github.com/rigado/snapd@v2.42.5-go-mod+incompatible/cmd/snap-confine/spread-tests/main/mount-ns-layout/task.yaml

github.com/rigado/snapd@v2.42.5-go-mod+incompatible/cmd/snap-confine/spread-tests/main/mount-ns-layout/task.yaml (about)

     1  summary: Ensure that the mount namespace a given layout
     2  details: |
     3      This test analyzes /proc/self/mountinfo which contains a representation of
     4      the mount table of the current process. The mount table is a very sensitive
     5      part of the confinement design. This test measures the effective table,
     6      normalizes it (to remove some inherent randomness of certain identifiers
     7      and make it uniform regardless of particular names of block devices, snap
     8      revisions, etc.) and then compares it to a canned copy.
     9  
    10      There are several reference tables, one for core (aka all-snap system) and
    11      one for classic. At this time only classic systems are measured and tested.
    12      The classic systems are further divided into those using the core snap and
    13      those using the older ubuntu-core snap. Lastly, they are divided by
    14      architectures to take account any architecture specific differences.
    15  prepare: |
    16      echo "Having installed a busybox"
    17      snap install snapd-hacker-toolbelt
    18  execute: |
    19      echo "We can map the kernel architecture name to snap architecture name"
    20      arch=$(./snap-arch.py)
    21      echo "We can run busybox true so that snap-confine creates a mount namespace"
    22      snapd-hacker-toolbelt.busybox true
    23      echo "Using nsenter we can move to that namespace, inspect and normalize the mount table"
    24      nsenter -m/run/snapd/ns/snapd-hacker-toolbelt.mnt \
    25          cat /proc/self/mountinfo | ./process.py > observed.json
    26      echo "We can now compare the obtained mount table to expected values"
    27      if [ -e /snap/core/current ]; then
    28          cmp observed.json expected.classic.core.$SPREAD_BACKEND.$arch.json
    29      else
    30          cmp observed.json expected.classic.ubuntu-core.$SPREAD_BACKEND.$arch.json
    31      fi
    32  debug: |
    33      echo "When something goes wrong we can display a human-readable diff"
    34      arch=$(./snap-arch.py)
    35      if [ -e /snap/core/current ]; then
    36          diff -u observed.json expected.classic.core.$SPREAD_BACKEND.$arch.json || :
    37      else
    38          diff -u observed.json expected.classic.ubuntu-core.$SPREAD_BACKEND.$arch.json || :
    39      fi
    40      echo "And pastebin the raw table for analysis"
    41      apt-get install pastebinit
    42      nsenter -m/run/snapd/ns/snapd-hacker-toolbelt.mnt \
    43          cat /proc/self/mountinfo | pastebinit
    44  restore: |
    45      snap remove snapd-hacker-toolbelt
    46      rm -f observed.json