1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
summary: Ensure that the shared-memory interface's private mode works.
details: |
The shared-memory interface has a "private" attribute. If set on a
plug, then it can connect to the implicit system:shared-memory
slot to enable a private /dev/shm namespace.
This removes the naming restrictions on POSIX shared memory
objects usually enforced by snapd at the expense of limiting their
scope to other processes within the snap's sandbox.
# Ubuntu 14.04 has /dev/shm symlinked to /run/shm
systems:
- -ubuntu-14.04*
prepare: |
"$TESTSTOOLS"/snaps-state install-local shm-private
tests.session -u test prepare
restore: |
tests.session -u test restore
snap remove --purge shm-private
rm -rf /dev/shm/snap.shm-private
execute: |
echo "shared-memory plugs with 'private: true' set are autoconnected"
snap connections shm-private | MATCH "shared-memory +shm-private:shmem-private +:shared-memory +-"
echo "The private /dev/shm directory has the correct permissions"
shm-private.cmd stat -c %a /dev/shm | MATCH '^1777$'
echo "The snap can create arbitrary named segments under /dev/shm"
shm-private.cmd touch /dev/shm/root-segment
tests.session -u test exec shm-private.cmd touch /dev/shm/user-segment
echo "The shm segments are not visible to the host system"
not test -f /dev/shm/root-segment
not test -f /dev/shm/user-segment
echo "But are visible to the snap"
shm-private.cmd test -f /dev/shm/root-segment
shm-private.cmd test -f /dev/shm/user-segment
echo "The private shm segments are stored in a subdirectory of /dev/shm"
test -f /dev/shm/snap.shm-private/root-segment
test -f /dev/shm/snap.shm-private/user-segment
echo "Mount namespace updates create directory with correct permissions"
snap disconnect shm-private:shmem-private
rm -rf /dev/shm/snap.shm-private
snap connect shm-private:shmem-private
shm-private.cmd stat -c %a /dev/shm | MATCH '^1777$'
|
