1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
summary: Ensure the system handles properly a big number of core provided connections
details: |
Install a test snap that plugs as many core provided interfaces as is
possible and verify the command can run. This will help catch performance
issues in snapd, AppArmor,seccomp policy parsing, etc.
environment:
CONSUMER_SNAP: test-snapd-policy-app-consumer
prepare: |
echo "Given a snap is installed"
"$TESTSTOOLS"/snaps-state install-local "$CONSUMER_SNAP"
# If possible, prepare a session for the test user. On many systems this
# will allow running all tests as the unprivileged user. This shields us
# from accidentally triggering any additional processes from run in the
# session of the root user and stay behind after this test terminates.
if tests.session has-session-systemd-and-dbus; then
tests.session -u test prepare
fi
restore: |
# Remove the snaps to avoid timeout in next test
if tests.session has-session-systemd-and-dbus; then
tests.session -u test restore
fi
execute: |
echo "For each core-provided slot"
SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"
for plugcmd in "$SNAP_MOUNT_DIR"/bin/"$CONSUMER_SNAP".* ; do
# Just connect CONNECTIONS_PERCENTAGE of the interfaces on
# the current system
if [ -n "$CONNECTIONS_PERCENTAGE" ] && [ "$((RANDOM % (100 / CONNECTIONS_PERCENTAGE) ))" != 0 ]; then
echo "skipping plug: $plugcmd"
continue
fi
plugcmd_bn=$(basename "$plugcmd")
plug_iface=$(echo "$plugcmd_bn" | tr '.' ':')
#shellcheck disable=SC2001
slot_iface=$(echo "$plug_iface" | sed "s/$CONSUMER_SNAP//")
# we test browser-support two different ways, so account for that
if [ "$plug_iface" = "$CONSUMER_SNAP:browser-sandbox" ]; then
slot_iface=":browser-support"
fi
CONNECTED_PATTERN="$slot_iface +.*$CONSUMER_SNAP"
DISCONNECTED_PATTERN="$slot_iface +-"
# Skip any interfaces that core doesn't ship
if ! snap interfaces | grep -E -q "$slot_iface +"; then
echo "$slot_iface not present, skipping"
continue
fi
if [ "$plug_iface" = "$CONSUMER_SNAP:qualcomm-ipc-router" ] && ( os.query is-trusty || os.query is-xenial || os.query is-core16) ; then
# the qualcomm-ipc-router interface is known not to work on xenial,
# just check that it cannot be connected and move on
snap connect "$plug_iface" "$slot_iface" 2>&1 | MATCH "cannot connect plug on system without qipcrtr socket support"
continue
fi
if [ "$plug_iface" = "$CONSUMER_SNAP:mount-control" ] && os.query is-trusty ; then
# systemd version is too old, skipping
snap connect "$plug_iface" "$slot_iface" 2>&1 | MATCH "systemd version 204 is too old \\(expected at least 209\\)"
continue
fi
# The netlink-audit interface adds the `audit_read` capability to the
# AppArmor profile, but that's not supported on some older systems
if [ "$plug_iface" = "$CONSUMER_SNAP:netlink-audit" ] && os.query is-trusty; then
snap connect "$plug_iface" "$slot_iface" 2>&1 | MATCH "cannot connect plug on system without audit_read support"
continue
fi
echo "When slot $slot_iface is connected"
if snap interfaces | grep -E -q "$DISCONNECTED_PATTERN"; then
if [ "$slot_iface" = ":broadcom-asic-control" ] || [ "$slot_iface" = ":firewall-control" ] || [ "$slot_iface" = ":kubernetes-support" ] || [ "$slot_iface" = ":microstack-support" ] || [ "$slot_iface" = ":openvswitch-support" ] || [ "$slot_iface" = ":ppp" ]; then
# TODO: when the kmod backend no longer fails on missing
# modules, we can remove this
snap connect "$plug_iface" "$slot_iface" || true
else
snap connect "$plug_iface" "$slot_iface"
fi
fi
snap interfaces | MATCH "$CONNECTED_PATTERN"
echo "Then $plugcmd should succeed"
if tests.session has-session-systemd-and-dbus; then
tests.session -u test exec "$plugcmd" | MATCH PASS
else
# If we cannot run the plug command as the test user, in the
# relative safety of the user session which gets torn down, then
# run the test directly EXCEPT when testing the desktop interface.
#
# The desktop interface causes, at minimum, XDG document portal to
# activate in the root users's session, which is not cleaned up.
# Since that interface will only be used in a real session, leaving
# it out is acceptable.
if [ "$plugcmd" != "${CONSUMER_SNAP}.desktop" ]; then
"$plugcmd" | MATCH PASS
else
echo "skipping $plugcmd on an unsupported system"
fi
fi
echo "Finally disconnect the interface"
if [ "$DISCONNECT_INTERFACES" == true ] && snap interfaces | grep -E -q "$CONNECTED_PATTERN"; then
if [ "$plug_iface" = "$CONSUMER_SNAP:browser-sandbox" ]; then
snap disconnect "$CONSUMER_SNAP:browser-support" "$slot_iface"
else
snap disconnect "$plug_iface" "$slot_iface"
fi
fi
done
echo "Removing the consumer snap"
# When DISCONNECT_INTERFACES = false, then all the interfaces are connected and
# are disconnected suring the snap removal
snap remove --purge "$CONSUMER_SNAP"
|
