    92  
    93  	updateNS := apparmorSpec.UpdateNS()
    94  	expectedUpdateNS := `  # Read-only access to /boot
    95    mount options=(bind,rw) /var/lib/snapd/hostfs/boot/ -> /boot/,
    96    mount options=(bind,remount,ro) -> /boot/,
    97    umount /boot/,
    98  `
    99  	c.Assert(strings.Join(updateNS[:], "\n"), Equals, expectedUpdateNS)
   100  
   101  	// connected plugs have a non-nil security snippet for seccomp
   102  	seccompSpec := &seccomp.Specification{}
   103  	err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   104  	c.Assert(err, IsNil)
   105  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"})
   106  	c.Check(seccompSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "ptrace\n")
   107  }
   108  
   109  func (s *SystemObserveInterfaceSuite) TestMountPermanentPlug(c *C) {
   110  	tmpdir := c.MkDir()
   111  	dirs.SetRootDir(tmpdir)
   112  
   113  	// Create a /boot/config-* file so that the interface will generate a bind
   114  	// mount for it
   115  	fakeBootDir := filepath.Join(tmpdir, "/boot")
   116  	c.Assert(os.MkdirAll(fakeBootDir, 0777), IsNil)
   117  	file, err := os.OpenFile(filepath.Join(fakeBootDir, "config-5.10"), os.O_CREATE, 0644)
   118  	c.Assert(err, IsNil)
   119  	c.Assert(file.Close(), IsNil)
   120  
   121  	mountSpec := &mount.Specification{}
   122  	c.Assert(mountSpec.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
   123  
   124  	entries := mountSpec.MountEntries()
   125  	c.Assert(entries, HasLen, 1)
   126  
   127  	const hostfs = "/var/lib/snapd/hostfs"
   128  	c.Check(entries[0].Name, Equals, filepath.Join(hostfs, dirs.GlobalRootDir, "/boot"))
   129  	c.Check(entries[0].Dir, Equals, "/boot")
   130  	c.Check(entries[0].Options, DeepEquals, []string{"bind", "ro"})
   131  }
   132  
   133  func (s *SystemObserveInterfaceSuite) TestInterfaces(c *C) {
   134  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   135  }