snapd icon indicating copy to clipboard operation
snapd copied to clipboard

Published 20 hours ago verified publisher icon snapcore

many: vendor apparmor into the snapd snap (take 3)

Open alexmurray opened this issue 3 years ago • 8 comments

This PR is a rework of #11096 - it updates the vendored apparmor to the 3.0.7 upstream release, plus it changes the behaviour of the apparmor sandbox in snapd to only use the vendored apparmor when the hosts snapd has a snapd-apparmor that supports reexec. Finally it extends the snapd-snap spread test to test the case where the host snapd-apparmor does not support re-exec by downgrading the snapd deb to the original version from the Ubuntu archive during the test (as this does not currently support reexec for snapd-apparmor).

alexmurray avatar Aug 30 '22 04:08 alexmurray

Closing and reopening to retrigger actions checks since unit-tests (latest/stable, normal) seems to have unexpectedly failed.

alexmurray avatar Aug 30 '22 23:08 alexmurray

I'm unsure about the spread tests, because it seems we are creating a mega-test (tests/main/snapd-snap) to basically test that the snap package of snapd is sane, but do we really need to do that, since we already have the ubuntu-core tests which are testing the snapd snap?

So the reason the ubuntu-core tests are not sufficient is that they use the snapd snap from the edge channel - whereas in this case until this PR is merged, the snapd snap on edge does not have a vendored apparmor - and so the only way to test the snapd snap with a vendored apparmor in spread is by doing it in the snapd-snap spread test as that builds the snapd-snap directly from this branch.

alexmurray avatar Sep 06 '22 05:09 alexmurray

@mardy @pedronis thanks for the review comments - I believe I have now addressed all of them - can you please take another look? Thanks.

alexmurray avatar Sep 06 '22 05:09 alexmurray

@mvo5 this has approvals from mardy and pedronis - can it be merged? Thanks.

alexmurray avatar Sep 08 '22 06:09 alexmurray

Closing and reopening to retrigger github actions since failed previously on a proxy error trying to contact launchpad.net when building the snapd snap.

alexmurray avatar Sep 21 '22 03:09 alexmurray

Ping @mvo5 - I see you already self-assigned to review this but just want to make sure it doesn't get forgotten :) thanks

alexmurray avatar Oct 10 '22 11:10 alexmurray

@mvo5 I just pushed a fix for the failing snapd-snap spread test on arm64

alexmurray avatar Oct 11 '22 23:10 alexmurray

@mvo5 is there anything you need from me to get this merged?

alexmurray avatar Nov 15 '22 06:11 alexmurray

@alexmurray @mvo5 I cannot build the snap of snapd locally anymore since this PR.

Was something changed in the way to build the snap? I have tried using snapcraft 4.x and do a clean build. There are missing build dependencies for apparmor.

valentindavid avatar Nov 24 '22 15:11 valentindavid

Opened #12348 to fix it.

valentindavid avatar Nov 24 '22 15:11 valentindavid