github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-confine/spread-tests/main/mount-profiles-ro-mount/task.yaml

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-confine/spread-tests/main/mount-profiles-ro-mount/task.yaml (about)

     1  summary: Check that read-only bind mounts can be created
     2  # This is blacklisted on debian because we first have to get the dpkg-vendor patches
     3  systems: [-debian-8]
     4  prepare: |
     5      echo "Having installed the snapd-hacker-toolbelt snap"
     6      snap install snapd-hacker-toolbelt
     7      echo "We can change its mount profile externally to create a read-only bind-mount"
     8      echo "/snap/snapd-hacker-toolbelt/current/src -> /snap/snapd-hacker-toolbelt/current/dst"
     9      mkdir -p /var/lib/snapd/mount
    10      echo "/snap/snapd-hacker-toolbelt/current/src /snap/snapd-hacker-toolbelt/current/dst none bind,ro 0 0" > /var/lib/snapd/mount/snap.snapd-hacker-toolbelt.busybox.fstab
    11  execute: |
    12      cd /
    13      echo "We can now look at the .id file in the destination directory"
    14      [ "$(/snap/bin/snapd-hacker-toolbelt.busybox cat /snap/snapd-hacker-toolbelt/current/dst/.id)" = "source" ]
    15  restore: |
    16      snap remove --purge snapd-hacker-toolbelt
    17      rm -rf /var/snap/snapd-hacker-toolbelt
    18      rm -f /var/lib/snapd/mount/snap.snapd-hacker-toolbelt.busybox.fstab