1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
summary: Check that `snapctl` can be run from within hooks
details: |
Verifies the `snapctl` command can be invoked by regular users, check some
error messages and that the snapd API is only available via the snapd socket.
prepare: |
snap pack "$TESTSLIB"/snaps/snapctl-hooks
snap install --dangerous snapctl-hooks_1.0_all.snap
execute: |
echo "Verify that snapctl -h runs without a context"
if ! snapctl -h; then
echo "Expected snapctl -h to be successful"
exit 1
fi
echo "Verify that snapctl -h and --help run for regular users"
for arg in "-h" "--help"; do
if ! su -c "snapctl $arg" test ; then
echo "Expected snapctl -h to be successful for regular user"
exit 1
fi
done
echo "Verify that snapctl set -h run for regular user"
if ! su -c "snapctl get -h" test ; then
echo "Expected snapctl get -h to be successful for test user"
exit 1
fi
echo "Verify that snapctl set is forbidden for regular user"
su -c "snapctl set snapctl-hooks foo=bar" test 2>&1 | MATCH "cannot use \"set\" with uid .*, try with sudo"
echo "Verify that snapctl fails with correct error message using flag if regular user"
su -c "snapctl start --enable" test 2>&1 | MATCH "cannot use \"start\" with uid [0-9]+, try with sudo"
echo "Verify that the snapd API is only available via the snapd socket"
if ! printf 'GET /v2/snaps HTTP/1.0\r\n\r\n' | nc -U -w 1 /run/snapd.socket | grep '200 OK'; then
echo "Expected snapd API to be available on the snapd socket"
echo "Got: $(snap debug api /v2/snaps)"
exit 1
fi
if ! printf 'GET /v2/snaps HTTP/1.0\r\n\r\n' | nc -U -w 1 /run/snapd-snap.socket | grep '403 Forbidden'; then
echo "Expected snapd API to be forbidden on the snap socket"
exit 1
fi
|
