1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
summary: Verify sandbox is correctly reported
details: |
The sandbox command prints tags describing features of individual sandbox
components used by snapd on a given system.
This test checks that in the supported systems the command
`snap debug sandbox-feature` reports the proper information like
the supported features for: apparmor, seccomp, udev, etc.
execute: |
case "$SPREAD_SYSTEM" in
ubuntu-core*)
snap debug sandbox-features | grep "confinement-options: " | NOMATCH "classic"
snap debug sandbox-features | MATCH "apparmor: .+"
;;
fedora-*|opensuse-*-selinux-*)
# Fedora because it uses SELinux
snap debug sandbox-features | NOMATCH "apparmor: .+"
;;
ubuntu-*|opensuse-*|debian-sid-*|arch-linux-*)
# Debian, openSUSE, Arch because partial apparmor is enabled
snap debug sandbox-features | MATCH "apparmor: .+"
;;
esac
snap debug sandbox-features | MATCH "dbus: .+"
snap debug sandbox-features | MATCH "kmod: .+"
snap debug sandbox-features | MATCH "mount: .+"
snap debug sandbox-features | MATCH "seccomp: .+"
snap debug sandbox-features | MATCH "udev: .+"
# The command can be used as script helper
snap debug sandbox-features --required kmod:mediated-modprobe
not snap debug sandbox-features --required magic:evil-bit
# Multiple requirements may be listed
snap debug sandbox-features --required kmod:mediated-modprobe --required mount:stale-base-invalidation
|
