github.com/freetocompute/snapd@v0.0.0-20210618182524-2fb355d72fd9/cmd/snap-update-ns/system_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2019 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package main_test 21 22 import ( 23 "bytes" 24 "io/ioutil" 25 "os" 26 "path/filepath" 27 28 . "gopkg.in/check.v1" 29 30 update "github.com/snapcore/snapd/cmd/snap-update-ns" 31 "github.com/snapcore/snapd/dirs" 32 "github.com/snapcore/snapd/osutil" 33 "github.com/snapcore/snapd/testutil" 34 ) 35 36 type systemSuite struct{} 37 38 var _ = Suite(&systemSuite{}) 39 40 func (s *systemSuite) TestLock(c *C) { 41 dirs.SetRootDir(c.MkDir()) 42 defer dirs.SetRootDir("/") 43 44 upCtx := update.NewSystemProfileUpdateContext("foo", false) 45 unlock, err := upCtx.Lock() 46 c.Assert(err, IsNil) 47 c.Check(unlock, NotNil) 48 unlock() 49 } 50 51 func (s *systemSuite) TestAssumptions(c *C) { 52 // Non-instances can access /tmp, /var/snap and /snap/$SNAP_NAME 53 upCtx := update.NewSystemProfileUpdateContext("foo", false) 54 as := upCtx.Assumptions() 55 c.Check(as.UnrestrictedPaths(), DeepEquals, []string{"/tmp", "/var/snap", "/snap/foo", "/var/lib/snapd/hostfs/tmp"}) 56 c.Check(as.ModeForPath("/stuff"), Equals, os.FileMode(0755)) 57 c.Check(as.ModeForPath("/tmp"), Equals, os.FileMode(0755)) 58 c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp"), Equals, os.FileMode(0755)) 59 c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server"), Equals, os.FileMode(0700)) 60 c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/tmp"), Equals, os.FileMode(1777)) 61 c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/foo"), Equals, os.FileMode(0755)) 62 c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/tmp/.X11-unix"), Equals, os.FileMode(1777)) 63 64 // Instances can, in addition, access /snap/$SNAP_INSTANCE_NAME 65 upCtx = update.NewSystemProfileUpdateContext("foo_instance", false) 66 as = upCtx.Assumptions() 67 c.Check(as.UnrestrictedPaths(), DeepEquals, []string{"/tmp", "/var/snap", "/snap/foo_instance", "/snap/foo", "/var/lib/snapd/hostfs/tmp"}) 68 } 69 70 func (s *systemSuite) TestLoadDesiredProfile(c *C) { 71 // Mock directories. 72 dirs.SetRootDir(c.MkDir()) 73 defer dirs.SetRootDir("/") 74 75 upCtx := update.NewSystemProfileUpdateContext("foo", false) 76 text := "/snap/foo/42/dir /snap/bar/13/dir none bind,rw 0 0\n" 77 78 // Write a desired system mount profile for snap "foo". 79 path := update.DesiredSystemProfilePath(upCtx.InstanceName()) 80 c.Assert(os.MkdirAll(filepath.Dir(path), 0755), IsNil) 81 c.Assert(ioutil.WriteFile(path, []byte(text), 0644), IsNil) 82 83 // Ask the system profile update helper to read the desired profile. 84 profile, err := upCtx.LoadDesiredProfile() 85 c.Assert(err, IsNil) 86 builder := &bytes.Buffer{} 87 profile.WriteTo(builder) 88 89 c.Check(builder.String(), Equals, text) 90 } 91 92 func (s *systemSuite) TestLoadCurrentProfile(c *C) { 93 // Mock directories. 94 dirs.SetRootDir(c.MkDir()) 95 defer dirs.SetRootDir("/") 96 97 upCtx := update.NewSystemProfileUpdateContext("foo", false) 98 text := "/snap/foo/42/dir /snap/bar/13/dir none bind,rw 0 0\n" 99 100 // Write a current system mount profile for snap "foo". 101 path := update.CurrentSystemProfilePath(upCtx.InstanceName()) 102 c.Assert(os.MkdirAll(filepath.Dir(path), 0755), IsNil) 103 c.Assert(ioutil.WriteFile(path, []byte(text), 0644), IsNil) 104 105 // Ask the system profile update helper to read the current profile. 106 profile, err := upCtx.LoadCurrentProfile() 107 c.Assert(err, IsNil) 108 builder := &bytes.Buffer{} 109 profile.WriteTo(builder) 110 111 // The profile is returned unchanged. 112 c.Check(builder.String(), Equals, text) 113 } 114 115 func (s *systemSuite) TestSaveCurrentProfile(c *C) { 116 // Mock directories and create directory for runtime mount profiles. 117 dirs.SetRootDir(c.MkDir()) 118 defer dirs.SetRootDir("/") 119 c.Assert(os.MkdirAll(dirs.SnapRunNsDir, 0755), IsNil) 120 121 upCtx := update.NewSystemProfileUpdateContext("foo", false) 122 text := "/snap/foo/42/dir /snap/bar/13/dir none bind,rw 0 0\n" 123 124 // Prepare a mount profile to be saved. 125 profile, err := osutil.LoadMountProfileText(text) 126 c.Assert(err, IsNil) 127 128 // Ask the system profile update to write the current profile. 129 c.Assert(upCtx.SaveCurrentProfile(profile), IsNil) 130 c.Check(update.CurrentSystemProfilePath(upCtx.InstanceName()), testutil.FileEquals, text) 131 } 132 133 func (s *systemSuite) TestDesiredSystemProfilePath(c *C) { 134 c.Check(update.DesiredSystemProfilePath("foo"), Equals, "/var/lib/snapd/mount/snap.foo.fstab") 135 } 136 137 func (s *systemSuite) TestCurrentSystemProfilePath(c *C) { 138 c.Check(update.CurrentSystemProfilePath("foo"), Equals, "/run/snapd/ns/snap.foo.fstab") 139 }