File: task.yaml

package info (click to toggle)
snapd 2.72-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 80,412 kB
  • sloc: sh: 16,506; ansic: 16,211; python: 11,213; makefile: 1,919; exp: 190; awk: 58; xml: 22
file content (99 lines) | stat: -rw-r--r-- 4,687 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
summary: Ensure that the polkit interface works.

details: |
    The polkit interface allows snap applications to (1) Obtain limited access to
    the policy kit service (2) Install custom polkit rules. The test installs a snap
    with a plug for each of the mentioned use cases. A plug for controlling permissions
    with a specific prefix, checking that the policy file is installed and that the
    snap can request policy operations with the same prefix as is declared in the
    plug. The other is for checking that custom polkit rules are properly installed.

# amazon-linux-2023: polkit not installed by default
# ubuntu-core < uc24: polkit rules path is not writable
# ubuntu-*-arm*: snap is not available for arm
systems:
    - -ubuntu-core-16-*
    - -ubuntu-core-18-*
    - -ubuntu-core-20-*
    - -ubuntu-core-22-*
    - -amazon-linux-2023-64
    - -ubuntu-*-arm*

prepare: |
    if ! tests.session has-session-systemd-and-dbus; then
        exit 0
    fi
    tests.session -u test prepare

restore: |
    if ! tests.session has-session-systemd-and-dbus; then
        exit 0
    fi
    rm -f /home/test/sleep.stamp
    tests.session -u test restore

execute: |
    # We don't actually need a D-Bus session bus, but this is a good
    # guard for support for a user session.
    if ! tests.session has-session-systemd-and-dbus; then
        exit 0
    fi

    echo "Install the test snap"
    snap install --edge test-snapd-polkit

    snap_mount_dir="$(os.paths snap-mount-dir)"

    # Run policy checks only on classic because /usr/share/polkit-1/actions is not writable on Ubuntu Core.
    if ! os.query is-core; then
        echo "Test polkit actions"

        echo "The polkit-action plug is disconnected by default"
        snap connections test-snapd-polkit | MATCH "polkit +test-snapd-polkit:polkit-action +- +-"

        echo "The polkit policy file is not installed"
        test ! -f /usr/share/polkit-1/actions/snap.test-snapd-polkit.interface.polkit-action.foo.policy

        echo "The polkit-action plug can be connected"
        snap connect test-snapd-polkit:polkit-action
        snap connections test-snapd-polkit | MATCH "polkit +test-snapd-polkit:polkit-action +:polkit +manual"

        echo "Snapd has installed the policy file for the service"
        test -f /usr/share/polkit-1/actions/snap.test-snapd-polkit.interface.polkit-action.foo.policy
        echo "The contents match the file provided by the snap"
        cmp /usr/share/polkit-1/actions/snap.test-snapd-polkit.interface.polkit-action.foo.policy "$snap_mount_dir"/test-snapd-polkit/current/meta/polkit/polkit-action.foo.policy

        echo "Create a non-privileged process, and get its pid"
        tests.session -u test exec systemd-run --user --unit test-snapd-sleep.service sh -c 'touch /home/test/sleep.stamp && exec sleep 1h'
        retry -n 30 --wait 0.1 test -e /home/test/sleep.stamp
        user_pid=$(tests.session -u test exec systemctl --user show --property=MainPID test-snapd-sleep.service | cut -d = -f 2)
        uid="$(stat --format %u "/proc/$user_pid")"
        pid_start="$(sed 's/([^)]*)/program/' < "/proc/$user_pid/stat" | cut -d ' ' -f 22)"

        echo "The snap can talk to polkitd"
        test-snapd-polkit.check-pid "$user_pid" "$pid_start" "$uid" org.example.foo.AlwaysAllow \
            | MATCH '^\(bba\{ss\}\) True False '
        test-snapd-polkit.check-pid "$user_pid" "$pid_start" "$uid" org.example.foo.AlwaysDeny \
            | MATCH '^\(bba\{ss\}\) False False '
    fi

    # Skip rule checks for Ubuntu <= 22.04 and Debian 11 because they don't support the
    # /etc/polkit-1/rules.d rules directory i.e polkit version < 0.106
    if ! os.query is-ubuntu-le 22.04 && ! os.query is-debian 11 ;then
        echo "Test polkit rules installation"

        echo "The polkit-rule plug is disconnected by default"
        snap connections test-snapd-polkit | MATCH "polkit +test-snapd-polkit:polkit-rule +- +-"

        echo "The polkit rule file is not installed"
        test ! -f /etc/polkit-1/rules.d/70-snap.test-snapd-polkit.polkit-rule.bar.rules

        echo "The polkit-rule plug can be connected"
        snap connect test-snapd-polkit:polkit-rule
        snap connections test-snapd-polkit | MATCH "polkit +test-snapd-polkit:polkit-rule +:polkit +manual"

        echo "Snapd has installed the rule file for the service"
        test -f /etc/polkit-1/rules.d/70-snap.test-snapd-polkit.polkit-rule.bar.rules
        echo "The contents match the file provided by the snap"
        cmp /etc/polkit-1/rules.d/70-snap.test-snapd-polkit.polkit-rule.bar.rules "$snap_mount_dir"/test-snapd-polkit/current/meta/polkit/polkit-rule.bar.rules
    fi