1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
summary: Check that plugged and unplugged device nodes are available in strict
details: |
This tests that a framebuffer device is accessible in strict and makes
sure that other devices not included in the snap's plugged interfaces are
still accessible (ie, the cgroup is not in effect).
systems: [-fedora-*, -opensuse-*,-debian-*, -arch-*, -amazon-*, -centos-*]
prepare: |
# Create framebuffer device node and give it some content we can verify
# the test snap can read.
if [ ! -e /dev/fb0 ]; then
mknod /dev/fb0 c 29 0
touch /dev/fb0.spread
fi
echo "Given a snap declaring a plug on framebuffer is installed in strict"
"$TESTSTOOLS"/snaps-state install-local test-strict-cgroup
restore: |
if [ -e /dev/fb0.spread ]; then
rm -f /dev/fb0 /dev/fb0.spread
fi
execute: |
echo "And the framebuffer plug is connected"
snap connect test-strict-cgroup:framebuffer
echo "the strict snap can access the framebuffer"
test-strict-cgroup.read-dev fb0 2>&1 | NOMATCH '(Permission denied|Operation not permitted)'
echo "the strict snap cannot access other devices"
test-strict-cgroup.read-dev mem 2>&1 | MATCH '(Permission denied|Operation not permitted)'
echo "And the framebuffer plug is disconnected"
snap disconnect test-strict-cgroup:framebuffer
echo "the strict snap cannot access the framebuffer"
test-strict-cgroup.read-dev fb0 2>&1 | MATCH '(Permission denied|Operation not permitted)'
echo "the strict snap cannot access other devices"
test-strict-cgroup.read-dev mem 2>&1 | MATCH '(Permission denied|Operation not permitted)'
|
