github.com/chipaca/snappy@v0.0.0-20210104084008-1f06296fe8ad/cmd/snap/cmd_run_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package main_test
    21  
    22  import (
    23  	"errors"
    24  	"fmt"
    25  	"net/http"
    26  	"os"
    27  	"os/user"
    28  	"path/filepath"
    29  	"strings"
    30  	"time"
    31  
    32  	"gopkg.in/check.v1"
    33  
    34  	snaprun "github.com/snapcore/snapd/cmd/snap"
    35  	"github.com/snapcore/snapd/dirs"
    36  	"github.com/snapcore/snapd/logger"
    37  	"github.com/snapcore/snapd/osutil"
    38  	"github.com/snapcore/snapd/sandbox/cgroup"
    39  	"github.com/snapcore/snapd/sandbox/selinux"
    40  	"github.com/snapcore/snapd/snap"
    41  	"github.com/snapcore/snapd/snap/snaptest"
    42  	"github.com/snapcore/snapd/testutil"
    43  	"github.com/snapcore/snapd/x11"
    44  )
    45  
    46  var mockYaml = []byte(`name: snapname
    47  version: 1.0
    48  apps:
    49   app:
    50    command: run-app
    51   svc:
    52    command: run-svc
    53    daemon: simple
    54  hooks:
    55   configure:
    56  `)
    57  
    58  var mockYamlBaseNone1 = []byte(`name: snapname1
    59  version: 1.0
    60  base: none
    61  apps:
    62   app:
    63    command: run-app
    64  `)
    65  
    66  var mockYamlBaseNone2 = []byte(`name: snapname2
    67  version: 1.0
    68  base: none
    69  hooks:
    70   configure:
    71  `)
    72  
    73  type RunSuite struct {
    74  	fakeHome string
    75  	BaseSnapSuite
    76  }
    77  
    78  var _ = check.Suite(&RunSuite{})
    79  
    80  func (s *RunSuite) SetUpTest(c *check.C) {
    81  	s.BaseSnapSuite.SetUpTest(c)
    82  	s.fakeHome = c.MkDir()
    83  
    84  	u, err := user.Current()
    85  	c.Assert(err, check.IsNil)
    86  	s.AddCleanup(snaprun.MockUserCurrent(func() (*user.User, error) {
    87  		return &user.User{Uid: u.Uid, HomeDir: s.fakeHome}, nil
    88  	}))
    89  	s.AddCleanup(snaprun.MockCreateTransientScopeForTracking(func(string, *cgroup.TrackingOptions) error {
    90  		return nil
    91  	}))
    92  }
    93  
    94  func (s *RunSuite) TestInvalidParameters(c *check.C) {
    95  	invalidParameters := []string{"run", "--hook=configure", "--command=command-name", "--", "snap-name"}
    96  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
    97  	c.Check(err, check.ErrorMatches, ".*you can only use one of --hook, --command, and --timer.*")
    98  
    99  	invalidParameters = []string{"run", "--hook=configure", "--timer=10:00-12:00", "--", "snap-name"}
   100  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
   101  	c.Check(err, check.ErrorMatches, ".*you can only use one of --hook, --command, and --timer.*")
   102  
   103  	invalidParameters = []string{"run", "--command=command-name", "--timer=10:00-12:00", "--", "snap-name"}
   104  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
   105  	c.Check(err, check.ErrorMatches, ".*you can only use one of --hook, --command, and --timer.*")
   106  
   107  	invalidParameters = []string{"run", "-r=1", "--command=command-name", "--", "snap-name"}
   108  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
   109  	c.Check(err, check.ErrorMatches, ".*-r can only be used with --hook.*")
   110  
   111  	invalidParameters = []string{"run", "-r=1", "--", "snap-name"}
   112  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
   113  	c.Check(err, check.ErrorMatches, ".*-r can only be used with --hook.*")
   114  
   115  	invalidParameters = []string{"run", "--hook=configure", "--", "foo", "bar", "snap-name"}
   116  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs(invalidParameters)
   117  	c.Check(err, check.ErrorMatches, ".*too many arguments for hook \"configure\": bar.*")
   118  }
   119  
   120  func (s *RunSuite) TestRunCmdWithBaseNone(c *check.C) {
   121  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   122  
   123  	// mock installed snap
   124  	snaptest.MockSnapCurrent(c, string(mockYamlBaseNone1), &snap.SideInfo{
   125  		Revision: snap.R("1"),
   126  	})
   127  	snaptest.MockSnapCurrent(c, string(mockYamlBaseNone2), &snap.SideInfo{
   128  		Revision: snap.R("1"),
   129  	})
   130  
   131  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname1.app", "--arg1", "arg2"})
   132  	c.Assert(err, check.ErrorMatches, `cannot run hooks / applications with base \"none\"`)
   133  
   134  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "--", "snapname2"})
   135  	c.Assert(err, check.ErrorMatches, `cannot run hooks / applications with base \"none\"`)
   136  }
   137  
   138  func (s *RunSuite) TestSnapRunWhenMissingConfine(c *check.C) {
   139  	_, r := logger.MockLogger()
   140  	defer r()
   141  
   142  	// mock installed snap
   143  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   144  		Revision: snap.R("x2"),
   145  	})
   146  
   147  	// redirect exec
   148  	var execs [][]string
   149  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   150  		execs = append(execs, args)
   151  		return nil
   152  	})
   153  	defer restorer()
   154  
   155  	// and run it!
   156  	// a regular run will fail
   157  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   158  	c.Assert(err, check.ErrorMatches, `.* your core/snapd package`)
   159  	// a hook run will not fail
   160  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "--", "snapname"})
   161  	c.Assert(err, check.IsNil)
   162  
   163  	// but nothing is run ever
   164  	c.Check(execs, check.IsNil)
   165  }
   166  
   167  func (s *RunSuite) TestSnapRunAppIntegration(c *check.C) {
   168  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   169  
   170  	tmpdir := os.Getenv("TMPDIR")
   171  	if tmpdir == "" {
   172  		tmpdir = "/var/tmp"
   173  		os.Setenv("TMPDIR", tmpdir)
   174  		defer os.Unsetenv("TMPDIR")
   175  	}
   176  
   177  	// mock installed snap
   178  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   179  		Revision: snap.R("x2"),
   180  	})
   181  
   182  	// redirect exec
   183  	execArg0 := ""
   184  	execArgs := []string{}
   185  	execEnv := []string{}
   186  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   187  		execArg0 = arg0
   188  		execArgs = args
   189  		execEnv = envv
   190  		return nil
   191  	})
   192  	defer restorer()
   193  
   194  	// and run it!
   195  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   196  	c.Assert(err, check.IsNil)
   197  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   198  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   199  	c.Check(execArgs, check.DeepEquals, []string{
   200  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   201  		"snap.snapname.app",
   202  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   203  		"snapname.app", "--arg1", "arg2"})
   204  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
   205  	c.Check(execEnv, testutil.Contains, fmt.Sprintf("TMPDIR=%s", tmpdir))
   206  }
   207  
   208  func (s *RunSuite) TestSnapRunClassicAppIntegration(c *check.C) {
   209  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   210  
   211  	tmpdir := os.Getenv("TMPDIR")
   212  	if tmpdir == "" {
   213  		tmpdir = "/var/tmp"
   214  		os.Setenv("TMPDIR", tmpdir)
   215  		defer os.Unsetenv("TMPDIR")
   216  	}
   217  
   218  	// mock installed snap
   219  	snaptest.MockSnapCurrent(c, string(mockYaml)+"confinement: classic\n", &snap.SideInfo{
   220  		Revision: snap.R("x2"),
   221  	})
   222  
   223  	// redirect exec
   224  	execArg0 := ""
   225  	execArgs := []string{}
   226  	execEnv := []string{}
   227  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   228  		execArg0 = arg0
   229  		execArgs = args
   230  		execEnv = envv
   231  		return nil
   232  	})
   233  	defer restorer()
   234  
   235  	// and run it!
   236  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   237  	c.Assert(err, check.IsNil)
   238  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   239  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   240  	c.Check(execArgs, check.DeepEquals, []string{
   241  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"), "--classic",
   242  		"snap.snapname.app",
   243  		filepath.Join(dirs.DistroLibExecDir, "snap-exec"),
   244  		"snapname.app", "--arg1", "arg2"})
   245  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
   246  	c.Check(execEnv, testutil.Contains, fmt.Sprintf("SNAP_SAVED_TMPDIR=%s", tmpdir))
   247  }
   248  
   249  func (s *RunSuite) TestSnapRunClassicAppIntegrationReexecedFromCore(c *check.C) {
   250  	mountedCorePath := filepath.Join(dirs.SnapMountDir, "core/current")
   251  	mountedCoreLibExecPath := filepath.Join(mountedCorePath, dirs.CoreLibExecDir)
   252  
   253  	defer mockSnapConfine(mountedCoreLibExecPath)()
   254  
   255  	// mock installed snap
   256  	snaptest.MockSnapCurrent(c, string(mockYaml)+"confinement: classic\n", &snap.SideInfo{
   257  		Revision: snap.R("x2"),
   258  	})
   259  
   260  	restore := snaprun.MockOsReadlink(func(name string) (string, error) {
   261  		// pretend 'snap' is reexeced from 'core'
   262  		return filepath.Join(mountedCorePath, "usr/bin/snap"), nil
   263  	})
   264  	defer restore()
   265  
   266  	execArgs := []string{}
   267  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   268  		execArgs = args
   269  		return nil
   270  	})
   271  	defer restorer()
   272  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   273  	c.Assert(err, check.IsNil)
   274  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   275  	c.Check(execArgs, check.DeepEquals, []string{
   276  		filepath.Join(mountedCoreLibExecPath, "snap-confine"), "--classic",
   277  		"snap.snapname.app",
   278  		filepath.Join(mountedCoreLibExecPath, "snap-exec"),
   279  		"snapname.app", "--arg1", "arg2"})
   280  }
   281  
   282  func (s *RunSuite) TestSnapRunClassicAppIntegrationReexecedFromSnapd(c *check.C) {
   283  	mountedSnapdPath := filepath.Join(dirs.SnapMountDir, "snapd/current")
   284  	mountedSnapdLibExecPath := filepath.Join(mountedSnapdPath, dirs.CoreLibExecDir)
   285  
   286  	defer mockSnapConfine(mountedSnapdLibExecPath)()
   287  
   288  	// mock installed snap
   289  	snaptest.MockSnapCurrent(c, string(mockYaml)+"confinement: classic\n", &snap.SideInfo{
   290  		Revision: snap.R("x2"),
   291  	})
   292  
   293  	restore := snaprun.MockOsReadlink(func(name string) (string, error) {
   294  		// pretend 'snap' is reexeced from 'core'
   295  		return filepath.Join(mountedSnapdPath, "usr/bin/snap"), nil
   296  	})
   297  	defer restore()
   298  
   299  	execArgs := []string{}
   300  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   301  		execArgs = args
   302  		return nil
   303  	})
   304  	defer restorer()
   305  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   306  	c.Assert(err, check.IsNil)
   307  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   308  	c.Check(execArgs, check.DeepEquals, []string{
   309  		filepath.Join(mountedSnapdLibExecPath, "snap-confine"), "--classic",
   310  		"snap.snapname.app",
   311  		filepath.Join(mountedSnapdLibExecPath, "snap-exec"),
   312  		"snapname.app", "--arg1", "arg2"})
   313  }
   314  
   315  func (s *RunSuite) TestSnapRunAppWithCommandIntegration(c *check.C) {
   316  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   317  
   318  	// mock installed snap
   319  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   320  		Revision: snap.R(42),
   321  	})
   322  
   323  	// redirect exec
   324  	execArg0 := ""
   325  	execArgs := []string{}
   326  	execEnv := []string{}
   327  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   328  		execArg0 = arg0
   329  		execArgs = args
   330  		execEnv = envv
   331  		return nil
   332  	})
   333  	defer restorer()
   334  
   335  	// and run it!
   336  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--command=my-command", "--", "snapname.app", "arg1", "arg2"})
   337  	c.Assert(err, check.IsNil)
   338  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   339  	c.Check(execArgs, check.DeepEquals, []string{
   340  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   341  		"snap.snapname.app",
   342  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   343  		"--command=my-command", "snapname.app", "arg1", "arg2"})
   344  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=42")
   345  }
   346  
   347  func (s *RunSuite) TestSnapRunCreateDataDirs(c *check.C) {
   348  	info, err := snap.InfoFromSnapYaml(mockYaml)
   349  	c.Assert(err, check.IsNil)
   350  	info.SideInfo.Revision = snap.R(42)
   351  
   352  	err = snaprun.CreateUserDataDirs(info)
   353  	c.Assert(err, check.IsNil)
   354  	c.Check(osutil.FileExists(filepath.Join(s.fakeHome, "/snap/snapname/42")), check.Equals, true)
   355  	c.Check(osutil.FileExists(filepath.Join(s.fakeHome, "/snap/snapname/common")), check.Equals, true)
   356  }
   357  
   358  func (s *RunSuite) TestParallelInstanceSnapRunCreateDataDirs(c *check.C) {
   359  	info, err := snap.InfoFromSnapYaml(mockYaml)
   360  	c.Assert(err, check.IsNil)
   361  	info.SideInfo.Revision = snap.R(42)
   362  	info.InstanceKey = "foo"
   363  
   364  	err = snaprun.CreateUserDataDirs(info)
   365  	c.Assert(err, check.IsNil)
   366  	c.Check(osutil.FileExists(filepath.Join(s.fakeHome, "/snap/snapname_foo/42")), check.Equals, true)
   367  	c.Check(osutil.FileExists(filepath.Join(s.fakeHome, "/snap/snapname_foo/common")), check.Equals, true)
   368  	// mount point for snap instance mapping has been created
   369  	c.Check(osutil.FileExists(filepath.Join(s.fakeHome, "/snap/snapname")), check.Equals, true)
   370  	// and it's empty inside
   371  	m, err := filepath.Glob(filepath.Join(s.fakeHome, "/snap/snapname/*"))
   372  	c.Assert(err, check.IsNil)
   373  	c.Assert(m, check.HasLen, 0)
   374  }
   375  
   376  func (s *RunSuite) TestSnapRunHookIntegration(c *check.C) {
   377  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   378  
   379  	// mock installed snap
   380  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   381  		Revision: snap.R(42),
   382  	})
   383  
   384  	// redirect exec
   385  	execArg0 := ""
   386  	execArgs := []string{}
   387  	execEnv := []string{}
   388  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   389  		execArg0 = arg0
   390  		execArgs = args
   391  		execEnv = envv
   392  		return nil
   393  	})
   394  	defer restorer()
   395  
   396  	// Run a hook from the active revision
   397  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "--", "snapname"})
   398  	c.Assert(err, check.IsNil)
   399  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   400  	c.Check(execArgs, check.DeepEquals, []string{
   401  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   402  		"snap.snapname.hook.configure",
   403  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   404  		"--hook=configure", "snapname"})
   405  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=42")
   406  }
   407  
   408  func (s *RunSuite) TestSnapRunHookUnsetRevisionIntegration(c *check.C) {
   409  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   410  
   411  	// mock installed snap
   412  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   413  		Revision: snap.R(42),
   414  	})
   415  
   416  	// redirect exec
   417  	execArg0 := ""
   418  	execArgs := []string{}
   419  	execEnv := []string{}
   420  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   421  		execArg0 = arg0
   422  		execArgs = args
   423  		execEnv = envv
   424  		return nil
   425  	})
   426  	defer restorer()
   427  
   428  	// Specifically pass "unset" which would use the active version.
   429  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "-r=unset", "--", "snapname"})
   430  	c.Assert(err, check.IsNil)
   431  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   432  	c.Check(execArgs, check.DeepEquals, []string{
   433  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   434  		"snap.snapname.hook.configure",
   435  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   436  		"--hook=configure", "snapname"})
   437  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=42")
   438  }
   439  
   440  func (s *RunSuite) TestSnapRunHookSpecificRevisionIntegration(c *check.C) {
   441  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   442  
   443  	// mock installed snap
   444  	// Create both revisions 41 and 42
   445  	snaptest.MockSnap(c, string(mockYaml), &snap.SideInfo{
   446  		Revision: snap.R(41),
   447  	})
   448  	snaptest.MockSnap(c, string(mockYaml), &snap.SideInfo{
   449  		Revision: snap.R(42),
   450  	})
   451  
   452  	// redirect exec
   453  	execArg0 := ""
   454  	execArgs := []string{}
   455  	execEnv := []string{}
   456  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   457  		execArg0 = arg0
   458  		execArgs = args
   459  		execEnv = envv
   460  		return nil
   461  	})
   462  	defer restorer()
   463  
   464  	// Run a hook on revision 41
   465  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "-r=41", "--", "snapname"})
   466  	c.Assert(err, check.IsNil)
   467  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   468  	c.Check(execArgs, check.DeepEquals, []string{
   469  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   470  		"snap.snapname.hook.configure",
   471  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   472  		"--hook=configure", "snapname"})
   473  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=41")
   474  }
   475  
   476  func (s *RunSuite) TestSnapRunHookMissingRevisionIntegration(c *check.C) {
   477  	// Only create revision 42
   478  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   479  		Revision: snap.R(42),
   480  	})
   481  
   482  	// redirect exec
   483  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   484  		return nil
   485  	})
   486  	defer restorer()
   487  
   488  	// Attempt to run a hook on revision 41, which doesn't exist
   489  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "-r=41", "--", "snapname"})
   490  	c.Assert(err, check.NotNil)
   491  	c.Check(err, check.ErrorMatches, "cannot find .*")
   492  }
   493  
   494  func (s *RunSuite) TestSnapRunHookInvalidRevisionIntegration(c *check.C) {
   495  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=configure", "-r=invalid", "--", "snapname"})
   496  	c.Assert(err, check.NotNil)
   497  	c.Check(err, check.ErrorMatches, "invalid snap revision: \"invalid\"")
   498  }
   499  
   500  func (s *RunSuite) TestSnapRunHookMissingHookIntegration(c *check.C) {
   501  	// Only create revision 42
   502  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   503  		Revision: snap.R(42),
   504  	})
   505  
   506  	// redirect exec
   507  	called := false
   508  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   509  		called = true
   510  		return nil
   511  	})
   512  	defer restorer()
   513  
   514  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=missing-hook", "--", "snapname"})
   515  	c.Assert(err, check.ErrorMatches, `cannot find hook "missing-hook" in "snapname"`)
   516  	c.Check(called, check.Equals, false)
   517  }
   518  
   519  func (s *RunSuite) TestSnapRunErorsForUnknownRunArg(c *check.C) {
   520  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--unknown", "--", "snapname.app", "--arg1", "arg2"})
   521  	c.Assert(err, check.ErrorMatches, "unknown flag `unknown'")
   522  }
   523  
   524  func (s *RunSuite) TestSnapRunErorsForMissingApp(c *check.C) {
   525  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--command=shell"})
   526  	c.Assert(err, check.ErrorMatches, "need the application to run as argument")
   527  }
   528  
   529  func (s *RunSuite) TestSnapRunErorrForUnavailableApp(c *check.C) {
   530  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "not-there"})
   531  	c.Assert(err, check.ErrorMatches, fmt.Sprintf("cannot find current revision for snap not-there: readlink %s/not-there/current: no such file or directory", dirs.SnapMountDir))
   532  }
   533  
   534  func (s *RunSuite) TestSnapRunSaneEnvironmentHandling(c *check.C) {
   535  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   536  
   537  	// mock installed snap
   538  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   539  		Revision: snap.R(42),
   540  	})
   541  
   542  	// redirect exec
   543  	execEnv := []string{}
   544  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   545  		execEnv = envv
   546  		return nil
   547  	})
   548  	defer restorer()
   549  
   550  	// set a SNAP{,_*} variable in the environment
   551  	os.Setenv("SNAP_NAME", "something-else")
   552  	os.Setenv("SNAP_ARCH", "PDP-7")
   553  	defer os.Unsetenv("SNAP_NAME")
   554  	defer os.Unsetenv("SNAP_ARCH")
   555  	// but unrelated stuff is ok
   556  	os.Setenv("SNAP_THE_WORLD", "YES")
   557  	defer os.Unsetenv("SNAP_THE_WORLD")
   558  
   559  	// and ensure those SNAP_ vars get overridden
   560  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   561  	c.Assert(err, check.IsNil)
   562  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   563  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=42")
   564  	c.Check(execEnv, check.Not(testutil.Contains), "SNAP_NAME=something-else")
   565  	c.Check(execEnv, check.Not(testutil.Contains), "SNAP_ARCH=PDP-7")
   566  	c.Check(execEnv, testutil.Contains, "SNAP_THE_WORLD=YES")
   567  }
   568  
   569  func (s *RunSuite) TestSnapRunSnapdHelperPath(c *check.C) {
   570  	_, r := logger.MockLogger()
   571  	defer r()
   572  
   573  	var osReadlinkResult string
   574  	restore := snaprun.MockOsReadlink(func(name string) (string, error) {
   575  		return osReadlinkResult, nil
   576  	})
   577  	defer restore()
   578  
   579  	tool := "snap-confine"
   580  	for _, t := range []struct {
   581  		readlink string
   582  		expected string
   583  	}{
   584  		{
   585  			filepath.Join(dirs.SnapMountDir, "core/current/usr/bin/snap"),
   586  			filepath.Join(dirs.SnapMountDir, "core/current", dirs.CoreLibExecDir, tool),
   587  		},
   588  		{
   589  			filepath.Join(dirs.SnapMountDir, "snapd/current/usr/bin/snap"),
   590  			filepath.Join(dirs.SnapMountDir, "snapd/current", dirs.CoreLibExecDir, tool),
   591  		},
   592  		{
   593  			filepath.Join("/usr/bin/snap"),
   594  			filepath.Join(dirs.DistroLibExecDir, tool),
   595  		},
   596  		{
   597  			filepath.Join("/home/foo/ws/snapd/snap"),
   598  			filepath.Join(dirs.DistroLibExecDir, tool),
   599  		},
   600  		// unexpected case
   601  		{
   602  			filepath.Join(dirs.SnapMountDir, "snapd2/current/bin/snap"),
   603  			filepath.Join(dirs.DistroLibExecDir, tool),
   604  		},
   605  	} {
   606  		osReadlinkResult = t.readlink
   607  		toolPath, err := snaprun.SnapdHelperPath(tool)
   608  		c.Assert(err, check.IsNil)
   609  		c.Check(toolPath, check.Equals, t.expected)
   610  	}
   611  }
   612  
   613  func (s *RunSuite) TestSnapRunAppIntegrationFromCore(c *check.C) {
   614  	defer mockSnapConfine(filepath.Join(dirs.SnapMountDir, "core", "111", dirs.CoreLibExecDir))()
   615  
   616  	// mock installed snap
   617  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   618  		Revision: snap.R("x2"),
   619  	})
   620  
   621  	// pretend to be running from core
   622  	restorer := snaprun.MockOsReadlink(func(string) (string, error) {
   623  		return filepath.Join(dirs.SnapMountDir, "core/111/usr/bin/snap"), nil
   624  	})
   625  	defer restorer()
   626  
   627  	// redirect exec
   628  	execArg0 := ""
   629  	execArgs := []string{}
   630  	execEnv := []string{}
   631  	restorer = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   632  		execArg0 = arg0
   633  		execArgs = args
   634  		execEnv = envv
   635  		return nil
   636  	})
   637  	defer restorer()
   638  
   639  	// and run it!
   640  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   641  	c.Assert(err, check.IsNil)
   642  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   643  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"))
   644  	c.Check(execArgs, check.DeepEquals, []string{
   645  		filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"),
   646  		"snap.snapname.app",
   647  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   648  		"snapname.app", "--arg1", "arg2"})
   649  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
   650  }
   651  
   652  func (s *RunSuite) TestSnapRunAppIntegrationFromSnapd(c *check.C) {
   653  	defer mockSnapConfine(filepath.Join(dirs.SnapMountDir, "snapd", "222", dirs.CoreLibExecDir))()
   654  
   655  	// mock installed snap
   656  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   657  		Revision: snap.R("x2"),
   658  	})
   659  
   660  	// pretend to be running from snapd
   661  	restorer := snaprun.MockOsReadlink(func(string) (string, error) {
   662  		return filepath.Join(dirs.SnapMountDir, "snapd/222/usr/bin/snap"), nil
   663  	})
   664  	defer restorer()
   665  
   666  	// redirect exec
   667  	execArg0 := ""
   668  	execArgs := []string{}
   669  	execEnv := []string{}
   670  	restorer = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   671  		execArg0 = arg0
   672  		execArgs = args
   673  		execEnv = envv
   674  		return nil
   675  	})
   676  	defer restorer()
   677  
   678  	// and run it!
   679  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
   680  	c.Assert(err, check.IsNil)
   681  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   682  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/snapd/222", dirs.CoreLibExecDir, "snap-confine"))
   683  	c.Check(execArgs, check.DeepEquals, []string{
   684  		filepath.Join(dirs.SnapMountDir, "/snapd/222", dirs.CoreLibExecDir, "snap-confine"),
   685  		"snap.snapname.app",
   686  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   687  		"snapname.app", "--arg1", "arg2"})
   688  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
   689  }
   690  
   691  func (s *RunSuite) TestSnapRunXauthorityMigration(c *check.C) {
   692  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   693  
   694  	u, err := user.Current()
   695  	c.Assert(err, check.IsNil)
   696  
   697  	// Ensure XDG_RUNTIME_DIR exists for the user we're testing with
   698  	err = os.MkdirAll(filepath.Join(dirs.XdgRuntimeDirBase, u.Uid), 0700)
   699  	c.Assert(err, check.IsNil)
   700  
   701  	// mock installed snap; happily this also gives us a directory
   702  	// below /tmp which the Xauthority migration expects.
   703  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   704  		Revision: snap.R("x2"),
   705  	})
   706  
   707  	// redirect exec
   708  	execArg0 := ""
   709  	execArgs := []string{}
   710  	execEnv := []string{}
   711  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   712  		execArg0 = arg0
   713  		execArgs = args
   714  		execEnv = envv
   715  		return nil
   716  	})
   717  	defer restorer()
   718  
   719  	xauthPath, err := x11.MockXauthority(2)
   720  	c.Assert(err, check.IsNil)
   721  	defer os.Remove(xauthPath)
   722  
   723  	defer snaprun.MockGetEnv(func(name string) string {
   724  		if name == "XAUTHORITY" {
   725  			return xauthPath
   726  		}
   727  		return ""
   728  	})()
   729  
   730  	// and run it!
   731  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
   732  	c.Assert(err, check.IsNil)
   733  	c.Assert(rest, check.DeepEquals, []string{"snapname.app"})
   734  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   735  	c.Check(execArgs, check.DeepEquals, []string{
   736  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   737  		"snap.snapname.app",
   738  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   739  		"snapname.app"})
   740  
   741  	expectedXauthPath := filepath.Join(dirs.XdgRuntimeDirBase, u.Uid, ".Xauthority")
   742  	c.Check(execEnv, testutil.Contains, fmt.Sprintf("XAUTHORITY=%s", expectedXauthPath))
   743  
   744  	info, err := os.Stat(expectedXauthPath)
   745  	c.Assert(err, check.IsNil)
   746  	c.Assert(info.Mode().Perm(), check.Equals, os.FileMode(0600))
   747  
   748  	err = x11.ValidateXauthorityFile(expectedXauthPath)
   749  	c.Assert(err, check.IsNil)
   750  }
   751  
   752  // build the args for a hypothetical completer
   753  func mkCompArgs(compPoint string, argv ...string) []string {
   754  	out := []string{
   755  		"99", // COMP_TYPE
   756  		"99", // COMP_KEY
   757  		"",   // COMP_POINT
   758  		"2",  // COMP_CWORD
   759  		" ",  // COMP_WORDBREAKS
   760  	}
   761  	out[2] = compPoint
   762  	out = append(out, strings.Join(argv, " "))
   763  	out = append(out, argv...)
   764  	return out
   765  }
   766  
   767  func (s *RunSuite) TestAntialiasHappy(c *check.C) {
   768  	c.Assert(os.MkdirAll(dirs.SnapBinariesDir, 0755), check.IsNil)
   769  
   770  	inArgs := mkCompArgs("10", "alias", "alias", "bo-alias")
   771  
   772  	// first not so happy because no alias symlink
   773  	app, outArgs := snaprun.Antialias("alias", inArgs)
   774  	c.Check(app, check.Equals, "alias")
   775  	c.Check(outArgs, check.DeepEquals, inArgs)
   776  
   777  	c.Assert(os.Symlink("an-app", filepath.Join(dirs.SnapBinariesDir, "alias")), check.IsNil)
   778  
   779  	// now really happy
   780  	app, outArgs = snaprun.Antialias("alias", inArgs)
   781  	c.Check(app, check.Equals, "an-app")
   782  	c.Check(outArgs, check.DeepEquals, []string{
   783  		"99", // COMP_TYPE (no change)
   784  		"99", // COMP_KEY (no change)
   785  		"11", // COMP_POINT (+1 because "an-app" is one longer than "alias")
   786  		"2",  // COMP_CWORD (no change)
   787  		" ",  // COMP_WORDBREAKS (no change)
   788  		"an-app alias bo-alias", // COMP_LINE (argv[0] changed)
   789  		"an-app",                // argv (arv[0] changed)
   790  		"alias",
   791  		"bo-alias",
   792  	})
   793  }
   794  
   795  func (s *RunSuite) TestAntialiasBailsIfUnhappy(c *check.C) {
   796  	// alias exists but args are somehow wonky
   797  	c.Assert(os.MkdirAll(dirs.SnapBinariesDir, 0755), check.IsNil)
   798  	c.Assert(os.Symlink("an-app", filepath.Join(dirs.SnapBinariesDir, "alias")), check.IsNil)
   799  
   800  	// weird1 has COMP_LINE not start with COMP_WORDS[0], argv[0] equal to COMP_WORDS[0]
   801  	weird1 := mkCompArgs("6", "alias", "")
   802  	weird1[5] = "xxxxx "
   803  	// weird2 has COMP_LINE not start with COMP_WORDS[0], argv[0] equal to the first word in COMP_LINE
   804  	weird2 := mkCompArgs("6", "xxxxx", "")
   805  	weird2[5] = "alias "
   806  
   807  	for desc, inArgs := range map[string][]string{
   808  		"nil args":                                               nil,
   809  		"too-short args":                                         {"alias"},
   810  		"COMP_POINT not a number":                                mkCompArgs("hello", "alias"),
   811  		"COMP_POINT is inside argv[0]":                           mkCompArgs("2", "alias", ""),
   812  		"COMP_POINT is outside argv":                             mkCompArgs("99", "alias", ""),
   813  		"COMP_WORDS[0] is not argv[0]":                           mkCompArgs("10", "not-alias", ""),
   814  		"mismatch between argv[0], COMP_LINE and COMP_WORDS, #1": weird1,
   815  		"mismatch between argv[0], COMP_LINE and COMP_WORDS, #2": weird2,
   816  	} {
   817  		// antialias leaves args alone if it's too short
   818  		app, outArgs := snaprun.Antialias("alias", inArgs)
   819  		c.Check(app, check.Equals, "alias", check.Commentf(desc))
   820  		c.Check(outArgs, check.DeepEquals, inArgs, check.Commentf(desc))
   821  	}
   822  }
   823  
   824  func (s *RunSuite) TestSnapRunAppWithStraceIntegration(c *check.C) {
   825  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   826  
   827  	// mock installed snap
   828  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   829  		Revision: snap.R("x2"),
   830  	})
   831  
   832  	// pretend we have sudo and simulate some useful output that would
   833  	// normally come from strace
   834  	sudoCmd := testutil.MockCommand(c, "sudo", fmt.Sprintf(`
   835  echo "stdout output 1"
   836  >&2 echo 'execve("/path/to/snap-confine")'
   837  >&2 echo "snap-confine/snap-exec strace stuff"
   838  >&2 echo "getuid() = 1000"
   839  >&2 echo 'execve("%s/snapName/x2/bin/foo")'
   840  >&2 echo "interessting strace output"
   841  >&2 echo "and more"
   842  echo "stdout output 2"
   843  `, dirs.SnapMountDir))
   844  	defer sudoCmd.Restore()
   845  
   846  	// pretend we have strace
   847  	straceCmd := testutil.MockCommand(c, "strace", "")
   848  	defer straceCmd.Restore()
   849  
   850  	user, err := user.Current()
   851  	c.Assert(err, check.IsNil)
   852  
   853  	// and run it under strace
   854  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--strace", "--", "snapname.app", "--arg1", "arg2"})
   855  	c.Assert(err, check.IsNil)
   856  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   857  	c.Check(sudoCmd.Calls(), check.DeepEquals, [][]string{
   858  		{
   859  			"sudo", "-E",
   860  			filepath.Join(straceCmd.BinDir(), "strace"),
   861  			"-u", user.Username,
   862  			"-f",
   863  			"-e", "!select,pselect6,_newselect,clock_gettime,sigaltstack,gettid,gettimeofday,nanosleep",
   864  			filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   865  			"snap.snapname.app",
   866  			filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   867  			"snapname.app", "--arg1", "arg2",
   868  		},
   869  	})
   870  	c.Check(s.Stdout(), check.Equals, "stdout output 1\nstdout output 2\n")
   871  	c.Check(s.Stderr(), check.Equals, fmt.Sprintf("execve(%q)\ninteressting strace output\nand more\n", filepath.Join(dirs.SnapMountDir, "snapName/x2/bin/foo")))
   872  
   873  	s.ResetStdStreams()
   874  	sudoCmd.ForgetCalls()
   875  
   876  	// try again without filtering
   877  	rest, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--strace=--raw", "--", "snapname.app", "--arg1", "arg2"})
   878  	c.Assert(err, check.IsNil)
   879  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   880  	c.Check(sudoCmd.Calls(), check.DeepEquals, [][]string{
   881  		{
   882  			"sudo", "-E",
   883  			filepath.Join(straceCmd.BinDir(), "strace"),
   884  			"-u", user.Username,
   885  			"-f",
   886  			"-e", "!select,pselect6,_newselect,clock_gettime,sigaltstack,gettid,gettimeofday,nanosleep",
   887  			filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   888  			"snap.snapname.app",
   889  			filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   890  			"snapname.app", "--arg1", "arg2",
   891  		},
   892  	})
   893  	c.Check(s.Stdout(), check.Equals, "stdout output 1\nstdout output 2\n")
   894  	expectedFullFmt := `execve("/path/to/snap-confine")
   895  snap-confine/snap-exec strace stuff
   896  getuid() = 1000
   897  execve("%s/snapName/x2/bin/foo")
   898  interessting strace output
   899  and more
   900  `
   901  	c.Check(s.Stderr(), check.Equals, fmt.Sprintf(expectedFullFmt, dirs.SnapMountDir))
   902  }
   903  
   904  func (s *RunSuite) TestSnapRunAppWithStraceOptions(c *check.C) {
   905  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   906  
   907  	// mock installed snap
   908  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   909  		Revision: snap.R("x2"),
   910  	})
   911  
   912  	// pretend we have sudo
   913  	sudoCmd := testutil.MockCommand(c, "sudo", "")
   914  	defer sudoCmd.Restore()
   915  
   916  	// pretend we have strace
   917  	straceCmd := testutil.MockCommand(c, "strace", "")
   918  	defer straceCmd.Restore()
   919  
   920  	user, err := user.Current()
   921  	c.Assert(err, check.IsNil)
   922  
   923  	// and run it under strace
   924  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", `--strace=-tt --raw -o "file with spaces"`, "--", "snapname.app", "--arg1", "arg2"})
   925  	c.Assert(err, check.IsNil)
   926  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   927  	c.Check(sudoCmd.Calls(), check.DeepEquals, [][]string{
   928  		{
   929  			"sudo", "-E",
   930  			filepath.Join(straceCmd.BinDir(), "strace"),
   931  			"-u", user.Username,
   932  			"-f",
   933  			"-e", "!select,pselect6,_newselect,clock_gettime,sigaltstack,gettid,gettimeofday,nanosleep",
   934  			"-tt",
   935  			"-o",
   936  			"file with spaces",
   937  			filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   938  			"snap.snapname.app",
   939  			filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   940  			"snapname.app", "--arg1", "arg2",
   941  		},
   942  	})
   943  }
   944  
   945  func (s *RunSuite) TestSnapRunShellIntegration(c *check.C) {
   946  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   947  
   948  	// mock installed snap
   949  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   950  		Revision: snap.R("x2"),
   951  	})
   952  
   953  	// redirect exec
   954  	execArg0 := ""
   955  	execArgs := []string{}
   956  	execEnv := []string{}
   957  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   958  		execArg0 = arg0
   959  		execArgs = args
   960  		execEnv = envv
   961  		return nil
   962  	})
   963  	defer restorer()
   964  
   965  	// and run it!
   966  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--shell", "--", "snapname.app", "--arg1", "arg2"})
   967  	c.Assert(err, check.IsNil)
   968  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
   969  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
   970  	c.Check(execArgs, check.DeepEquals, []string{
   971  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
   972  		"snap.snapname.app",
   973  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
   974  		"--command=shell", "snapname.app", "--arg1", "arg2"})
   975  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
   976  }
   977  
   978  func (s *RunSuite) TestSnapRunAppTimer(c *check.C) {
   979  	defer mockSnapConfine(dirs.DistroLibExecDir)()
   980  
   981  	// mock installed snap
   982  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
   983  		Revision: snap.R("x2"),
   984  	})
   985  
   986  	// redirect exec
   987  	execArg0 := ""
   988  	execArgs := []string{}
   989  	execCalled := false
   990  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
   991  		execArg0 = arg0
   992  		execArgs = args
   993  		execCalled = true
   994  		return nil
   995  	})
   996  	defer restorer()
   997  
   998  	fakeNow := time.Date(2018, 02, 12, 9, 55, 0, 0, time.Local)
   999  	restorer = snaprun.MockTimeNow(func() time.Time {
  1000  		// Monday Feb 12, 9:55
  1001  		return fakeNow
  1002  	})
  1003  	defer restorer()
  1004  
  1005  	// pretend we are outside of timer range
  1006  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", `--timer="mon,10:00~12:00,,fri,13:00"`, "--", "snapname.app", "--arg1", "arg2"})
  1007  	c.Assert(err, check.IsNil)
  1008  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
  1009  	c.Assert(execCalled, check.Equals, false)
  1010  
  1011  	c.Check(s.Stderr(), check.Equals, fmt.Sprintf(`%s: attempted to run "snapname.app" timer outside of scheduled time "mon,10:00~12:00,,fri,13:00"
  1012  `, fakeNow.Format(time.RFC3339)))
  1013  	s.ResetStdStreams()
  1014  
  1015  	restorer = snaprun.MockTimeNow(func() time.Time {
  1016  		// Monday Feb 12, 10:20
  1017  		return time.Date(2018, 02, 12, 10, 20, 0, 0, time.Local)
  1018  	})
  1019  	defer restorer()
  1020  
  1021  	// and run it under strace
  1022  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", `--timer="mon,10:00~12:00,,fri,13:00"`, "--", "snapname.app", "--arg1", "arg2"})
  1023  	c.Assert(err, check.IsNil)
  1024  	c.Assert(execCalled, check.Equals, true)
  1025  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
  1026  	c.Check(execArgs, check.DeepEquals, []string{
  1027  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
  1028  		"snap.snapname.app",
  1029  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1030  		"snapname.app", "--arg1", "arg2"})
  1031  }
  1032  
  1033  func (s *RunSuite) TestRunCmdWithTraceExecUnhappy(c *check.C) {
  1034  	_, r := logger.MockLogger()
  1035  	defer r()
  1036  
  1037  	defer mockSnapConfine(dirs.DistroLibExecDir)()
  1038  
  1039  	// mock installed snap
  1040  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1041  		Revision: snap.R("1"),
  1042  	})
  1043  
  1044  	// pretend we have sudo
  1045  	sudoCmd := testutil.MockCommand(c, "sudo", "echo unhappy; exit 12")
  1046  	defer sudoCmd.Restore()
  1047  
  1048  	// pretend we have strace
  1049  	straceCmd := testutil.MockCommand(c, "strace", "")
  1050  	defer straceCmd.Restore()
  1051  
  1052  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--trace-exec", "--", "snapname.app", "--arg1", "arg2"})
  1053  	c.Assert(err, check.ErrorMatches, "exit status 12")
  1054  	c.Assert(rest, check.DeepEquals, []string{"--", "snapname.app", "--arg1", "arg2"})
  1055  	c.Check(s.Stdout(), check.Equals, "unhappy\n")
  1056  	c.Check(s.Stderr(), check.Equals, "")
  1057  }
  1058  
  1059  func (s *RunSuite) TestSnapRunRestoreSecurityContextHappy(c *check.C) {
  1060  	logbuf, restorer := logger.MockLogger()
  1061  	defer restorer()
  1062  
  1063  	defer mockSnapConfine(dirs.DistroLibExecDir)()
  1064  
  1065  	// mock installed snap
  1066  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1067  		Revision: snap.R("x2"),
  1068  	})
  1069  
  1070  	// redirect exec
  1071  	execCalled := 0
  1072  	restorer = snaprun.MockSyscallExec(func(_ string, args []string, envv []string) error {
  1073  		execCalled++
  1074  		return nil
  1075  	})
  1076  	defer restorer()
  1077  
  1078  	verifyCalls := 0
  1079  	restoreCalls := 0
  1080  	isEnabledCalls := 0
  1081  	enabled := false
  1082  	verify := true
  1083  
  1084  	snapUserDir := filepath.Join(s.fakeHome, dirs.UserHomeSnapDir)
  1085  
  1086  	restorer = snaprun.MockSELinuxVerifyPathContext(func(what string) (bool, error) {
  1087  		c.Check(what, check.Equals, snapUserDir)
  1088  		verifyCalls++
  1089  		return verify, nil
  1090  	})
  1091  	defer restorer()
  1092  
  1093  	restorer = snaprun.MockSELinuxRestoreContext(func(what string, mode selinux.RestoreMode) error {
  1094  		c.Check(mode, check.Equals, selinux.RestoreMode{Recursive: true})
  1095  		c.Check(what, check.Equals, snapUserDir)
  1096  		restoreCalls++
  1097  		return nil
  1098  	})
  1099  	defer restorer()
  1100  
  1101  	restorer = snaprun.MockSELinuxIsEnabled(func() (bool, error) {
  1102  		isEnabledCalls++
  1103  		return enabled, nil
  1104  	})
  1105  	defer restorer()
  1106  
  1107  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1108  	c.Assert(err, check.IsNil)
  1109  	c.Check(execCalled, check.Equals, 1)
  1110  	c.Check(isEnabledCalls, check.Equals, 1)
  1111  	c.Check(verifyCalls, check.Equals, 0)
  1112  	c.Check(restoreCalls, check.Equals, 0)
  1113  
  1114  	// pretend SELinux is on
  1115  	enabled = true
  1116  
  1117  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1118  	c.Assert(err, check.IsNil)
  1119  	c.Check(execCalled, check.Equals, 2)
  1120  	c.Check(isEnabledCalls, check.Equals, 2)
  1121  	c.Check(verifyCalls, check.Equals, 1)
  1122  	c.Check(restoreCalls, check.Equals, 0)
  1123  
  1124  	// pretend the context does not match
  1125  	verify = false
  1126  
  1127  	logbuf.Reset()
  1128  
  1129  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1130  	c.Assert(err, check.IsNil)
  1131  	c.Check(execCalled, check.Equals, 3)
  1132  	c.Check(isEnabledCalls, check.Equals, 3)
  1133  	c.Check(verifyCalls, check.Equals, 2)
  1134  	c.Check(restoreCalls, check.Equals, 1)
  1135  
  1136  	// and we let the user know what we're doing
  1137  	c.Check(logbuf.String(), testutil.Contains, fmt.Sprintf("restoring default SELinux context of %s", snapUserDir))
  1138  }
  1139  
  1140  func (s *RunSuite) TestSnapRunRestoreSecurityContextFail(c *check.C) {
  1141  	logbuf, restorer := logger.MockLogger()
  1142  	defer restorer()
  1143  
  1144  	defer mockSnapConfine(dirs.DistroLibExecDir)()
  1145  
  1146  	// mock installed snap
  1147  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1148  		Revision: snap.R("x2"),
  1149  	})
  1150  
  1151  	// redirect exec
  1152  	execCalled := 0
  1153  	restorer = snaprun.MockSyscallExec(func(_ string, args []string, envv []string) error {
  1154  		execCalled++
  1155  		return nil
  1156  	})
  1157  	defer restorer()
  1158  
  1159  	verifyCalls := 0
  1160  	restoreCalls := 0
  1161  	isEnabledCalls := 0
  1162  	enabledErr := errors.New("enabled failed")
  1163  	verifyErr := errors.New("verify failed")
  1164  	restoreErr := errors.New("restore failed")
  1165  
  1166  	snapUserDir := filepath.Join(s.fakeHome, dirs.UserHomeSnapDir)
  1167  
  1168  	restorer = snaprun.MockSELinuxVerifyPathContext(func(what string) (bool, error) {
  1169  		c.Check(what, check.Equals, snapUserDir)
  1170  		verifyCalls++
  1171  		return false, verifyErr
  1172  	})
  1173  	defer restorer()
  1174  
  1175  	restorer = snaprun.MockSELinuxRestoreContext(func(what string, mode selinux.RestoreMode) error {
  1176  		c.Check(mode, check.Equals, selinux.RestoreMode{Recursive: true})
  1177  		c.Check(what, check.Equals, snapUserDir)
  1178  		restoreCalls++
  1179  		return restoreErr
  1180  	})
  1181  	defer restorer()
  1182  
  1183  	restorer = snaprun.MockSELinuxIsEnabled(func() (bool, error) {
  1184  		isEnabledCalls++
  1185  		return enabledErr == nil, enabledErr
  1186  	})
  1187  	defer restorer()
  1188  
  1189  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1190  	// these errors are only logged, but we still run the snap
  1191  	c.Assert(err, check.IsNil)
  1192  	c.Check(execCalled, check.Equals, 1)
  1193  	c.Check(logbuf.String(), testutil.Contains, "cannot determine SELinux status: enabled failed")
  1194  	c.Check(isEnabledCalls, check.Equals, 1)
  1195  	c.Check(verifyCalls, check.Equals, 0)
  1196  	c.Check(restoreCalls, check.Equals, 0)
  1197  	// pretend selinux is on
  1198  	enabledErr = nil
  1199  
  1200  	logbuf.Reset()
  1201  
  1202  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1203  	c.Assert(err, check.IsNil)
  1204  	c.Check(execCalled, check.Equals, 2)
  1205  	c.Check(logbuf.String(), testutil.Contains, fmt.Sprintf("failed to verify SELinux context of %s: verify failed", snapUserDir))
  1206  	c.Check(isEnabledCalls, check.Equals, 2)
  1207  	c.Check(verifyCalls, check.Equals, 1)
  1208  	c.Check(restoreCalls, check.Equals, 0)
  1209  
  1210  	// pretend the context does not match
  1211  	verifyErr = nil
  1212  
  1213  	logbuf.Reset()
  1214  
  1215  	_, err = snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app"})
  1216  	c.Assert(err, check.IsNil)
  1217  	c.Check(execCalled, check.Equals, 3)
  1218  	c.Check(logbuf.String(), testutil.Contains, fmt.Sprintf("cannot restore SELinux context of %s: restore failed", snapUserDir))
  1219  	c.Check(isEnabledCalls, check.Equals, 3)
  1220  	c.Check(verifyCalls, check.Equals, 2)
  1221  	c.Check(restoreCalls, check.Equals, 1)
  1222  }
  1223  
  1224  // systemctl is-system-running returns "running" in normal situations.
  1225  func (s *RunSuite) TestIsStoppingRunning(c *check.C) {
  1226  	systemctl := testutil.MockCommand(c, "systemctl", `
  1227  case "$1" in
  1228  	is-system-running)
  1229  		echo "running"
  1230  		exit 0
  1231  		;;
  1232  esac
  1233  `)
  1234  	defer systemctl.Restore()
  1235  	stop, err := snaprun.IsStopping()
  1236  	c.Check(err, check.IsNil)
  1237  	c.Check(stop, check.Equals, false)
  1238  	c.Check(systemctl.Calls(), check.DeepEquals, [][]string{
  1239  		{"systemctl", "is-system-running"},
  1240  	})
  1241  }
  1242  
  1243  // systemctl is-system-running returns "stopping" when the system is
  1244  // shutting down or rebooting. At the same time it returns a non-zero
  1245  // exit status.
  1246  func (s *RunSuite) TestIsStoppingStopping(c *check.C) {
  1247  	systemctl := testutil.MockCommand(c, "systemctl", `
  1248  case "$1" in
  1249  	is-system-running)
  1250  		echo "stopping"
  1251  		exit 1
  1252  		;;
  1253  esac
  1254  `)
  1255  	defer systemctl.Restore()
  1256  	stop, err := snaprun.IsStopping()
  1257  	c.Check(err, check.IsNil)
  1258  	c.Check(stop, check.Equals, true)
  1259  	c.Check(systemctl.Calls(), check.DeepEquals, [][]string{
  1260  		{"systemctl", "is-system-running"},
  1261  	})
  1262  }
  1263  
  1264  // systemctl is-system-running can often return "degraded"
  1265  // Let's make sure that is not confusing us.
  1266  func (s *RunSuite) TestIsStoppingDegraded(c *check.C) {
  1267  	systemctl := testutil.MockCommand(c, "systemctl", `
  1268  case "$1" in
  1269  	is-system-running)
  1270  		echo "degraded"
  1271  		exit 1
  1272  		;;
  1273  esac
  1274  `)
  1275  	defer systemctl.Restore()
  1276  	stop, err := snaprun.IsStopping()
  1277  	c.Check(err, check.IsNil)
  1278  	c.Check(stop, check.Equals, false)
  1279  	c.Check(systemctl.Calls(), check.DeepEquals, [][]string{
  1280  		{"systemctl", "is-system-running"},
  1281  	})
  1282  }
  1283  
  1284  func (s *RunSuite) TestSnapRunTrackingApps(c *check.C) {
  1285  	restore := mockSnapConfine(filepath.Join(dirs.SnapMountDir, "core", "111", dirs.CoreLibExecDir))
  1286  	defer restore()
  1287  
  1288  	// mock installed snap
  1289  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1290  		Revision: snap.R("x2"),
  1291  	})
  1292  
  1293  	// pretend to be running from core
  1294  	restore = snaprun.MockOsReadlink(func(string) (string, error) {
  1295  		return filepath.Join(dirs.SnapMountDir, "core/111/usr/bin/snap"), nil
  1296  	})
  1297  	defer restore()
  1298  
  1299  	created := false
  1300  	restore = snaprun.MockCreateTransientScopeForTracking(func(securityTag string, opts *cgroup.TrackingOptions) error {
  1301  		c.Assert(securityTag, check.Equals, "snap.snapname.app")
  1302  		c.Assert(opts, check.NotNil)
  1303  		c.Assert(opts.AllowSessionBus, check.Equals, true)
  1304  		created = true
  1305  		return nil
  1306  	})
  1307  	defer restore()
  1308  
  1309  	restore = snaprun.MockConfirmSystemdServiceTracking(func(securityTag string) error {
  1310  		panic("apps need to create a scope and do not use systemd service tracking")
  1311  	})
  1312  	defer restore()
  1313  
  1314  	// redirect exec
  1315  	execArg0 := ""
  1316  	execArgs := []string{}
  1317  	execEnv := []string{}
  1318  	restore = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
  1319  		execArg0 = arg0
  1320  		execArgs = args
  1321  		execEnv = envv
  1322  		return nil
  1323  	})
  1324  	defer restore()
  1325  
  1326  	// and run it!
  1327  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
  1328  	c.Assert(err, check.IsNil)
  1329  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
  1330  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"))
  1331  	c.Check(execArgs, check.DeepEquals, []string{
  1332  		filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"),
  1333  		"snap.snapname.app",
  1334  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1335  		"snapname.app", "--arg1", "arg2"})
  1336  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
  1337  	c.Assert(created, check.Equals, true)
  1338  }
  1339  
  1340  func (s *RunSuite) TestSnapRunTrackingHooks(c *check.C) {
  1341  	restore := mockSnapConfine(filepath.Join(dirs.SnapMountDir, "core", "111", dirs.CoreLibExecDir))
  1342  	defer restore()
  1343  
  1344  	// mock installed snap
  1345  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1346  		Revision: snap.R("x2"),
  1347  	})
  1348  
  1349  	// pretend to be running from core
  1350  	restore = snaprun.MockOsReadlink(func(string) (string, error) {
  1351  		return filepath.Join(dirs.SnapMountDir, "core/111/usr/bin/snap"), nil
  1352  	})
  1353  	defer restore()
  1354  
  1355  	created := false
  1356  	restore = snaprun.MockCreateTransientScopeForTracking(func(securityTag string, opts *cgroup.TrackingOptions) error {
  1357  		c.Assert(securityTag, check.Equals, "snap.snapname.hook.configure")
  1358  		c.Assert(opts, check.NotNil)
  1359  		c.Assert(opts.AllowSessionBus, check.Equals, false)
  1360  		created = true
  1361  		return nil
  1362  	})
  1363  	defer restore()
  1364  
  1365  	restore = snaprun.MockConfirmSystemdServiceTracking(func(securityTag string) error {
  1366  		panic("hooks need to create a scope and do not use systemd service tracking")
  1367  	})
  1368  	defer restore()
  1369  
  1370  	// redirect exec
  1371  	execArg0 := ""
  1372  	execArgs := []string{}
  1373  	execEnv := []string{}
  1374  	restore = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
  1375  		execArg0 = arg0
  1376  		execArgs = args
  1377  		execEnv = envv
  1378  		return nil
  1379  	})
  1380  	defer restore()
  1381  
  1382  	// and run it!
  1383  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook", "configure", "-r", "x2", "snapname"})
  1384  	c.Assert(err, check.IsNil)
  1385  	c.Assert(rest, check.DeepEquals, []string{"snapname"})
  1386  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"))
  1387  	c.Check(execArgs, check.DeepEquals, []string{
  1388  		filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"),
  1389  		"snap.snapname.hook.configure",
  1390  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1391  		"--hook=configure", "snapname"})
  1392  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
  1393  	c.Assert(created, check.Equals, true)
  1394  }
  1395  
  1396  func (s *RunSuite) TestSnapRunTrackingServices(c *check.C) {
  1397  	restore := mockSnapConfine(filepath.Join(dirs.SnapMountDir, "core", "111", dirs.CoreLibExecDir))
  1398  	defer restore()
  1399  
  1400  	// mock installed snap
  1401  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1402  		Revision: snap.R("x2"),
  1403  	})
  1404  
  1405  	// pretend to be running from core
  1406  	restore = snaprun.MockOsReadlink(func(string) (string, error) {
  1407  		return filepath.Join(dirs.SnapMountDir, "core/111/usr/bin/snap"), nil
  1408  	})
  1409  	defer restore()
  1410  
  1411  	restore = snaprun.MockCreateTransientScopeForTracking(func(securityTag string, opts *cgroup.TrackingOptions) error {
  1412  		panic("services rely on systemd tracking, should not have created a transient scope")
  1413  	})
  1414  	defer restore()
  1415  
  1416  	confirmed := false
  1417  	restore = snaprun.MockConfirmSystemdServiceTracking(func(securityTag string) error {
  1418  		confirmed = true
  1419  		c.Assert(securityTag, check.Equals, "snap.snapname.svc")
  1420  		return nil
  1421  	})
  1422  	defer restore()
  1423  
  1424  	// redirect exec
  1425  	execArg0 := ""
  1426  	execArgs := []string{}
  1427  	execEnv := []string{}
  1428  	restore = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
  1429  		execArg0 = arg0
  1430  		execArgs = args
  1431  		execEnv = envv
  1432  		return nil
  1433  	})
  1434  	defer restore()
  1435  
  1436  	// and run it!
  1437  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.svc", "--arg1", "arg2"})
  1438  	c.Assert(err, check.IsNil)
  1439  	c.Assert(rest, check.DeepEquals, []string{"snapname.svc", "--arg1", "arg2"})
  1440  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"))
  1441  	c.Check(execArgs, check.DeepEquals, []string{
  1442  		filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"),
  1443  		"snap.snapname.svc",
  1444  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1445  		"snapname.svc", "--arg1", "arg2"})
  1446  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
  1447  	c.Assert(confirmed, check.Equals, true)
  1448  }
  1449  
  1450  func (s *RunSuite) TestSnapRunTrackingFailure(c *check.C) {
  1451  	restore := mockSnapConfine(filepath.Join(dirs.SnapMountDir, "core", "111", dirs.CoreLibExecDir))
  1452  	defer restore()
  1453  
  1454  	// mock installed snap
  1455  	snaptest.MockSnapCurrent(c, string(mockYaml), &snap.SideInfo{
  1456  		Revision: snap.R("x2"),
  1457  	})
  1458  
  1459  	// pretend to be running from core
  1460  	restore = snaprun.MockOsReadlink(func(string) (string, error) {
  1461  		return filepath.Join(dirs.SnapMountDir, "core/111/usr/bin/snap"), nil
  1462  	})
  1463  	defer restore()
  1464  
  1465  	created := false
  1466  	restore = snaprun.MockCreateTransientScopeForTracking(func(securityTag string, opts *cgroup.TrackingOptions) error {
  1467  		c.Assert(securityTag, check.Equals, "snap.snapname.app")
  1468  		c.Assert(opts, check.NotNil)
  1469  		c.Assert(opts.AllowSessionBus, check.Equals, true)
  1470  		created = true
  1471  		// Pretend that the tracking system was unable to track this application.
  1472  		return cgroup.ErrCannotTrackProcess
  1473  	})
  1474  	defer restore()
  1475  
  1476  	restore = snaprun.MockConfirmSystemdServiceTracking(func(securityTag string) error {
  1477  		panic("apps need to create a scope and do not use systemd service tracking")
  1478  	})
  1479  	defer restore()
  1480  
  1481  	// redirect exec
  1482  	execArg0 := ""
  1483  	execArgs := []string{}
  1484  	execEnv := []string{}
  1485  	restore = snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
  1486  		execArg0 = arg0
  1487  		execArgs = args
  1488  		execEnv = envv
  1489  		return nil
  1490  	})
  1491  	defer restore()
  1492  
  1493  	// Capture the debug log that is printed by this test.
  1494  	os.Setenv("SNAPD_DEBUG", "1")
  1495  	defer os.Unsetenv("SNAPD_DEBUG")
  1496  	logbuf, restore := logger.MockLogger()
  1497  	defer restore()
  1498  
  1499  	// and run it!
  1500  	rest, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--", "snapname.app", "--arg1", "arg2"})
  1501  	c.Assert(err, check.IsNil)
  1502  	c.Assert(rest, check.DeepEquals, []string{"snapname.app", "--arg1", "arg2"})
  1503  	c.Check(execArg0, check.Equals, filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"))
  1504  	c.Check(execArgs, check.DeepEquals, []string{
  1505  		filepath.Join(dirs.SnapMountDir, "/core/111", dirs.CoreLibExecDir, "snap-confine"),
  1506  		"snap.snapname.app",
  1507  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1508  		"snapname.app", "--arg1", "arg2"})
  1509  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=x2")
  1510  	c.Assert(created, check.Equals, true)
  1511  
  1512  	// Ensure that the debug message is printed.
  1513  	c.Assert(logbuf.String(), testutil.Contains, "snapd cannot track the started application\n")
  1514  }
  1515  
  1516  var mockKernelYaml = []byte(`name: pc-kernel
  1517  type: kernel
  1518  version: 1.0
  1519  hooks:
  1520   fde-setup:
  1521  `)
  1522  
  1523  func (s *RunSuite) TestSnapRunHookKernelImplicitBase(c *check.C) {
  1524  	defer mockSnapConfine(dirs.DistroLibExecDir)()
  1525  
  1526  	nModel := 0
  1527  	s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) {
  1528  		switch r.URL.Path {
  1529  		case "/v2/model":
  1530  			switch nModel {
  1531  			case 0:
  1532  				c.Check(r.Method, check.Equals, "GET")
  1533  				c.Check(r.URL.RawQuery, check.Equals, "")
  1534  				fmt.Fprintln(w, happyUC20ModelAssertionResponse)
  1535  			default:
  1536  				c.Fatalf("expected to get 1 request for /v2/model, now on %d", nModel+1)
  1537  			}
  1538  			nModel++
  1539  		}
  1540  	})
  1541  
  1542  	// mock installed kernel
  1543  	snaptest.MockSnapCurrent(c, string(mockKernelYaml), &snap.SideInfo{
  1544  		Revision: snap.R(42),
  1545  	})
  1546  
  1547  	// redirect exec
  1548  	execArg0 := ""
  1549  	execArgs := []string{}
  1550  	execEnv := []string{}
  1551  	restorer := snaprun.MockSyscallExec(func(arg0 string, args []string, envv []string) error {
  1552  		execArg0 = arg0
  1553  		execArgs = args
  1554  		execEnv = envv
  1555  		return nil
  1556  	})
  1557  	defer restorer()
  1558  
  1559  	// Run a hook from the active revision
  1560  	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"run", "--hook=fde-setup", "--", "pc-kernel"})
  1561  	c.Assert(err, check.IsNil)
  1562  	c.Check(execArg0, check.Equals, filepath.Join(dirs.DistroLibExecDir, "snap-confine"))
  1563  	c.Check(execArgs, check.DeepEquals, []string{
  1564  		filepath.Join(dirs.DistroLibExecDir, "snap-confine"),
  1565  		"--base", "core20",
  1566  		"snap.pc-kernel.hook.fde-setup",
  1567  		filepath.Join(dirs.CoreLibExecDir, "snap-exec"),
  1568  		"--hook=fde-setup", "pc-kernel"})
  1569  	c.Check(execEnv, testutil.Contains, "SNAP_REVISION=42")
  1570  	c.Check(nModel, check.Equals, 1)
  1571  }