Skip to content

feat: mknod intercepts now configurable from LXDProvider #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mattculler merged 4 commits into from
Jan 16, 2025
Merged

feat: mknod intercepts now configurable from LXDProvider #717

mattculler merged 4 commits into from
Jan 16, 2025

Conversation

@mattculler
Copy link
Contributor

@mattculler mattculler commented Jan 15, 2025
edited
Loading

  • Have you followed the guidelines for contributing?
  • Have you signed the CLA?
  • Have you successfully run tox?

Allow craft-application's ProviderService to dis/allow intercepting mknod calls in LXD.

canonical/craft-application#607

@mattculler mattculler linked an issue Jan 15, 2025 that may be closed by this pull request
Don't set security.syscalls.intercept.mknod=true for LXD provider #191
Closed
@mattculler mattculler mentioned this pull request Jan 15, 2025
Open
3 tasks
@mattculler mattculler marked this pull request as ready for review January 16, 2025 15:44
@mattculler mattculler self-assigned this Jan 16, 2025
@upils upils requested review from mr-cal and upils January 16, 2025 16:11
@mattculler mattculler requested a review from a team January 16, 2025 20:00
lengau
lengau approved these changes Jan 16, 2025
View reviewed changes
Copy link
Collaborator

@lengau lengau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a changelog item :-)

@mattculler mattculler force-pushed the work/CRAFT-2568-settable-mknod-intercept branch from 2da89ca to 65e8706 Compare January 16, 2025 20:16
@mattculler mattculler merged commit 6ceb498 into main Jan 16, 2025
16 checks passed
@mattculler mattculler deleted the work/CRAFT-2568-settable-mknod-intercept branch January 16, 2025 21:55
tigarmo pushed a commit that referenced this pull request Feb 3, 2025
@clay-lake @mr-cal @mattculler
feat: updates to complete feature set for RK042 - Support for Pro Roc…
2e6a559 
…ks in Rockcraft. (#721)

* ci: install lxd on ubuntu 24.04

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* ci: install lxd from the candidate channel

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* docs: remove starter pack submodule (#713)

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* fix: use Multipass-compatible instance names (#712)

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* feat: upstream snap hooks (#710)

* feat: add hookutil from downstream repo

Lightly modified to remove proprietary identifiers, not functional in this
state.

* feat: make hookutil work generically

* chore: disable lint check - may change approach later

* feat: add unit tests from downstream

* chore: linter issues

* fix: craft-providers CI doesn't have lxd, mock it out

* chore(style): rename per code review

* chore(style): rename per code review

* chore(style): rename per code review

* chore: update changed names in test

* refactor: remove globals, let LXDInstances keep project_name

* chore: autoformat

* fix: compat tag structure had been dependent on craft-application

- This way is also simpler in the code, with a slight performance hit for the
  regex.
- There's no way to get the full compat tag without having a fully-instantiated
  application.
- Also fixed some debug output.

* feat(tests): add configure hook integration test

* feat: added remove hook test and beefed up configure hook test

* chore: autoformat

* fix: unit tests for changed interface

* chore: autoformat, this time with the other tool!

* chore: autoformat the third

* fix: use the superior is-installed check from c-prov proper

* fix: lint

* feat: mknod intercepts now configurable from LXDProvider (#717)

* feat: mknod intercepts now configurable from LXDProvider

* fix: unit test

* fix: lint

* docs: update changelog (also includes item from #710)

* feat: add modify_file method to Executor class

* feat: add properties for getting setting pro services applied to environment

* feat: make pull optional in Executor.modify_file

* fix(LXDInstance): missing pro_services file returns none

* trigger ci

* refactor: adjustments to satisfy linters

---------

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>
Co-authored-by: Callahan Kovacs <callahan.kovacs@canonical.com>
Co-authored-by: Matt Culler <matt.culler@canonical.com>
@upils upils removed their request for review July 17, 2025 07:27
clay-lake added a commit to clay-lake/craft-providers that referenced this pull request Aug 27, 2025
@clay-lake @mr-cal @mattculler
feat: updates to complete feature set for RK042 - Support for Pro Roc…
9a3bd88 
…ks in Rockcraft. (canonical#721)

* ci: install lxd on ubuntu 24.04

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* ci: install lxd from the candidate channel

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* docs: remove starter pack submodule (canonical#713)

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* fix: use Multipass-compatible instance names (canonical#712)

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>

* feat: upstream snap hooks (canonical#710)

* feat: add hookutil from downstream repo

Lightly modified to remove proprietary identifiers, not functional in this
state.

* feat: make hookutil work generically

* chore: disable lint check - may change approach later

* feat: add unit tests from downstream

* chore: linter issues

* fix: craft-providers CI doesn't have lxd, mock it out

* chore(style): rename per code review

* chore(style): rename per code review

* chore(style): rename per code review

* chore: update changed names in test

* refactor: remove globals, let LXDInstances keep project_name

* chore: autoformat

* fix: compat tag structure had been dependent on craft-application

- This way is also simpler in the code, with a slight performance hit for the
  regex.
- There's no way to get the full compat tag without having a fully-instantiated
  application.
- Also fixed some debug output.

* feat(tests): add configure hook integration test

* feat: added remove hook test and beefed up configure hook test

* chore: autoformat

* fix: unit tests for changed interface

* chore: autoformat, this time with the other tool!

* chore: autoformat the third

* fix: use the superior is-installed check from c-prov proper

* fix: lint

* feat: mknod intercepts now configurable from LXDProvider (canonical#717)

* feat: mknod intercepts now configurable from LXDProvider

* fix: unit test

* fix: lint

* docs: update changelog (also includes item from canonical#710)

* feat: add modify_file method to Executor class

* feat: add properties for getting setting pro services applied to environment

* feat: make pull optional in Executor.modify_file

* fix(LXDInstance): missing pro_services file returns none

* trigger ci

* refactor: adjustments to satisfy linters

---------

Signed-off-by: Callahan Kovacs <callahan.kovacs@canonical.com>
Co-authored-by: Callahan Kovacs <callahan.kovacs@canonical.com>
Co-authored-by: Matt Culler <matt.culler@canonical.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lengau lengau lengau approved these changes

@mr-cal mr-cal mr-cal approved these changes

Assignees

@mattculler mattculler

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Don't set security.syscalls.intercept.mknod=true for LXD provider

4 participants

@mattculler @lengau @mr-cal