File: task.yaml

package info (click to toggle)
snapd 2.72-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 80,412 kB
  • sloc: sh: 16,506; ansic: 16,211; python: 11,213; makefile: 1,919; exp: 190; awk: 58; xml: 22
file content (62 lines) | stat: -rw-r--r-- 2,499 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
summary: Ensure that the auditd-support interface works.

details: |
    The auditd-support interface allows enabling/disabling the kernel audit
    system, changing auditing filters, retrieving auditing status and filtering
    rules. It also allows accessing various paths related to auditd. The
    test-snapd-auditd-support snap requires the audit_control capability and
    accesses those paths.

# arch: CONFIG_AUDIT is not enabled in the default kernel
# arm: test-snapd-auditd-support is only built for x86_64
# TODO: build test-snapd-auditd-support for arm and remove that restriction here
systems: [-arch-*, -ubuntu-*-arm-*]

prepare: |
    # Install a snap declaring a plug on auditd-support
    snap install test-snapd-auditd-support

execute: |
    echo "When the interface is connected"
    snap connect test-snapd-auditd-support:auditd-support

    echo "Then the snap is able to use the audit_control capability"
    test-snapd-auditd-support.audit-rate

    echo "And the snap is able to read /proc/*/{loginuid,sessionid} and write /run/auditd.{pid,state}"
    test-snapd-auditd-support.read-ids
    test-snapd-auditd-support.write-auditd-pid-state

    echo "And the snap is able to adjust its own OOM score"
    test-snapd-auditd-support.adjust-oom-score

    if [ "$(snap debug confinement)" = partial ] ; then
        exit 0
    fi

    echo "When the plug is disconnected"
    snap disconnect test-snapd-auditd-support:auditd-support

    echo "Then the snap is not able to use the audit_control capability"
    if test-snapd-auditd-support.audit-rate; then
        echo "Expected permission error using audit_control capability"
        exit 1
    fi

    echo "And the snap is not able to read /proc/*/{loginuid,sessionid} or write /run/auditd.{pid,state}"
    if os.query is-ubuntu-gt 16.04 && test-snapd-auditd-support.read-ids; then
        # Skip this check on Ubuntu <= 16.04, since /proc/*/{loginuid,sessionid}
        # are always readable for some reason, when run in GitHub CI.
        echo "Expected permission error reading /proc/*/{loginuid,sessionid}"
        exit 1
    fi
    if test-snapd-auditd-support.write-auditd-pid-state; then
        echo "Expected permission error writing /run/auditd.pid and /run/auditd.state"
        exit 1
    fi

    echo "And the snap is not able to adjust its own OOM score"
    if test-snapd-auditd-support.adjust-oom-score; then
        echo "Expected permission error writing /proc/self/oom_score_adj"
        exit 1
    fi