diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml index 9a4c964c66f..3f62e5db233 100644 --- a/.github/workflows/ci-test.yaml +++ b/.github/workflows/ci-test.yaml @@ -539,6 +539,7 @@ jobs: needs: [unit-tests, unit-tests-c, snap-builds, read-systems] if: contains(needs.read-systems.outputs.fundamental-systems, 'systems') name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -578,6 +579,7 @@ jobs: # only after the fundamental systems job succeeds. needs: [unit-tests, unit-tests-c, snap-builds, read-systems, spread-fundamental] name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -612,6 +614,7 @@ jobs: # on the fundamental systems job's success before running this job. needs: [unit-tests, unit-tests-c, snap-builds, read-systems] name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -638,6 +641,7 @@ jobs: needs: [unit-tests, unit-tests-c, snap-builds, read-systems] if: contains(needs.read-systems.outputs.nested-systems, 'systems') name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. diff --git a/.github/workflows/nightly-spread.yaml b/.github/workflows/nightly-spread.yaml index 7e6496cbc14..0036097469b 100644 --- a/.github/workflows/nightly-spread.yaml +++ b/.github/workflows/nightly-spread.yaml @@ -30,6 +30,7 @@ jobs: spread-nightly: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-nightly') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: openstack @@ -42,6 +43,7 @@ jobs: spread-nightly-google: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-nightly-google') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} @@ -79,6 +81,7 @@ jobs: spread-test-build-from-current: if: ${{ github.event.schedule == '0 6 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-build-from-current') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} @@ -99,6 +102,7 @@ jobs: spread-test-experimental: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-experimental') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: openstack @@ -132,6 +136,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -155,6 +160,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -177,6 +183,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -197,6 +204,7 @@ jobs: spread-test-with-kernels: if: ${{ github.event.schedule == '0 6 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-with-kernels') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} diff --git a/.github/workflows/spread-tests.yaml b/.github/workflows/spread-tests.yaml index a7407733a62..e14b7666115 100644 --- a/.github/workflows/spread-tests.yaml +++ b/.github/workflows/spread-tests.yaml @@ -65,6 +65,8 @@ jobs: env: SPREAD_EXPERIMENTAL_FEATURES: ${{ inputs.spread-experimental-features }} GH_TOKEN: ${{ github.token }} + SPREAD_STORE_USER: ${{ secrets.SPREAD_STORE_USER }} + SPREAD_STORE_PASSWORD: ${{ secrets.SPREAD_STORE_PASSWORD }} runs-on: ${{ fromJSON(inputs.runs-on) }} steps: diff --git a/.github/workflows/weekly-feature-tagging.yaml b/.github/workflows/weekly-feature-tagging.yaml index 538e80a37b0..627e4aef10c 100644 --- a/.github/workflows/weekly-feature-tagging.yaml +++ b/.github/workflows/weekly-feature-tagging.yaml @@ -84,6 +84,7 @@ jobs: needs: [set-inputs, read-systems] name: "spread ${{ matrix.group }}" if: needs.read-systems.outputs.fundamental-systems != '' + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} @@ -105,6 +106,7 @@ jobs: needs: [set-inputs, read-systems] if: needs.read-systems.outputs.non-fundamental-systems != '' name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} @@ -125,6 +127,7 @@ jobs: needs: [set-inputs, read-systems] if: needs.read-systems.outputs.nested-systems != '' name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} diff --git a/.github/workflows/weekly-state-locks.yaml b/.github/workflows/weekly-state-locks.yaml index 713b386894d..fcc186434a5 100644 --- a/.github/workflows/weekly-state-locks.yaml +++ b/.github/workflows/weekly-state-locks.yaml @@ -9,6 +9,7 @@ jobs: run-spread-tests: uses: ./.github/workflows/spread-tests.yaml name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} diff --git a/NEWS.md b/NEWS.md index f16a16902fd..81ffaf47638 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,11 @@ +# New in snapd 2.74.1 +* FDE: measure DeployedMode and AuditMode variables if they appear as disabled in the event log to avoid a potential reseal-failure boot loop +* LP: #2139611 FDE: fix db updates by allowing multiple payloads +* LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising memory lock limit when required +* LP: #2139099 snap-confine: bump the max element count of the BPF map used to store IDs of allowed/matched devices to 1000 +* Interfaces: Added pidfd_open and memfd_secret to seccomp template +* Interfaces: camera | add locking permission for /dev/video + # New in snapd 2.74 * FDE: use new activation API from secboot * FDE: use activation API also with non keydata keys diff --git a/cmd/libsnap-confine-private/device-cgroup-support.c b/cmd/libsnap-confine-private/device-cgroup-support.c index 2e005cc4853..a1f73d82711 100644 --- a/cmd/libsnap-confine-private/device-cgroup-support.c +++ b/cmd/libsnap-confine-private/device-cgroup-support.c @@ -390,8 +390,14 @@ static int _sc_cgroup_v2_init_bpf(sc_device_cgroup *self, int flags) { int devmap_fd = bpf_get_by_path(path); /* keep a copy of errno in case it gets clobbered */ int get_by_path_errno = errno; - /* XXX: this should be more than enough keys */ - const size_t max_entries = 500; + /* This used to be 500 (using ~47kB of kernel mem), but got bumped to 1000 + (~89kB of kernel mem) due to LP#2139099. Should be more than enough keys + now. */ + /* TODO: make this configurable or proportional to number of + interfaces/potentially matching devices, system memory size or see + whether we can maybe use a 2 stage combination of + BPF_MAP_TYPE_BLOOM_FILTER & BPF_MAP_TYPE_HASH */ + const size_t max_entries = 1000; if (devmap_fd < 0) { if (get_by_path_errno != ENOENT) { die("cannot get existing device map"); diff --git a/cmd/snap-confine/snap-confine.c b/cmd/snap-confine/snap-confine.c index 2743336952b..4c2ef524dfc 100644 --- a/cmd/snap-confine/snap-confine.c +++ b/cmd/snap-confine/snap-confine.c @@ -371,6 +371,9 @@ int main(int argc, char **argv) { CAP_CHOWN, // file ownership CAP_FOWNER, // to create tmp dir with sticky bit CAP_SYS_PTRACE, // to inspect the mount namespace of PID1 + // TODO: when removing the manual adjustment to memlock limit, remove this capability as well. + // The capability is to support the logic needed for 5.11 kernels. + CAP_SYS_RESOURCE, // to raise memlock limit before setting up device eBPF program. }; /* We may be invoking tools such as snap-update-ns or snap-discard which are diff --git a/cmd/snap-confine/snap-confine.caps b/cmd/snap-confine/snap-confine.caps index d73457f1034..20f74001df2 100644 --- a/cmd/snap-confine/snap-confine.caps +++ b/cmd/snap-confine/snap-confine.caps @@ -1 +1 @@ -cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setgid,cap_setuid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setgid,cap_setuid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p diff --git a/cmd/snap-confine/snap-confine.v2-only.caps b/cmd/snap-confine/snap-confine.v2-only.caps index 5bac99b1e0b..e06bbc1fda5 100644 --- a/cmd/snap-confine/snap-confine.v2-only.caps +++ b/cmd/snap-confine/snap-confine.v2-only.caps @@ -1 +1 @@ -cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p diff --git a/daemon/api_system_secureboot.go b/daemon/api_system_secureboot.go index 07c054e1a09..6cb08111caa 100644 --- a/daemon/api_system_secureboot.go +++ b/daemon/api_system_secureboot.go @@ -67,6 +67,11 @@ type securebootRequest struct { // blob is in the range from few kB to tens of kBs Payload string `json:"payload,omitempty"` + // Payloads is the same as Payload, but as a list of multiple + // ordered payloads to be applied. It is not valid to have both + // Payload and Payloads defined at the same time. + Payloads []string `json:"payloads,omitempty"` + // KeyDatabase is used with efi-secureboot-db-prepare action, and indicates the // secureboot keys database which is a target of the action, possible values are // PK, KEK, DB, DBX @@ -110,9 +115,12 @@ func (r *securebootRequest) Validate() error { return fmt.Errorf("invalid key database %q", r.KeyDatabase) } - if len(r.Payload) == 0 { + if len(r.Payload) == 0 && len(r.Payloads) == 0 { return errors.New("update payload not provided") } + if len(r.Payload) != 0 && len(r.Payloads) != 0 { + return errors.New("both single payload and multiple payloads provided") + } default: return fmt.Errorf("unsupported EFI secure boot action %q", r.Action) } @@ -151,9 +159,26 @@ func postSystemSecurebootActionJSON(c *Command, r *http.Request) Response { var fdestateEFISecurebootDBUpdatePrepare = fdestate.EFISecurebootDBUpdatePrepare func postSystemActionEFISecurebootUpdateDBPrepare(c *Command, req *securebootRequest) Response { - payload, err := base64.StdEncoding.DecodeString(req.Payload) - if err != nil { - return BadRequest("cannot decode payload: %v", err) + var payloads [][]byte + switch { + case len(req.Payload) != 0 && len(req.Payloads) != 0: + return BadRequest("cannot use both single payload and multiple payloads") + case len(req.Payload) != 0: + payload, err := base64.StdEncoding.DecodeString(req.Payload) + if err != nil { + return BadRequest("cannot decode payload: %v", err) + } + payloads = append(payloads, payload) + case len(req.Payloads) != 0: + for _, rawPayload := range req.Payloads { + payload, err := base64.StdEncoding.DecodeString(rawPayload) + if err != nil { + return BadRequest("cannot decode payload: %v", err) + } + payloads = append(payloads, payload) + } + default: + return BadRequest("cannot find payload") } keyDatabase, err := keyDatabaseFromString(req.KeyDatabase) @@ -163,7 +188,7 @@ func postSystemActionEFISecurebootUpdateDBPrepare(c *Command, req *securebootReq err = fdestateEFISecurebootDBUpdatePrepare(c.d.state, keyDatabase, - payload) + payloads) if err != nil { return BadRequest("cannot notify of update prepare: %v", err) } diff --git a/daemon/api_system_secureboot_test.go b/daemon/api_system_secureboot_test.go index 2cf52a2535d..13e17fe1c6a 100644 --- a/daemon/api_system_secureboot_test.go +++ b/daemon/api_system_secureboot_test.go @@ -48,7 +48,7 @@ func (s *systemSecurebootSuite) SetUpTest(c *C) { Interfaces: []string{"fwupd"}, }) - s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error { + s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error { panic("unexpected call") })) s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdateCleanup(func(st *state.State) error { @@ -215,23 +215,37 @@ func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareBadPayloadDBX(c func (s *systemSecurebootSuite) testEFISecurebootUpdateDBPrepareHappyForKind( c *C, kind fdestate.EFISecurebootKeyDatabase, + multiplePayloads bool, ) { s.daemon(c) updatePrepareCalls := 0 - s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error { + s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error { c.Check(db, Equals, kind) - c.Check(payload, DeepEquals, []byte("payload")) + if multiplePayloads { + c.Check(payloads, DeepEquals, [][]byte{[]byte("payload2"), []byte("payload3")}) + } else { + c.Check(payloads, DeepEquals, [][]byte{[]byte("payload")}) + } updatePrepareCalls++ return nil })) updateKindStr := kind.String() - body, err := json.Marshal(map[string]any{ + bodyRaw := map[string]any{ "action": "efi-secureboot-update-db-prepare", "key-database": updateKindStr, - "payload": base64.StdEncoding.EncodeToString([]byte("payload")), - }) + } + if multiplePayloads { + bodyRaw["payloads"] = []string{ + base64.StdEncoding.EncodeToString([]byte("payload2")), + base64.StdEncoding.EncodeToString([]byte("payload3")), + } + } else { + bodyRaw["payload"] = base64.StdEncoding.EncodeToString([]byte("payload")) + } + + body, err := json.Marshal(bodyRaw) c.Assert(err, IsNil) req, err := http.NewRequest("POST", "/v2/system-secureboot", bytes.NewReader(body)) c.Assert(err, IsNil) @@ -245,16 +259,28 @@ func (s *systemSecurebootSuite) testEFISecurebootUpdateDBPrepareHappyForKind( } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyPK(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyPKMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyKEK(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyKEKMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDB(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBX(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBXMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX, true) } func (s *systemSecurebootSuite) TestSecurebootRequestValidate(c *C) { @@ -287,6 +313,14 @@ func (s *systemSecurebootSuite) TestSecurebootRequestValidate(c *C) { } c.Check(r.Validate(), ErrorMatches, `update payload not provided`) + r = daemon.SecurebootRequest{ + Action: "efi-secureboot-update-db-prepare", + Payload: "MAo=", + Payloads: []string{"MQo=", "Mgo="}, + KeyDatabase: "DBX", + } + c.Check(r.Validate(), ErrorMatches, `both single payload and multiple payloads provided`) + // valid for _, r := range []daemon.SecurebootRequest{{ Action: "efi-secureboot-update-db-prepare", diff --git a/daemon/export_api_system_secureboot_test.go b/daemon/export_api_system_secureboot_test.go index bca83e348c7..dd32a70b161 100644 --- a/daemon/export_api_system_secureboot_test.go +++ b/daemon/export_api_system_secureboot_test.go @@ -28,7 +28,7 @@ import ( type SecurebootRequest = securebootRequest func MockFdestateEFISecurebootDBUpdatePrepare( - f func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error, + f func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error, ) (restore func()) { restore = testutil.Backup(&fdestateEFISecurebootDBUpdatePrepare) fdestateEFISecurebootDBUpdatePrepare = f diff --git a/go.mod b/go.mod index 2584637e30c..7c1b6120de8 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/mvo5/libseccomp-golang v0.9.1-0.20180308152521-f4de83b52afb // old trusty builds only github.com/seccomp/libseccomp-golang v0.9.2-0.20220502024300-f57e1d55ea18 github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785 - github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340 + github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829 golang.org/x/crypto v0.23.0 golang.org/x/net v0.21.0 // indirect golang.org/x/sys v0.21.0 diff --git a/go.sum b/go.sum index 054f468e6e3..8151fc6c083 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785 h1:PaunR+BhraK github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785/go.mod h1:D3SsWAXK7wCCBZu+Vk5hc1EuKj/L3XN1puEMXTU4LrQ= github.com/snapcore/maze.io-x-crypto v0.0.0-20190131090603-9b94c9afe066 h1:InG0EmriMOiI4YgtQNOo+6fNxzLCYioo3Q3BCVLdMCE= github.com/snapcore/maze.io-x-crypto v0.0.0-20190131090603-9b94c9afe066/go.mod h1:VuAdaITF1MrGzxPU+8GxagM1HW2vg7QhEFEeGHbmEMU= -github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340 h1:Djqa+9z3rnJE+cBdiWKCIa/pfc/VaroesvfP+EH9Ncs= -github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340/go.mod h1:BeEYaTJC4cqXVgpjjxajO31p2kVDvXwXJJx3YD7nCaE= +github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829 h1:9qeADnUPs/YhO0tty+j2zxi9dUI2Bn96y9Nc9XOKTOk= +github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829/go.mod h1:BeEYaTJC4cqXVgpjjxajO31p2kVDvXwXJJx3YD7nCaE= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= diff --git a/interfaces/builtin/camera.go b/interfaces/builtin/camera.go index b531a3a2386..ce811332c5d 100644 --- a/interfaces/builtin/camera.go +++ b/interfaces/builtin/camera.go @@ -35,7 +35,7 @@ const cameraBaseDeclarationSlots = ` const cameraConnectedPlugAppArmor = ` # Until we have proper device assignment, allow access to all cameras -###PROMPT### /dev/video[0-9]* rw, +###PROMPT### /dev/video[0-9]* rwk, # VideoCore cameras (shared device with VideoCore/EGL) ###PROMPT### /dev/vchiq rw, diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go index 228c7b1ea4b..08cbcbe8a4a 100644 --- a/interfaces/seccomp/template.go +++ b/interfaces/seccomp/template.go @@ -182,6 +182,13 @@ getpgid getpgrp getpid getppid +# Note that pidfd_open semantics differs from the traditional pid handling. +# Any process can open the pid of any other process in its pid namespace. What +# is further controlled depends on the relationship between the two processes +# and the capabilities of the calling process. Because of this, we allow +# pidfd_open unconditionally here and rely on the kernel to enforce proper +# access control. +pidfd_open getpriority getrandom getresgid @@ -265,6 +272,7 @@ arm_fadvise64_64 mbind membarrier memfd_create +memfd_secret mincore mkdir mkdirat diff --git a/overlord/fdestate/backend/reseal.go b/overlord/fdestate/backend/reseal.go index 6539736f8f2..5ad6e1f2114 100644 --- a/overlord/fdestate/backend/reseal.go +++ b/overlord/fdestate/backend/reseal.go @@ -447,7 +447,7 @@ func recalculateParamatersTPM(parameters *updatedParameters, rootdir string, inp pbcJSON, _ := json.Marshal(pbc) logger.Debugf("resealing (%d) to boot chains: %s", nextCount, pbcJSON) - err := updateRunProtectionProfile(parameters, runOnlyPbc, pbc, inputs.signatureDBUpdate, params.RoleToBlName, checkResult) + err := updateRunProtectionProfile(parameters, runOnlyPbc, pbc, inputs.signatureDBUpdates, params.RoleToBlName, checkResult) if err != nil { return err } @@ -474,7 +474,7 @@ func recalculateParamatersTPM(parameters *updatedParameters, rootdir string, inp rpbcJSON, _ := json.Marshal(rpbc) logger.Debugf("resealing (%d) to recovery boot chains: %s", nextFallbackCount, rpbcJSON) - err := updateFallbackProtectionProfile(parameters, rpbc, inputs.signatureDBUpdate, params.RoleToBlName, checkResult) + err := updateFallbackProtectionProfile(parameters, rpbc, inputs.signatureDBUpdates, params.RoleToBlName, checkResult) if err != nil { return err } @@ -504,7 +504,7 @@ func anyClassicModel(params ...*secboot.SealKeyModelParams) bool { func updateRunProtectionProfile( parameters *updatedParameters, pbcRunOnly, pbcWithRecovery boot.PredictableBootChains, - sigDbxUpdate []byte, + sigDbxUpdates []secboot.DbUpdate, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -525,10 +525,10 @@ func updateRunProtectionProfile( return fmt.Errorf("at least one set of model-specific parameters is required") } - if len(sigDbxUpdate) > 0 { + if len(sigDbxUpdates) > 0 { logger.Debug("attaching DB update payload") - attachSignatureDbxUpdate(modelParams, sigDbxUpdate) - attachSignatureDbxUpdate(modelParamsRunOnly, sigDbxUpdate) + attachSignatureDbxUpdate(modelParams, sigDbxUpdates) + attachSignatureDbxUpdate(modelParamsRunOnly, sigDbxUpdates) } var pcrProfile []byte @@ -573,7 +573,7 @@ func updateRunProtectionProfile( func updateFallbackProtectionProfile( parameters *updatedParameters, pbc boot.PredictableBootChains, - sigDbxUpdate []byte, + sigDbxUpdates []secboot.DbUpdate, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -588,9 +588,9 @@ func updateFallbackProtectionProfile( return fmt.Errorf("at least one set of model-specific parameters is required") } - if len(sigDbxUpdate) > 0 { + if len(sigDbxUpdates) > 0 { logger.Debug("attaching DB update payload for fallback keys") - attachSignatureDbxUpdate(modelParams, sigDbxUpdate) + attachSignatureDbxUpdate(modelParams, sigDbxUpdates) } hasClassicModel := anyClassicModel(modelParams...) @@ -643,12 +643,12 @@ func ResealKeyForBootChains(manager FDEStateManager, method device.SealingMethod // boot chains and an optional signature DB update func ResealKeysForSignaturesDBUpdate( manager FDEStateManager, method device.SealingMethod, rootdir string, - params *boot.ResealKeyForBootChainsParams, dbUpdate []byte, + params *boot.ResealKeyForBootChainsParams, dbUpdate []secboot.DbUpdate, ) error { return resealKeys(manager, method, rootdir, resealInputs{ - bootChains: params.BootChains, - signatureDBUpdate: dbUpdate, + bootChains: params.BootChains, + signatureDBUpdates: dbUpdate, }, resealOptions{ ExpectReseal: true, @@ -664,8 +664,8 @@ func ResealKeysForSignaturesDBUpdate( } type resealInputs struct { - bootChains boot.BootChains - signatureDBUpdate []byte + bootChains boot.BootChains + signatureDBUpdates []secboot.DbUpdate } type resealOptions struct { @@ -701,12 +701,12 @@ func resealKeys( return doReseal(manager, rootdir, method == device.SealingMethodFDESetupHook, inputs, opts) } -func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, update []byte) { - if len(update) == 0 { +func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, updates []secboot.DbUpdate) { + if len(updates) == 0 { return } for _, p := range params { - p.EFISignatureDbxUpdate = update + p.EFISignatureDbxUpdates = updates } } diff --git a/overlord/fdestate/backend/reseal_test.go b/overlord/fdestate/backend/reseal_test.go index 46072f2aa02..434905b5540 100644 --- a/overlord/fdestate/backend/reseal_test.go +++ b/overlord/fdestate/backend/reseal_test.go @@ -2548,7 +2548,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { c.Assert(modelParams, HasLen, 1) // same DBX update paylad is included for both run and recovery keys - c.Assert(modelParams[0].EFISignatureDbxUpdate, DeepEquals, []byte("dbx-payload")) + c.Assert(modelParams[0].EFISignatureDbxUpdates, DeepEquals, []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-payload")}}) return []byte(`"serialized-pcr-profile-with-dbx"`), nil }) @@ -2591,7 +2591,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { } err = backend.ResealKeysForSignaturesDBUpdate(myState, device.SealingMethodTPM, dirs.GlobalRootDir, - &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, []byte("dbx-payload")) + &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-payload")}}) c.Assert(err, IsNil) // reseal was called diff --git a/overlord/fdestate/export_test.go b/overlord/fdestate/export_test.go index 44e43f92297..b77051ce73b 100644 --- a/overlord/fdestate/export_test.go +++ b/overlord/fdestate/export_test.go @@ -63,7 +63,7 @@ func MockBackendResealKeyForBootChains(f func(manager backend.FDEStateManager, m return restore } -func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payload []byte) error) (restore func()) { +func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payloads []secboot.DbUpdate) error) (restore func()) { restore = testutil.Backup(&backendResealKeysForSignaturesDBUpdate) backendResealKeysForSignaturesDBUpdate = f return restore diff --git a/overlord/fdestate/fdemgr_test.go b/overlord/fdestate/fdemgr_test.go index f1f56ecfd28..9d872b2dbe3 100644 --- a/overlord/fdestate/fdemgr_test.go +++ b/overlord/fdestate/fdemgr_test.go @@ -118,7 +118,7 @@ func (s *fdeMgrSuite) SetUpTest(c *C) { panic("VerifyPrimaryKeyDigest is not mocked") })) s.AddCleanup(fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("BackendResealKeysForSignaturesDBUpdate not mocked") })) s.AddCleanup(fdestate.MockSecbootGetPCRHandle(func(devicePath, keySlot, keyFile string, hintExpectFDEHook bool) (uint32, error) { diff --git a/overlord/fdestate/secure_boot_update.go b/overlord/fdestate/secure_boot_update.go index bdb0d720cb4..399992cfc54 100644 --- a/overlord/fdestate/secure_boot_update.go +++ b/overlord/fdestate/secure_boot_update.go @@ -33,6 +33,7 @@ import ( "github.com/snapcore/snapd/overlord/snapstate" "github.com/snapcore/snapd/overlord/state" "github.com/snapcore/snapd/overlord/swfeats" + "github.com/snapcore/snapd/secboot" ) var ( @@ -67,7 +68,7 @@ func (db EFISecurebootKeyDatabase) String() string { // EFISecurebootDBUpdatePrepare notifies that the local EFI key // database manager is about to update the database. -func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, payload []byte) error { +func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, payloads [][]byte) error { method, err := device.SealedKeysMethod(dirs.GlobalRootDir) if err != nil { if err == device.ErrNoSealedKeys { @@ -87,7 +88,7 @@ func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, return err } - op, err := addEFISecurebootDBUpdateChange(st, method, db, payload) + op, err := addEFISecurebootDBUpdateChange(st, method, db, payloads) if err != nil { return err } @@ -234,9 +235,9 @@ func EFISecurebootDBManagerStartup(st *state.State) error { } type securebootUpdateContext struct { - Payload []byte `json:"payload"` - Method device.SealingMethod `json:"sealing-method"` - DB EFISecurebootKeyDatabase `json:"db"` + Payloads [][]byte `json:"payloads"` + Method device.SealingMethod `json:"sealing-method"` + DB EFISecurebootKeyDatabase `json:"db"` } // addEFISecurebootDBUpdateChange adds a state change related to the Secureboot @@ -245,7 +246,7 @@ func addEFISecurebootDBUpdateChange( st *state.State, method device.SealingMethod, db EFISecurebootKeyDatabase, - payload []byte, + payloads [][]byte, ) (*externalOperation, error) { // add a change carrying 2 tasks: // - efi-secureboot-db-update-prepare: with a noop do, but the undo handler @@ -269,9 +270,9 @@ func addEFISecurebootDBUpdateChange( chg.AddAll(ts) data, err := json.Marshal(securebootUpdateContext{ - Payload: payload, - Method: method, - DB: db, + Payloads: payloads, + Method: method, + DB: db, }) if err != nil { return nil, err @@ -330,6 +331,7 @@ func postUpdateReseal(mgr *FDEManager, unlocker boot.Unlocker, method device.Sea Options: boot.ResealKeyToModeenvOptions{ ExpectReseal: true, RevokeOldKeys: true, + Force: true, }, } return mgr.resealKeyForBootChains(unlocker, method, dirs.GlobalRootDir, params) @@ -361,6 +363,25 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To return fmt.Errorf("cannot unmarshal Secureboot Key Database context data: %v", err) } + var database secboot.KeyDatabase + switch updateData.DB { + case EFISecurebootPK: + database = secboot.KeyDatabasePK + case EFISecurebootKEK: + database = secboot.KeyDatabaseKEK + case EFISecurebootDB: + database = secboot.KeyDatabaseDB + case EFISecurebootDBX: + database = secboot.KeyDatabaseDBX + default: + return fmt.Errorf("unknown key database %v", updateData.DB) + } + + var updates []secboot.DbUpdate + for _, payload := range updateData.Payloads { + updates = append(updates, secboot.DbUpdate{Database: database, Payload: payload}) + } + err = func() error { mgr := fdeMgr(st) @@ -368,7 +389,7 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To // TODO: are we logging too much? logger.Debugf("attempting reseal for Secureboot Key Database") logger.Debugf("boot chains: %v\n", bc) - logger.Debugf("Secureboot Key Database payload: %x", updateData.Payload) + logger.Debugf("Secureboot Key Database payload: %v", updateData.Payloads) params := &boot.ResealKeyForBootChainsParams{ BootChains: bc, @@ -379,7 +400,7 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To FDEManager: mgr, unlocker: st.Unlocker(), }, - updateData.Method, dirs.GlobalRootDir, params, updateData.Payload, + updateData.Method, dirs.GlobalRootDir, params, updates, ) }, updateData.Method) }() diff --git a/overlord/fdestate/secure_boot_update_test.go b/overlord/fdestate/secure_boot_update_test.go index 65775b871dc..4fd60a78667 100644 --- a/overlord/fdestate/secure_boot_update_test.go +++ b/overlord/fdestate/secure_boot_update_test.go @@ -56,7 +56,7 @@ func (s *fdeMgrSuite) testEFISecurebootNoSealedKeysForKind( // make sure the state is true c.Assert(err, Equals, device.ErrNoSealedKeys) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -74,7 +74,7 @@ func (s *fdeMgrSuite) testEFISecurebootNoSealedKeysForKind( err = fdestate.EFISecurebootDBManagerStartup(st) c.Assert(err, IsNil) - err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) err = fdestate.EFISecurebootDBUpdateCleanup(st) @@ -105,7 +105,7 @@ func (s *fdeMgrSuite) TestEFISecurebootStartupClean(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -140,12 +140,23 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(mgr, NotNil) c.Check(params.Options.RevokeOldKeys, Equals, false) c.Check(params.RunModeBootChains, HasLen, 1) - c.Check(update, DeepEquals, []byte("payload")) + var expectedDatabase secboot.KeyDatabase + switch kind { + case fdestate.EFISecurebootPK: + expectedDatabase = secboot.KeyDatabasePK + case fdestate.EFISecurebootKEK: + expectedDatabase = secboot.KeyDatabaseKEK + case fdestate.EFISecurebootDB: + expectedDatabase = secboot.KeyDatabaseDB + case fdestate.EFISecurebootDBX: + expectedDatabase = secboot.KeyDatabaseDBX + } + c.Check(updates, DeepEquals, []secboot.DbUpdate{{Database: expectedDatabase, Payload: []byte("payload")}}) // normally executed by the backend code c.Check(mgr.Update("run", "default", &backend.SealingParameters{ @@ -160,7 +171,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -176,7 +187,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( Kind: "fde-efi-secureboot-db-update", ChangeID: "1", Context: []byte( - fmt.Sprintf(`{"payload":"cGF5bG9hZA==","sealing-method":"tpm","db":%d}`, kind)), + fmt.Sprintf(`{"payloads":["cGF5bG9hZA=="],"sealing-method":"tpm","db":%d}`, kind)), Status: fdestate.DoingStatus, }) c.Check(fdeSt.KeyslotRoles, DeepEquals, map[string]fdestate.KeyslotRoleInfo{ @@ -255,7 +266,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -265,7 +276,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -282,7 +293,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( err = func() error { st.Unlock() defer st.Lock() - return fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + return fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) }() c.Assert(err, DeepEquals, &snapstate.ChangeConflictError{ ChangeKind: "fde-efi-secureboot-db-update", @@ -323,7 +334,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictFDEChangeForKind( chg.AddTask(tsk) st.Unlock() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, ErrorMatches, "FDE change in progress, no other FDE changes allowed until this is done") } @@ -360,7 +371,7 @@ func (s *fdeMgrSuite) TestEFISecurebootPrepareConflictOperationNotInDoingYet(c * s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -430,14 +441,14 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSnapChangesForKind( c.Assert(rmTasks, NotNil) chg.AddAll(rmTasks) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { c.Fatalf("unexpected call") return fmt.Errorf("unexpected call") })() st.Unlock() defer st.Lock() - err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, DeepEquals, &snapstate.ChangeConflictError{ ChangeKind: "kernel-snap-remove", Snap: "pc-kernel", @@ -478,7 +489,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndCleanupRunningActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -507,7 +518,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndCleanupRunningActionForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -625,7 +636,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndUnexpectedStartupActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -654,7 +665,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndUnexpectedStartupActionForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -813,7 +824,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAbortForKind( resealForDBUpdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUpdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -831,7 +842,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAbortForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -947,7 +958,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateResealFailedAbortsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return fmt.Errorf("mock error") @@ -963,7 +974,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateResealFailedAbortsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, ErrorMatches, "(?sm).*cannot perform initial reseal of keys for Secureboot Key Database update: mock error.*") st.Lock() @@ -1035,7 +1046,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdatePostUpdateResealFailedForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1051,7 +1062,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdatePostUpdateResealFailedForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -1163,7 +1174,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateUndoResealFailsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1180,7 +1191,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateUndoResealFailsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -1276,7 +1287,7 @@ func (s *fdeMgrSuite) TestEFISecurebootCleanupNoChange(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -1441,7 +1452,7 @@ func (s *fdeMgrSuite) testEFISecurebootOperationAddWaitForKind( st, device.SealingMethodTPM, kind, - []byte("payload 1"), + [][]byte{[]byte("payload 1")}, ) c.Assert(err, IsNil) @@ -1449,7 +1460,7 @@ func (s *fdeMgrSuite) testEFISecurebootOperationAddWaitForKind( st, device.SealingMethodTPM, kind, - []byte("payload 2"), + [][]byte{[]byte("payload 2")}, ) c.Assert(err, IsNil) @@ -1543,7 +1554,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictingSnapsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1564,7 +1575,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictingSnapsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index a23421d12d8..6420f38e58d 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -11,7 +11,7 @@ pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd' 'libcap' 'apparmor') optdepends=('bash-completion: bash completion support' 'xdg-desktop-portal: desktop integration') -pkgver=2.74 +pkgver=2.74.1 pkgrel=1 arch=('x86_64' 'i686' 'armv7h' 'aarch64') url="https://github.com/snapcore/snapd" diff --git a/packaging/debian-sid/changelog b/packaging/debian-sid/changelog index 917e341c825..1a6122f1b89 100644 --- a/packaging/debian-sid/changelog +++ b/packaging/debian-sid/changelog @@ -1,3 +1,19 @@ +snapd (2.74.1-1) unstable; urgency=medium + + * New upstream release, LP: #2138629 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + + -- Ernest Lotter Fri, 06 Feb 2026 19:40:03 +0200 + snapd (2.74-1) unstable; urgency=medium * New upstream release, LP: #2138629 diff --git a/packaging/fedora/snapd.spec b/packaging/fedora/snapd.spec index ff016cbf0a6..fb8250669e8 100644 --- a/packaging/fedora/snapd.spec +++ b/packaging/fedora/snapd.spec @@ -72,10 +72,10 @@ # only required to use snapd in user namespaces when the host system uses # cgroup-v1 hierarchy. Since no actively supported Fedora release uses cgroup # v1, those capabilities are omitted. -%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p %if 0%{?amzn2} == 1 # However on AMZN2 we still have cgroup-v1, so setgid and setuid are needed. -%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setuid,cap_setgid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setuid,cap_setgid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p %endif # Until we have a way to add more extldflags to gobuild macro... @@ -114,7 +114,7 @@ %endif Name: snapd -Version: 2.74 +Version: 2.74.1 Release: 0%{?dist} Summary: A transactional software package manager License: GPL-3.0-only @@ -1008,6 +1008,19 @@ fi %endif %changelog +* Fri Feb 06 2026 Ernest Lotter +- New upstream release 2.74.1 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + * Tue Jan 20 2026 Ernest Lotter - New upstream release 2.74 - FDE: use new activation API from secboot diff --git a/packaging/opensuse/snapd.changes b/packaging/opensuse/snapd.changes index e6da5361755..fff0026fc32 100644 --- a/packaging/opensuse/snapd.changes +++ b/packaging/opensuse/snapd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 06 17:40:03 UTC 2026 - ernest.lotter@canonical.com + +- Update to upstream release 2.74.1 + ------------------------------------------------------------------- Tue Jan 20 16:54:17 UTC 2026 - ernest.lotter@canonical.com diff --git a/packaging/opensuse/snapd.spec b/packaging/opensuse/snapd.spec index 1d1ccf735d2..48cf57fbb58 100644 --- a/packaging/opensuse/snapd.spec +++ b/packaging/opensuse/snapd.spec @@ -100,7 +100,7 @@ Name: snapd -Version: 2.74 +Version: 2.74.1 Release: 0 Summary: Tools enabling systems to work with .snap files License: GPL-3.0 diff --git a/packaging/ubuntu-16.04/changelog b/packaging/ubuntu-16.04/changelog index 14afbedd692..146fad28acb 100644 --- a/packaging/ubuntu-16.04/changelog +++ b/packaging/ubuntu-16.04/changelog @@ -1,3 +1,19 @@ +snapd (2.74.1) xenial; urgency=medium + + * New upstream release, LP: #2138629 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + + -- Ernest Lotter Fri, 06 Feb 2026 19:40:03 +0200 + snapd (2.74) xenial; urgency=medium * New upstream release, LP: #2138629 diff --git a/secboot/secboot.go b/secboot/secboot.go index 8b6139f6ea6..1ee46b5f726 100644 --- a/secboot/secboot.go +++ b/secboot/secboot.go @@ -102,6 +102,20 @@ type ModelForSealing interface { SignKeyID() string } +type KeyDatabase int + +const ( + KeyDatabasePK KeyDatabase = iota + KeyDatabaseKEK + KeyDatabaseDB + KeyDatabaseDBX +) + +type DbUpdate struct { + Database KeyDatabase + Payload []byte +} + // TODO:FDEM: rename and drop Model from the name? type SealKeyModelParams struct { // The snap model @@ -113,7 +127,7 @@ type SealKeyModelParams struct { KernelCmdlines []string // TODO:FDEM: move this somewhere else? // The content of an update to EFI DBX - EFISignatureDbxUpdate []byte + EFISignatureDbxUpdates []DbUpdate } type TPMProvisionMode int diff --git a/secboot/secboot_sb_test.go b/secboot/secboot_sb_test.go index 8540cfe9f65..cb88cb2529b 100644 --- a/secboot/secboot_sb_test.go +++ b/secboot/secboot_sb_test.go @@ -39,6 +39,7 @@ import ( "strings" "time" + efilib "github.com/canonical/go-efilib" "github.com/canonical/go-tpm2" "github.com/canonical/go-tpm2/linux" "github.com/canonical/go-tpm2/mu" @@ -1477,7 +1478,7 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { expectedErr string oldKeyFiles bool buildProfileErr string - dbxUpdate []byte + dbxUpdates []secboot.DbUpdate revoke bool noDmaProtection bool // Preinstall check was used to determine for encryption availability at install time @@ -1490,11 +1491,11 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { // happy case with check result available on disk and AllowInsufficientDmaProtection true {tpmEnabled: true, resealCalls: 1, noDmaProtection: true, hasCheckResult: true}, // happy case with check result available on disk and DBX update - {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdate: []byte("dbx-update")}, + {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdates: []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-update")}}}, // happy case with key files {tpmEnabled: true, keyDataInFile: true, usePrimaryKeyFile: true, resealCalls: 1}, // happy case with DBX update - {tpmEnabled: true, resealCalls: 1, dbxUpdate: []byte("dbx-update")}, + {tpmEnabled: true, resealCalls: 1, dbxUpdates: []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-update")}}}, // happy case, old keys {tpmEnabled: true, resealCalls: 1, revokeCalls: 1, oldKeyFiles: true}, // happy case, revoke (new keys) @@ -1540,10 +1541,10 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { modelParams := []*secboot.SealKeyModelParams{ { - EFILoadChains: []*secboot.LoadChain{secboot.NewLoadChain(mockEFI)}, - KernelCmdlines: []string{"cmdline"}, - Model: &asserts.Model{}, - EFISignatureDbxUpdate: tc.dbxUpdate, + EFILoadChains: []*secboot.LoadChain{secboot.NewLoadChain(mockEFI)}, + KernelCmdlines: []string{"cmdline"}, + Model: &asserts.Model{}, + EFISignatureDbxUpdates: tc.dbxUpdates, }, } @@ -1589,12 +1590,22 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { ) } - var dbUpdateOption sb_efi.PCRProfileOption = sb_efi.WithSignatureDBUpdates() - if len(tc.dbxUpdate) > 0 { - dbUpdateOption = sb_efi.WithSignatureDBUpdates([]*sb_efi.SignatureDBUpdate{ - {Name: sb_efi.Dbx, Data: tc.dbxUpdate}, - }...) + var dbxUpdates []*sb_efi.SignatureDBUpdate + for _, u := range tc.dbxUpdates { + var db efilib.VariableDescriptor + switch u.Database { + case secboot.KeyDatabasePK: + db = sb_efi.PK + case secboot.KeyDatabaseKEK: + db = sb_efi.KEK + case secboot.KeyDatabaseDB: + db = sb_efi.Db + case secboot.KeyDatabaseDBX: + db = sb_efi.Dbx + } + dbxUpdates = append(dbxUpdates, &sb_efi.SignatureDBUpdate{Name: db, Data: u.Payload}) } + var dbUpdateOption sb_efi.PCRProfileOption = sb_efi.WithSignatureDBUpdates(dbxUpdates...) // add dbUpdateOption (applicable to both preinstall check based and legacy PCR configuration) expectedOptions = append( diff --git a/secboot/secboot_tpm.go b/secboot/secboot_tpm.go index 61265a5adf2..1ca9482f999 100644 --- a/secboot/secboot_tpm.go +++ b/secboot/secboot_tpm.go @@ -30,6 +30,7 @@ import ( "path/filepath" "strings" + efilib "github.com/canonical/go-efilib" "github.com/canonical/go-tpm2" "github.com/canonical/go-tpm2/mu" sb "github.com/snapcore/secboot" @@ -815,11 +816,24 @@ func buildPCRProtectionProfile(modelParams []*SealKeyModelParams, checkResult *P // all models have the same dbx data, get it from the first one var dbUpdates []*sb_efi.SignatureDBUpdate - if len(modelParams) > 0 && len(modelParams[0].EFISignatureDbxUpdate) > 0 { - dbUpdates = append(dbUpdates, &sb_efi.SignatureDBUpdate{ - Name: sb_efi.Dbx, - Data: modelParams[0].EFISignatureDbxUpdate, - }) + if len(modelParams) > 0 { + for _, update := range modelParams[0].EFISignatureDbxUpdates { + var db efilib.VariableDescriptor + switch update.Database { + case KeyDatabasePK: + db = sb_efi.PK + case KeyDatabaseKEK: + db = sb_efi.KEK + case KeyDatabaseDB: + db = sb_efi.Db + case KeyDatabaseDBX: + db = sb_efi.Dbx + } + dbUpdates = append(dbUpdates, &sb_efi.SignatureDBUpdate{ + Name: db, + Data: update.Payload, + }) + } } // build PCR protection policy @@ -884,10 +898,21 @@ func buildPCRProtectionProfileLegacy(modelParams []*SealKeyModelParams, allowIns for _, mp := range modelParams { var updateDB []*sb_efi.SignatureDBUpdate - if len(mp.EFISignatureDbxUpdate) > 0 { + for _, update := range mp.EFISignatureDbxUpdates { + var db efilib.VariableDescriptor + switch update.Database { + case KeyDatabasePK: + db = sb_efi.PK + case KeyDatabaseKEK: + db = sb_efi.KEK + case KeyDatabaseDB: + db = sb_efi.Db + case KeyDatabaseDBX: + db = sb_efi.Dbx + } updateDB = append(updateDB, &sb_efi.SignatureDBUpdate{ - Name: sb_efi.Dbx, - Data: mp.EFISignatureDbxUpdate, + Name: db, + Data: update.Payload, }) } diff --git a/spread.yaml b/spread.yaml index 69fdacbc0df..ddc2f7c4686 100644 --- a/spread.yaml +++ b/spread.yaml @@ -153,10 +153,11 @@ backends: workers: 8 - ubuntu-20.04-64: image: ubuntu-2004-64 - storage: 15G + storage: 16G workers: 8 - ubuntu-secboot-20.04-64: image: ubuntu-2004-64 + storage: 16G workers: 1 secure-boot: true - ubuntu-22.04-64: @@ -331,11 +332,11 @@ backends: workers: 14 - ubuntu-24.04-64: image: ubuntu-2404-64-virt-enabled - storage: 25G + storage: 30G workers: 14 - ubuntu-26.04-64: image: ubuntu-2604-64-virt-enabled - storage: 25G + storage: 30G workers: 14 google-nested-arm: @@ -495,11 +496,11 @@ backends: workers: 12 - ubuntu-24.04-64: image: snapd-spread/ubuntu-24.04-64 - storage: 25G + storage: 30G workers: 12 - ubuntu-26.04-64: image: snapd-spread/ubuntu-26.04-64 - storage: 25G + storage: 30G workers: 12 openstack-validation: @@ -554,8 +555,8 @@ backends: openstack-arm-ext: type: openstack key: '$(HOST: echo "$OS_CREDENTIALS_ARM64_PS7")' - plan: shared.medium.arm64 - halt-timeout: 2h + plan: shared.large.arm64 + halt-timeout: 3h wait-timeout: 10m groups: [default] proxy: ingress-haproxy.ps7.canonical.com @@ -608,9 +609,6 @@ backends: - ubuntu-24.04-64: image: snapd-spread/ubuntu-24.04-64 workers: 8 - - ubuntu-25.04-64: - image: snapd-spread/ubuntu-25.04-64 - workers: 8 - ubuntu-25.10-64: image: snapd-spread/ubuntu-25.10-64 workers: 8 diff --git a/tests/core/auto-refresh-backoff-after-reboot/task.yaml b/tests/core/auto-refresh-backoff-after-reboot/task.yaml index c63c0d3b38e..ca3a5216d2f 100644 --- a/tests/core/auto-refresh-backoff-after-reboot/task.yaml +++ b/tests/core/auto-refresh-backoff-after-reboot/task.yaml @@ -15,14 +15,15 @@ environment: # SNAP_NAME/gadget: pc # SNAP_ID/gadget: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | # Prevent refreshes until we have right snap revisions snap set system refresh.hold=forever @@ -45,21 +46,15 @@ prepare: | snap ack "$BLOB_DIR/asserts/developer1.account-key" restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" snap set system refresh.hold! debug: | - tests.exec is-skipped && exit 0 - snap debug api /v2/changes?select=ready | gojq "[.result[] | select(.kind == \"auto-refresh\")] | sort_by(.id|tonumber)" execute: | - tests.exec is-skipped && exit 0 - # The daemon is configured to point to the fake store "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" diff --git a/tests/core/config-defaults-once/task.yaml b/tests/core/config-defaults-once/task.yaml index 596a91e60f7..262b8882191 100644 --- a/tests/core/config-defaults-once/task.yaml +++ b/tests/core/config-defaults-once/task.yaml @@ -14,11 +14,12 @@ systems: [ubuntu-core-18-*] environment: GADGET_FILE: gadget-defaults.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -46,10 +47,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -103,11 +100,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # XXX: this should work once it is possible to install snapd on core SNAP=snapd SERVICES="ssh rsyslog" diff --git a/tests/core/custom-device-reg-extras/task.yaml b/tests/core/custom-device-reg-extras/task.yaml index 9a7e6f6141d..32aa89459d5 100644 --- a/tests/core/custom-device-reg-extras/task.yaml +++ b/tests/core/custom-device-reg-extras/task.yaml @@ -9,11 +9,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -47,10 +48,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket fakedevicesvc @@ -73,11 +70,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/custom-device-reg-serial-request/task.yaml b/tests/core/custom-device-reg-serial-request/task.yaml index b3a79ff56f2..cf404ba23fb 100644 --- a/tests/core/custom-device-reg-serial-request/task.yaml +++ b/tests/core/custom-device-reg-serial-request/task.yaml @@ -8,11 +8,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -46,10 +47,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket fakedevicesvc @@ -72,11 +69,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/custom-device-reg/task.yaml b/tests/core/custom-device-reg/task.yaml index 6167a0614b1..bcb02853213 100644 --- a/tests/core/custom-device-reg/task.yaml +++ b/tests/core/custom-device-reg/task.yaml @@ -8,11 +8,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -45,10 +46,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -72,11 +69,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/enable-disable-units-gpio/task.yaml b/tests/core/enable-disable-units-gpio/task.yaml index 574535bbedb..df6332bd4ee 100644 --- a/tests/core/enable-disable-units-gpio/task.yaml +++ b/tests/core/enable-disable-units-gpio/task.yaml @@ -12,15 +12,14 @@ details: | systems: [ubuntu-core-*-64] -prepare: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi +skip: + - reason: This tests needs a fake 'gpio-pin' interface + if: | + # Core images created using spread have a fake "gpio-pin" interface. + # Official images do not. Only run the test if the interface is present + not snap interfaces | grep -q gpio-pin +prepare: | echo "Create/enable fake gpio" tests.systemd create-and-start-unit fake-gpio "$TESTSLIB/fakegpio/fake-gpio.py" "[Unit]\\nBefore=snap.snapd.interface.gpio-100.service\\n[Service]\\nType=notify" @@ -31,26 +30,10 @@ prepare: | snap connect gpio-consumer:gpio :gpio-pin restore: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi - tests.systemd stop-unit --remove fake-gpio umount /sys/class/gpio || true execute: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi - echo "Then the snap service units concerning the gpio device must be run before and after a reboot" expected="Started|Finished snap.snapd.interface.gpio-100.service" "$TESTSTOOLS"/journal-state match-log -n 60 --wait 1 "$expected" diff --git a/tests/core/failover/task.yaml b/tests/core/failover/task.yaml index 2a60041d3e6..c79bdf1cc3a 100644 --- a/tests/core/failover/task.yaml +++ b/tests/core/failover/task.yaml @@ -36,17 +36,18 @@ environment: # pc-kernel snap is specific to x86-64 SNAP_ID_pc_kernel: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if [ "$TARGET_SNAP" = "kernel" ] && os.query is-arm; then - tests.exec skip-test "variant not supported on ARM architectures" && exit 0 - fi - if [ "$TARGET_SNAP" = "kernel" ] && os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Variant not supported on ARM architectures + if: | + [ "$TARGET_SNAP" = "kernel" ] && os.query is-arm + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + [ "$TARGET_SNAP" = "kernel" ] && os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" snap ack "$TESTSLIB/assertions/developer1.account" snap ack "$TESTSLIB/assertions/developer1.account-key" @@ -55,22 +56,16 @@ prepare: | mkdir -p "$BUILD_DIR" restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BUILD_DIR" debug: | - tests.exec is-skipped && exit 0 - snap debug boot-vars || true snap list || true snap changes || true execute: | - tests.exec is-skipped && exit 0 - inject_rclocalcrash_failure(){ chmod a+x "$BUILD_DIR/unpack/etc/rc.local" cat < "$BUILD_DIR/unpack/etc/rc.local" diff --git a/tests/core/gadget-config-defaults-to-snaps/task.yaml b/tests/core/gadget-config-defaults-to-snaps/task.yaml index 7e3219baf30..d294cb1d1d5 100644 --- a/tests/core/gadget-config-defaults-to-snaps/task.yaml +++ b/tests/core/gadget-config-defaults-to-snaps/task.yaml @@ -18,20 +18,18 @@ environment: SERVICE/ssh_oneline: ssh GADGET_FILE/ssh_oneline: gadget-ssh-oneline.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: The service to test does not exist in the core18 system + if: | + [ "$SERVICE" = "rsyslog" ] && os.query is-core18 + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh - if [ "$SERVICE" = "rsyslog" ] && os.query is-core18; then - echo "The service to test does not exist in the core18 system, skipping..." - touch "${SERVICE}.skip" - exit - fi - SUFFIX="$(get_test_snap_suffix)" systemctl stop snapd.service snapd.socket @@ -95,15 +93,6 @@ prepare: | snap install --edge "test-snapd-with-default-configure${SUFFIX}" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if [ -f "${SERVICE}.skip" ]; then - echo "The service to test does not exist in the system, skipping..." - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -157,14 +146,6 @@ restore: | rm -rf "/var/snap/test-snapd-with-configure${SUFFIX}" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ -f "${SERVICE}.skip" ]; then - echo "The service to test does not exist in the system, skipping..." - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/gadget-config-defaults-vitality/task.yaml b/tests/core/gadget-config-defaults-vitality/task.yaml index 3fbde31f0f6..b5cd14827a0 100644 --- a/tests/core/gadget-config-defaults-vitality/task.yaml +++ b/tests/core/gadget-config-defaults-vitality/task.yaml @@ -14,11 +14,12 @@ systems: [ubuntu-core-1*] environment: GADGET_FILE/vitality_hint: gadget-vitality-hint.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -71,10 +72,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -110,10 +107,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/gadget-kernel-refs-update-pc/task.yaml b/tests/core/gadget-kernel-refs-update-pc/task.yaml index 062a68c929e..721b5964b49 100644 --- a/tests/core/gadget-kernel-refs-update-pc/task.yaml +++ b/tests/core/gadget-kernel-refs-update-pc/task.yaml @@ -23,17 +23,17 @@ environment: # uploading a large snap makes OOM kill snapd SNAPD_NO_MEMORY_LIMIT: 1 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if os.query is-arm; then - tests.exec skip-test "Test not supported on arm architecture" && exit 0 - fi - if os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Test not supported on arm architecture + if: os.query is-arm + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" readlink /snap/pc/current > pc-revision.txt @@ -98,8 +98,6 @@ prepare: | systemctl restart snapd restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" # XXX: ideally we would restore the kernel/gadget here but the kernel # restore requires a reboot :/ @@ -109,8 +107,6 @@ restore: | systemctl restart snapd execute: | - tests.exec is-skipped && exit 0 - if [ "$SPREAD_REBOOT" = 0 ]; then # first install the gadget that knows about the kernel # (but no edition bump so this will install fine) diff --git a/tests/core/gadget-update-pc/task.yaml b/tests/core/gadget-update-pc/task.yaml index f099a29d2d8..34927a6ff36 100644 --- a/tests/core/gadget-update-pc/task.yaml +++ b/tests/core/gadget-update-pc/task.yaml @@ -11,18 +11,14 @@ environment: PC_SNAP_ID: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH START_REVISION: 1000 -prepare: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: This test needs a host using 'pc' gadget snap + if: not snap list pc +prepare: | # Set the retain count to 4 to ensure we keep the current gadget snap # intact and can roll back to it. This is easier to get right than to # manually fiddle with re-installing it. @@ -107,17 +103,6 @@ prepare: | fi restore: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" # Restore the state of the gadget snap. @@ -129,17 +114,6 @@ restore: | snap unset core refresh.retain execute: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi - # XXX: the test hardcodes a bunch of locations # - 'BIOS Boot' and 'EFI System' are modified during the update # - 'EFI System' is mounted at /boot/efi diff --git a/tests/core/generic-device-reg/task.yaml b/tests/core/generic-device-reg/task.yaml index 6d9a43a13ca..1de46c9211b 100644 --- a/tests/core/generic-device-reg/task.yaml +++ b/tests/core/generic-device-reg/task.yaml @@ -10,12 +10,12 @@ details: | # which we don't have currently systems: [ubuntu-core-18*] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | systemctl stop snapd.service snapd.socket rm -rf /var/lib/snapd/assertions/* rm -rf /var/lib/snapd/device @@ -31,12 +31,7 @@ prepare: | systemctl start snapd.service snapd.socket restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - #shellcheck source=tests/lib/core-config.sh + #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket @@ -55,11 +50,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/iio/task.yaml b/tests/core/iio/task.yaml index d6e1d19a4a2..ae06aefbfec 100644 --- a/tests/core/iio/task.yaml +++ b/tests/core/iio/task.yaml @@ -11,12 +11,12 @@ details: | systems: [ubuntu-core-*-64] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Mock IIO device node and give it some content we can verify # the test snap can read. echo "iio-0" > /dev/iio:device0 @@ -28,18 +28,9 @@ prepare: | snap connect iio-consumer:iio core:iio0 restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -f /dev/iio:device0 execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Checks the snap can read from the IIO device node" SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" test "$("$SNAP_MOUNT_DIR"/bin/iio-consumer.read)" = "iio-0" diff --git a/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml b/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml index a0b11a5f40d..c2092e2df54 100644 --- a/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml +++ b/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml @@ -26,6 +26,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -46,11 +50,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml b/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml index f28aceeb78a..80edadeb167 100644 --- a/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml +++ b/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml @@ -24,6 +24,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -44,11 +48,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml b/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml index d5fb7fc6c91..1b3a1565ac2 100644 --- a/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml +++ b/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml @@ -18,6 +18,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -33,11 +37,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-single-reboot/task.yaml b/tests/core/kernel-base-gadget-single-reboot/task.yaml index e17f5b390b8..80f8f62305e 100644 --- a/tests/core/kernel-base-gadget-single-reboot/task.yaml +++ b/tests/core/kernel-base-gadget-single-reboot/task.yaml @@ -18,6 +18,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -33,11 +37,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/mem-cgroup-disabled/task.yaml b/tests/core/mem-cgroup-disabled/task.yaml index 4c36b790037..9a28e3be0b9 100644 --- a/tests/core/mem-cgroup-disabled/task.yaml +++ b/tests/core/mem-cgroup-disabled/task.yaml @@ -17,12 +17,11 @@ systems: [ubuntu-core-2*] environment: SVC_UNIT: /etc/systemd/system/snap.test-snapd-simple-service.test-snapd-simple-service.service -prepare: | - if not os.query is-pc-amd64; then - echo "Skipping non-grub device test" - exit 0 - fi +skip: + - reason: This is a non-grub device + if: not os.query is-pc-amd64 +prepare: | echo "Create copy of gadget snap with cgroup_disable=memory set in cmdline.extra" PC_REV=$(snap list pc | tail -n +2 | awk '{print $3}') sudo cp "/var/lib/snapd/snaps/pc_$PC_REV.snap" pc-gadget.snap @@ -54,10 +53,6 @@ restore: | systemctl restart snapd execute: | - if not os.query is-pc-amd64; then - echo "Skipping non-grub device test" - exit 0 - fi case "$SPREAD_REBOOT" in 0) # ensure memory cgroups is enabled to start diff --git a/tests/core/remove-user/task.yaml b/tests/core/remove-user/task.yaml index 8a0aced2317..d5b84f89eeb 100644 --- a/tests/core/remove-user/task.yaml +++ b/tests/core/remove-user/task.yaml @@ -13,28 +13,20 @@ environment: USER_EMAIL: mvo@ubuntu.com USER_NAME: mvo -prepare: | - # Note: make this test work with the user already created in the device - if [ "$(snap managed)" = "true" ]; then - # Leave a file indicating the device was initially managed - touch managed.device +skip: + - reason: This device is initially managed + if: | + # Note: make this test work with the user already created in the device + [ "$(snap managed)" = "true" ] - exit 0 - fi +prepare: | snap create-user --sudoer "$USER_EMAIL" restore: | - if [ -e managed.device ]; then - exit 0 - fi userdel --extrausers -r "$USER_NAME" || true rm -rf "/etc/sudoers.d/create-user-$USER_NAME" execute: | - if [ -e managed.device ]; then - exit 0 - fi - echo "precondition check: user in passwd" id "$USER_NAME" echo "precondition check: has sudoer file" diff --git a/tests/core/snap-auto-import-asserts-spools/task.yaml b/tests/core/snap-auto-import-asserts-spools/task.yaml index c6177640b88..938467c4d19 100644 --- a/tests/core/snap-auto-import-asserts-spools/task.yaml +++ b/tests/core/snap-auto-import-asserts-spools/task.yaml @@ -14,11 +14,12 @@ details: | systems: [ubuntu-core-*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Ensure the testrootorg-store.account-key is not already added" output=$(snap known account-key | grep -c "name: test-store" || true) if [ "$output" != "0" ]; then @@ -35,17 +36,9 @@ prepare: | sync restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/auto-import/* execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Simulate a not running snapd (happens on e.g. early boot)" systemctl stop snapd.service snapd.socket diff --git a/tests/core/snap-auto-import-asserts/task.yaml b/tests/core/snap-auto-import-asserts/task.yaml index 1ea187ce2c0..496db5aaefd 100644 --- a/tests/core/snap-auto-import-asserts/task.yaml +++ b/tests/core/snap-auto-import-asserts/task.yaml @@ -14,11 +14,12 @@ details: | systems: [ubuntu-core-*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Ensure the testrootorg-store.account-key is not already added" output=$(snap known account-key | grep -c "name: test-store" || true) if [ "$output" != "0" ]; then @@ -35,17 +36,9 @@ prepare: | sync restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi umount /mnt execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "$(snap auto-import) imports assertions from the mounted ramdisk" snap auto-import snap known account-key | MATCH "name: test-store" diff --git a/tests/core/snap-auto-mount/task.yaml b/tests/core/snap-auto-mount/task.yaml index dc61a3843fa..eb0e68b93e7 100644 --- a/tests/core/snap-auto-mount/task.yaml +++ b/tests/core/snap-auto-mount/task.yaml @@ -26,12 +26,12 @@ systems: # qemu instead of trying to fake it with a dm device. # - ubuntu-core-24-64 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Install dmsetup" snap install --devmode --edge dmsetup @@ -73,19 +73,11 @@ prepare: | udevadm settle restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi dmsetup -v --noudevsync --noudevrules remove dm-ram0 debug: | "$TESTSTOOLS"/journal-state get-log -b | tail -100 execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "The auto-mount magic has given us the assertion" retry -n 5 sh -c 'snap known account-key | MATCH "name: test-store"' diff --git a/tests/core/snap-repair/task.yaml b/tests/core/snap-repair/task.yaml index 5f768dc35fa..a29156ca060 100644 --- a/tests/core/snap-repair/task.yaml +++ b/tests/core/snap-repair/task.yaml @@ -9,11 +9,6 @@ environment: STORE_ADDR: localhost:11028 restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | diff --git a/tests/core/snapd-refresh-vs-services-reboots/task.yaml b/tests/core/snapd-refresh-vs-services-reboots/task.yaml index 85e4d5e2c5d..8a1aa8d5867 100644 --- a/tests/core/snapd-refresh-vs-services-reboots/task.yaml +++ b/tests/core/snapd-refresh-vs-services-reboots/task.yaml @@ -26,6 +26,11 @@ environment: SNAPD_2_49_2_ARM64: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11584.snap SNAPD_2_49_2_ARMHF: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11586.snap +skip: + - reason: Test designed for amd64 and arm architectures + if: | + ! os.query is-pc-amd64 && ! os.query is-arm + prepare: | # save the version of snapd from the PR to refresh to later INITIAL_REV=$(snap list snapd | tail -n +2 | awk '{print $3}') @@ -47,11 +52,6 @@ prepare: | snap version | MATCH 2.49.2 execute: | - if ! os.query is-pc-amd64 && ! os.query is-arm; then - echo "architecture not supported for this variant" - exit 0 - fi - if [ "$SPREAD_REBOOT" = "0" ]; then # install the special service snap which will fail to startup every other time # it is started diff --git a/tests/core/snapd-refresh-vs-services/task.yaml b/tests/core/snapd-refresh-vs-services/task.yaml index 65ca1396eb6..dc338951744 100644 --- a/tests/core/snapd-refresh-vs-services/task.yaml +++ b/tests/core/snapd-refresh-vs-services/task.yaml @@ -41,6 +41,11 @@ environment: SNAPD_2_49_2_ARM64: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11584.snap SNAPD_2_49_2_ARMHF: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11586.snap +skip: + - reason: Test designed for amd64 and arm architectures + if: | + ! os.query is-pc-amd64 && ! os.query is-arm + prepare: | # save the current version of snapd for later INITIAL_REV=$(snap list snapd | tail -n +2 | awk '{print $3}') @@ -55,21 +60,6 @@ prepare: | tests.cleanup defer snap unset system refresh.retain execute: | - # check if snapd 2.49.2 is the current latest/stable release as it simplifies - # some of the logic below - if snap info snapd | gojq --yaml-input -r '.channels."latest/stable"' | grep -q -Po '2.49.2\s+'; then - # skip the stable variant of the test - if [ "${SNAPD_VERSION_UNDER_TEST}" = "stable" ]; then - echo "Skipping duplicated test case" - exit 0 - fi - fi - - if ! os.query is-pc-amd64 && ! os.query is-arm; then - echo "architecture not supported for this variant" - exit 0 - fi - echo "Ensure that the system is fully seeded" snap changes | MATCH "Done.*Initialize system state" diff --git a/tests/core/uboot-unpacked-assets/task.yaml b/tests/core/uboot-unpacked-assets/task.yaml index 996d2eddc3e..6391537f5ba 100644 --- a/tests/core/uboot-unpacked-assets/task.yaml +++ b/tests/core/uboot-unpacked-assets/task.yaml @@ -14,12 +14,11 @@ environment: NAME/initrdimg: initrd.img NAME/kernelimg: kernel.img -execute: | - if snap list pc; then - echo "Neither kernel.img not initrd.img in images with pc gadget installed" - exit - fi +skip: + - reason: Neither kernel.img not initrd.img in images with pc gadget installed + if: snap list pc +execute: | if os.query is-core-ge 20; then echo "Check that on UC20+, the kernel snap is extracted onto ubuntu-seed, not on ubuntu-boot" output=$(find /run/mnt/ubuntu-seed/systems/*/kernel/ -name "$NAME" ) diff --git a/tests/core/xdg-open-on-core/task.yaml b/tests/core/xdg-open-on-core/task.yaml index 7af0e78d3a8..2807a75a9d5 100644 --- a/tests/core/xdg-open-on-core/task.yaml +++ b/tests/core/xdg-open-on-core/task.yaml @@ -8,24 +8,18 @@ details: | The test verifies that the 'xdg-open' program is not supported in Ubuntu Core systems +skip: + - reason: The system has not systemd or dbus session + if: not tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore rm -f output.txt execute: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - # /usr/bin/xdg-open is a proxy that talks to snap userd not tests.session -u test exec /usr/bin/xdg-open https://snapcraft.io 2> output.txt MATCH "not supported on Ubuntu Core" < output.txt diff --git a/tests/lib/assertions/pc-kernel-snap-decl-extras.json b/tests/lib/assertions/pc-kernel-snap-decl-extras.json new file mode 100644 index 00000000000..775ab3ef230 --- /dev/null +++ b/tests/lib/assertions/pc-kernel-snap-decl-extras.json @@ -0,0 +1,26 @@ +{ + "format": "5", + "slots": { + "cuda-driver-libs": { + "allow-installation": "true" + }, + "egl-driver-libs": { + "allow-installation": "true" + }, + "gbm-driver-libs": { + "allow-installation": "true" + }, + "opengl-driver-libs": { + "allow-installation": "true" + }, + "opengles-driver-libs": { + "allow-installation": "true" + }, + "vulkan-driver-libs": { + "allow-installation": "true" + }, + "nvidia-video-driver-libs": { + "allow-installation": "true" + } + } +} diff --git a/tests/lib/fakestore/store/store.go b/tests/lib/fakestore/store/store.go index b59753f4a00..8d4cc707cdf 100644 --- a/tests/lib/fakestore/store/store.go +++ b/tests/lib/fakestore/store/store.go @@ -813,6 +813,7 @@ type detailsResultV2 struct { Confinement string `json:"confinement"` Type string `json:"type"` Resources []snapResourceResult `json:"resources,omitempty"` + SnapYAML string `json:"snap-yaml"` } type downloadInfo struct { @@ -937,6 +938,19 @@ func (s *Store) snapActionEndpoint(w http.ResponseWriter, req *http.Request) { return } + // include snap.yaml + f, err := snapfile.Open(sn.path) + if err != nil { + http.Error(w, fmt.Sprintf("cannot open snap container: %v", err.Error()), 500) + return + } + + snapYaml, err := f.ReadFile("meta/snap.yaml") + if err != nil { + http.Error(w, fmt.Sprintf("cannot read snap.yaml: %v", err.Error()), 500) + return + } + resources := make([]snapResourceResult, 0, len(sn.components)) for compName, comp := range sn.components { f, err := snapfile.Open(path.Join(comp.path)) @@ -979,6 +993,7 @@ func (s *Store) snapActionEndpoint(w http.ResponseWriter, req *http.Request) { Confinement: essInfo.Confinement, Type: essInfo.Type, Base: essInfo.Base, + SnapYAML: string(snapYaml), } if len(resources) > 0 { details.Resources = resources diff --git a/tests/lib/fakestore/store/store_test.go b/tests/lib/fakestore/store/store_test.go index 264b290767f..3534ba7bdda 100644 --- a/tests/lib/fakestore/store/store_test.go +++ b/tests/lib/fakestore/store/store_test.go @@ -749,6 +749,7 @@ func (s *storeTestSuite) TestSnapActionEndpoint(c *C) { "revision": float64(424242), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -796,6 +797,7 @@ func (s *storeTestSuite) TestSnapActionEndpointUsesLatest(c *C) { "revision": float64(2), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 2", }, }) } @@ -845,6 +847,7 @@ func (s *storeTestSuite) TestSnapActionEndpointChannel(c *C) { "revision": float64(1), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -894,6 +897,7 @@ func (s *storeTestSuite) TestSnapActionEndpointChannelRefreshAll(c *C) { "revision": float64(1), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -944,6 +948,7 @@ func (s *storeTestSuite) TestSnapActionEndpointAssertedWithRevision(c *C) { "revision": float64(rev.N), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: " + version, }, }) } @@ -1013,6 +1018,7 @@ func (s *storeTestSuite) TestSnapActionEndpointAssertedWithComponents(c *C) { "revision": float64(rev.N), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: " + version, }, } @@ -1090,6 +1096,7 @@ func (s *storeTestSuite) TestSnapActionEndpointWithAssertions(c *C) { "revision": float64(99), "confinement": "strict", "type": "app", + "snap-yaml": "name: foo\nversion: 10", }, }) } @@ -1133,6 +1140,7 @@ func (s *storeTestSuite) TestSnapActionEndpointRefreshAll(c *C) { "revision": float64(424242), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -1177,6 +1185,7 @@ func (s *storeTestSuite) TestSnapActionEndpointWithAssertionsInstall(c *C) { "revision": float64(99), "confinement": "strict", "type": "app", + "snap-yaml": "name: foo\nversion: 10", }, }) } @@ -1221,6 +1230,7 @@ func (s *storeTestSuite) TestSnapActionEndpointSnapWithBase(c *C) { "confinement": "strict", "type": "app", "base": "core20", + "snap-yaml": "name: test-snapd-tools\nversion: 1\nbase: core20", }, }) } @@ -1289,6 +1299,7 @@ func (s *storeTestSuite) TestSnapActionEndpointUnknownSnapAutoRefresh(c *C) { "confinement": "strict", "type": "app", "base": "core20", + "snap-yaml": "name: test-snapd-tools\nversion: 1\nbase: core20", }, }) } diff --git a/tests/lib/nested.sh b/tests/lib/nested.sh index 8be7bb98c4e..7a7b958b3fc 100755 --- a/tests/lib/nested.sh +++ b/tests/lib/nested.sh @@ -17,6 +17,7 @@ : "${NESTED_SIGN_SNAPS_FAKESTORE:=false}" : "${NESTED_REPACK_FOR_FAKESTORE:=false}" : "${NESTED_FAKESTORE_SNAP_DECL_PC_GADGET:=}" +: "${NESTED_FAKESTORE_SNAP_DECL_PC_KERNEL:=}" : "${NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL:=}" : "${NESTED_UBUNTU_IMAGE_PRESEED_KEY:=}" : "${NESTED_UBUNTU_SEED_SIZE:=}" @@ -754,7 +755,16 @@ nested_prepare_kernel() { # sign the pc-kernel snap with fakestore if requested if [ "$NESTED_SIGN_SNAPS_FAKESTORE" = "true" ]; then - "$TESTSTOOLS"/store-state make-snap-installable --noack "$NESTED_FAKESTORE_BLOB_DIR" "$(nested_get_extra_snaps_path)/$output_name" "$snap_id" + local extra_decl_args="" + local kernel_decl="$NESTED_FAKESTORE_SNAP_DECL_PC_KERNEL" + if [ -z "$kernel_decl" ] ; then + kernel_decl="$TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + if [ -n "$kernel_decl" ]; then + extra_decl_args="--extra-decl-json $kernel_decl" + fi + # shellcheck disable=SC2086 + "$TESTSTOOLS"/store-state make-snap-installable --noack $extra_decl_args "$NESTED_FAKESTORE_BLOB_DIR" "$(nested_get_extra_snaps_path)/$output_name" "$snap_id" fi fi } @@ -1505,7 +1515,13 @@ nested_start_core_vm_unit() { remote.exec "cloud-init status" || ret=$? if [ "$ret" -ne 0 ] && [ "$ret" -ne 2 ]; then echo "cloud-init finished with error $ret" - exit 1 + # FIXME: remove core26 case. + # See https://github.com/canonical/cloud-init/issues/6699 + if nested_is_core_26_system; then + echo "Ignoring error on core26 for now" + else + exit 1 + fi fi fi fi diff --git a/tests/lib/prepare-restore.sh b/tests/lib/prepare-restore.sh index 5263976ad96..4b892b9a41f 100755 --- a/tests/lib/prepare-restore.sh +++ b/tests/lib/prepare-restore.sh @@ -582,7 +582,12 @@ prepare_project() { ( cd "${GOHOME}" && apt-get download snapd snap-confine ) ;; *) - ( cd "${GOHOME}" && tests.pkgs download snapd snap-confine) + if os.query is-ubuntu-lt 26.04; then + ( cd "${GOHOME}" && tests.pkgs download snapd snap-confine) + else + # In Ubuntu 26.04+, the snap-confine transitional package was removed. + ( cd "${GOHOME}" && tests.pkgs download snapd) + fi ;; esac elif [ "$USE_PREBUILT_PACKAGES" = "true" ]; then diff --git a/tests/lib/prepare.sh b/tests/lib/prepare.sh index e7b3121c9de..4e96429cfcc 100755 --- a/tests/lib/prepare.sh +++ b/tests/lib/prepare.sh @@ -854,15 +854,25 @@ repack_core_snap_with_tweaks() { UNPACK_DIR="$(mktemp -d /tmp/core-unpack.XXXXXXXX)" unsquashfs -no-progress -f -d "$UNPACK_DIR" "$CORESNAP" - mkdir -p "$UNPACK_DIR"/etc/systemd/journald.conf.d - cat < "$UNPACK_DIR"/etc/systemd/journald.conf.d/to-console.conf + # determine destination directory for systemd configuration files + # core26+ uses /usr/share/factory/writable/system-data/etc/ + # core24 and earlier use /etc/ + local DEST_ETC + if [ -e "$UNPACK_DIR/usr/share/factory/writable" ]; then + DEST_ETC="$UNPACK_DIR/usr/share/factory/writable/system-data/etc" + else + DEST_ETC="$UNPACK_DIR/etc" + fi + + mkdir -p "$DEST_ETC"/systemd/journald.conf.d + cat < "$DEST_ETC"/systemd/journald.conf.d/to-console.conf [Journal] ForwardToConsole=yes TTYPath=/dev/ttyS0 MaxLevelConsole=debug EOF - mkdir -p "$UNPACK_DIR"/etc/systemd/system/snapd.service.d -cat < "$UNPACK_DIR"/etc/systemd/system/snapd.service.d/logging.conf + mkdir -p "$DEST_ETC"/systemd/system/snapd.service.d +cat < "$DEST_ETC"/systemd/system/snapd.service.d/logging.conf [Service] Environment=SNAPD_DEBUG_HTTP=7 SNAPD_DEBUG=1 SNAPPY_TESTING=1 SNAPD_CONFIGURE_HOOK_TIMEOUT=30s StandardOutput=journal+console @@ -870,7 +880,7 @@ StandardError=journal+console EOF if [ "${NESTED_REPACK_FOR_FAKESTORE-}" = "true" ]; then - cat < "$UNPACK_DIR"/etc/systemd/system/snapd.service.d/store.conf + cat < "$DEST_ETC"/systemd/system/snapd.service.d/store.conf [Service] Environment=SNAPPY_FORCE_API_URL=http://10.0.2.2:11028 EOF diff --git a/tests/lib/state.sh b/tests/lib/state.sh index 131f37e166c..6c8b7245cef 100755 --- a/tests/lib/state.sh +++ b/tests/lib/state.sh @@ -56,9 +56,8 @@ save_snapd_state() { break fi done - snapd_service_env=$(ls -d /etc/systemd/system/snapd.*.d || true) - snap_confine_profiles="$(ls /etc/apparmor.d/snap.snapd.* || true)" + shopt -s nullglob # shellcheck disable=SC2086 tar cf "$SNAPD_STATE_FILE" \ /var/lib/snapd \ @@ -70,9 +69,10 @@ save_snapd_state() { /etc/systemd/system/"$escaped_snap_mount_dir"-*core*.mount \ /etc/systemd/system/snapd.mounts.target.wants/"$escaped_snap_mount_dir"-*core*.mount \ /etc/systemd/system/multi-user.target.wants/"$escaped_snap_mount_dir"-*core*.mount \ - $snap_confine_profiles \ + /etc/apparmor.d/snap.snapd.* \ $snapd_env \ - $snapd_service_env + /etc/systemd/system/snapd.*.d + shopt -u nullglob systemctl daemon-reload # Workaround for http://paste.ubuntu.com/17735820/ core="$(readlink -f "$SNAP_MOUNT_DIR/core/current")" diff --git a/tests/lib/tools/build_kernel_with_comps.sh b/tests/lib/tools/build_kernel_with_comps.sh index 99c13b4d19f..7eabdf90ea7 100755 --- a/tests/lib/tools/build_kernel_with_comps.sh +++ b/tests/lib/tools/build_kernel_with_comps.sh @@ -39,15 +39,19 @@ description: kernel component for testing purposes EOF # Replace _ or - with [_-], as it can be any of these glob_mod_name=$(printf '%s' "$mod_name" | sed -r 's/[-_]/[-_]/g') - module_path=$(find kernel -name "${glob_mod_name}.ko*") + # TODO: search only in kernel/modules to avoid duplicates (pc-kernel in + # 26/edge has both modules/ and lib/modules/). remove this hack once + # the kernel snap is fixed + module_path=$(find kernel/modules -name "${glob_mod_name}.ko*") cp "$module_path" "$comp_ko_dir" snap pack --filename="${kernel_name}+${comp_name}".comp "$comp_name" # Create kernel without the kernel module rm "$module_path" - # depmod wants a lib subdir - mkdir -p kernel/lib - ln -s ../modules kernel/lib/modules + if [ ! -e kernel/lib/modules ]; then + mkdir -p kernel/lib + ln -s ../modules kernel/lib/modules + fi depmod -b kernel/ "$kern_ver" rm "${kernel_snap_file}" # append component meta-information diff --git a/tests/lib/tools/tests.exec b/tests/lib/tools/tests.exec deleted file mode 100755 index d33ae520bbc..00000000000 --- a/tests/lib/tools/tests.exec +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -set -eu - -show_help() { - echo "usage: tests.exec skip-test [MSG]" - echo "usage: tests.exec is-skipped" - echo - echo "Supported commands:" - echo " skip-test: indicates the test has to be skipped and saves the raeson" - echo " is-skipped: check if the test has to be skipped and prints the raeson" -} - -skip_test() { - local raeson="${1:-}" - echo "$raeson" > tests.exec -} - -is_skipped() { - if [ -f tests.exec ]; then - echo "skip raeson: $(cat tests.exec)" - return 0 - fi - return 1 -} - -main() { - if [ $# -eq 0 ]; then - show_help - exit 0 - fi - - local subcommand="$1" - local action= - while [ $# -gt 0 ]; do - case "$subcommand" in - -h|--help) - show_help - exit 0 - ;; - *) - action=$(echo "$subcommand" | tr '-' '_') - shift - break - ;; - esac - done - - if [ -z "$(declare -f "$action")" ]; then - echo "tests.exec: no such command: $subcommand" - show_help - exit 1 - fi - - "$action" "$@" -} - -main "$@" diff --git a/tests/main/apparmor-prompting-prompt-restoration/task.yaml b/tests/main/apparmor-prompting-prompt-restoration/task.yaml index 8c6eaacf0ff..6f9c0122af7 100644 --- a/tests/main/apparmor-prompting-prompt-restoration/task.yaml +++ b/tests/main/apparmor-prompting-prompt-restoration/task.yaml @@ -11,11 +11,11 @@ details: | systems: - ubuntu-2* -prepare: | - if os.query is-kernel-lt 6.16; then - tests.exec skip-test "Requires AppArmor notification protocol v5+ which is only in ubuntu kernels 6.16+" && exit 0 - fi +skip: + - reason: Requires AppArmor notification protocol v5+ which is only in ubuntu kernels 6.16+ + if: os.query is-kernel-lt 6.16 +prepare: | echo "Check that the system AppArmor supports notification protocol v5" uname -a ls /sys/kernel/security/apparmor/features/policy @@ -42,8 +42,6 @@ prepare: | snap connect prompt-requester:home restore: | - tests.exec is-skipped && exit 0 - SNAPD_PID="$(systemctl show --property MainPID snapd.service | cut -f2 -d=)" echo "Remove any new listener ID file" @@ -62,8 +60,6 @@ restore: | snap remove test-snapd-prompt-handler debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check system info" @@ -74,8 +70,6 @@ debug: | tests.session -u test exec snap debug api /v2/interfaces/requests/prompts execute: | - tests.exec is-skipped && exit 0 - echo "Remove any existing listener ID file so snapd will register new listener" rm -f /run/snapd/interfaces-requests/listener-id diff --git a/tests/main/auto-refresh-private/task.yaml b/tests/main/auto-refresh-private/task.yaml index 7e8b9913b4f..8532c23c155 100644 --- a/tests/main/auto-refresh-private/task.yaml +++ b/tests/main/auto-refresh-private/task.yaml @@ -13,7 +13,7 @@ systems: [-ubuntu-core-*] skip: - reason: "Account store credentials are not available" if: | - [[ -z "$SPREAD_STORE_USER" || -z "$SPREAD_STORE_USER_PASSWORD" ]] + [[ -z "$SPREAD_STORE_USER" || -z "$SPREAD_STORE_PASSWORD" ]] restore: | snap logout || true diff --git a/tests/main/auto-refresh-retry/task.yaml b/tests/main/auto-refresh-retry/task.yaml index f0ce5e1e158..3cd0838647d 100644 --- a/tests/main/auto-refresh-retry/task.yaml +++ b/tests/main/auto-refresh-retry/task.yaml @@ -6,26 +6,23 @@ details: | systems: [-ubuntu-14.04-*] -restore: | - tests.exec is-skipped && exit 0 +skip: + - reason: This test fails when proxy is set for snapd + if: | + # TODO: Fix the issue + [ "${SNAPD_USE_PROXY:-}" = true ] +restore: | rm -f /etc/systemd/system/snapd.service.d/override.conf ip netns delete testns || true umount /run/netns || true debug: | - tests.exec is-skipped && exit 0 - systemctl cat snapd.service ip netns list || true ip netns pids testns || true execute: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - # TODO: Fix the issue - tests.exec skip-test "This test fails when proxy is set for snapd" && exit 0 - fi - echo "Install a snap from stable" snap install test-snapd-tools diff --git a/tests/main/base-policy/task.yaml b/tests/main/base-policy/task.yaml index 92d4aefb790..81a16da9b80 100644 --- a/tests/main/base-policy/task.yaml +++ b/tests/main/base-policy/task.yaml @@ -14,6 +14,11 @@ details: | policy. Until we have a core-only rule that can be tested here, we'll rely on unit tests to ensure that base snaps don't have core-only rules). +skip: + - reason: The system does not have strict confinement + if: | + [ "$(snap debug confinement)" != strict ] + prepare: | echo "Given basic snaps are installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core @@ -31,12 +36,6 @@ prepare: | fi execute: | - # technically only apparmor file mediation is needed but strict is what - # guarantees it is in use - if [ "$(snap debug confinement)" != strict ]; then - exit 0 - fi - # 'grep' is allowed explicitly in core rules and via glob rule in base # rules echo "Then 'grep --version' is allowed by core" diff --git a/tests/main/broken-seeding/task.yaml b/tests/main/broken-seeding/task.yaml index bb31276ed90..0bb2e683ebb 100644 --- a/tests/main/broken-seeding/task.yaml +++ b/tests/main/broken-seeding/task.yaml @@ -12,12 +12,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap pack "$TESTSLIB/snaps/basic18" snap download "--$CORE_CHANNEL" core @@ -48,20 +48,10 @@ prepare: | cp ./basic18_1.0_all.snap "$SEED_DIR/snaps/basic.snap" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Start the daemon with an empty state" systemctl start snapd.service diff --git a/tests/main/classic-custom-device-reg/task.yaml b/tests/main/classic-custom-device-reg/task.yaml index a82f1e0e97b..09334a9e477 100644 --- a/tests/main/classic-custom-device-reg/task.yaml +++ b/tests/main/classic-custom-device-reg/task.yaml @@ -14,12 +14,12 @@ kill-timeout: 5m environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/classic-gadget" snap download "--$CORE_CHANNEL" core @@ -52,16 +52,12 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-firstboot/task.yaml b/tests/main/classic-firstboot/task.yaml index 3daedca3dd6..1aabed39642 100644 --- a/tests/main/classic-firstboot/task.yaml +++ b/tests/main/classic-firstboot/task.yaml @@ -13,12 +13,12 @@ systems: [-ubuntu-core-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/basic" snap pack "$TESTSLIB/snaps/test-snapd-service" snap download "--$CORE_CHANNEL" core @@ -51,14 +51,10 @@ prepare: | cp ./test-snapd-service_1.0_all.snap "$SEED_DIR/snaps/test-snapd-service.snap" restore: | - tests.exec is-skipped && exit 0 - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - echo "Start the daemon with an empty state, this will make it import " echo "assertions from the $SEED_DIR/assertions subdirectory and " echo "install the seed snaps." diff --git a/tests/main/classic-prepare-image-no-core/task.yaml b/tests/main/classic-prepare-image-no-core/task.yaml index d52c45b3492..8cf125fe8dc 100644 --- a/tests/main/classic-prepare-image-no-core/task.yaml +++ b/tests/main/classic-prepare-image-no-core/task.yaml @@ -19,12 +19,12 @@ environment: STORE_ADDR: localhost:11028 SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" snap pack "$TESTSLIB/snaps/basic18" @@ -49,8 +49,6 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" @@ -59,8 +57,6 @@ restore: | rm -rf "$ROOT" execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-prepare-image/task.yaml b/tests/main/classic-prepare-image/task.yaml index c2d755b5df8..51c3ad7cc14 100644 --- a/tests/main/classic-prepare-image/task.yaml +++ b/tests/main/classic-prepare-image/task.yaml @@ -18,12 +18,12 @@ environment: STORE_ADDR: localhost:11028 SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" snap pack "$TESTSLIB/snaps/basic" @@ -48,8 +48,6 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" @@ -58,8 +56,6 @@ restore: | rm -rf "$ROOT" execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-snapd-firstboot/task.yaml b/tests/main/classic-snapd-firstboot/task.yaml index 98c7da85a11..951de2857fb 100644 --- a/tests/main/classic-snapd-firstboot/task.yaml +++ b/tests/main/classic-snapd-firstboot/task.yaml @@ -11,12 +11,13 @@ systems: [-ubuntu-core-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + # In this scenario, the keys from the snapd pkg are used + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/basic18" snap download "--$SNAPD_CHANNEL" snapd snap download core18 @@ -51,14 +52,10 @@ prepare: | cp ./basic18_1.0_all.snap "$SEED_DIR/snaps/basic18.snap" restore: | - tests.exec is-skipped && exit 0 - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - echo "Start the daemon with an empty state, this will make it import " echo "assertions from the $SEED_DIR/assertions subdirectory and " echo "install the seed snaps." diff --git a/tests/main/cloud-init/task.yaml b/tests/main/cloud-init/task.yaml index e366fd1d80f..13754420bb0 100644 --- a/tests/main/cloud-init/task.yaml +++ b/tests/main/cloud-init/task.yaml @@ -5,12 +5,12 @@ details: | to the snaps. Run the test on a live backend which sets instance data properly. -prepare: | - # TODO: revert this once cloud-init v25.1.4 is landed for arm - if os.query is-arm && os.query is-core && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "Openstack metadata service for configuration data cannot be accessed on arm64" && exit 0 - fi +skip: + - reason: This test is only valid for google and openstack backends that provide cloud info + if: | + ! [[ "$SPREAD_BACKEND" =~ google ]] && ! [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | cat < /etc/systemd/system/snapd.service.d/http-debug.conf [Service] Environment=SNAPD_DEBUG_HTTP=7 @@ -18,25 +18,14 @@ prepare: | systemctl restart snapd.service restore: | - tests.exec is-skipped && exit 0 rm /etc/systemd/system/snapd.service.d/http-debug.conf systemctl restart snapd.service execute: | - tests.exec is-skipped && exit 0 - if ! [[ "$SPREAD_BACKEND" =~ google ]] && ! [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "This test is only valid for google and openstack backends that provide cloud info" && exit 0 - fi - if [[ ! -e /run/cloud-init/instance-data.json ]]; then - echo "cloud-init instance data is required to execute the test" - - if os.query is-ubuntu && not os.query is-trusty; then - # we expect the test to run on all Ubuntu images excluding 14.04 - echo "the test expected to run on $SPREAD_SYSTEM" - exit 1 - fi - exit 0 + # we expect the test to run on all cloud images provided by google and openstack + echo "the test expected to have cloud-init instance data on $SPREAD_SYSTEM" + exit 1 fi get_conf() { diff --git a/tests/main/command-chain/task.yaml b/tests/main/command-chain/task.yaml index 46bbfeee019..689e06e7e9f 100644 --- a/tests/main/command-chain/task.yaml +++ b/tests/main/command-chain/task.yaml @@ -15,11 +15,12 @@ environment: BREADCRUMB: /var/snap/command-chain/current/breadcrumb ENVDUMP: /var/snap/command-chain/current/env -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | echo "Build command chain snap" snap pack command-chain snap install --dangerous command-chain_1.0_all.snap @@ -32,8 +33,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Test that command-chain runs for hooks" [ "$(cat "$BREADCRUMB")" = "chain1 chain2 configure" ] MATCH '^CHAIN_1_RAN=1$' < "$ENVDUMP" diff --git a/tests/main/confdb/task.yaml b/tests/main/confdb/task.yaml index 8f69b8038bb..2f12da3a2d5 100644 --- a/tests/main/confdb/task.yaml +++ b/tests/main/confdb/task.yaml @@ -7,6 +7,11 @@ details: | # the test snaps have a core24 base systems: [ -ubuntu-16.04 ] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | snap set system experimental.confdb=true snap set system experimental.parallel-instances=true @@ -16,11 +21,6 @@ restore: | snap unset system experimental.parallel-instances execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap ack "$TESTSLIB/assertions/developer1-network.confdb" "$TESTSTOOLS"/snaps-state install-local test-custodian-snap snap connect test-custodian-snap:manage-wifi diff --git a/tests/main/dbus-activation-name-conflict/task.yaml b/tests/main/dbus-activation-name-conflict/task.yaml index eec15896948..7a2793000d6 100644 --- a/tests/main/dbus-activation-name-conflict/task.yaml +++ b/tests/main/dbus-activation-name-conflict/task.yaml @@ -11,6 +11,11 @@ systems: # TODO: dbus issue - -ubuntu-core-22-* +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-system-systemd-and-dbus + prepare: | snap set system experimental.user-daemons=true @@ -18,11 +23,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-system-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus system bus" - exit 0 - fi - echo "Install a snap that provides the io.snapcraft.SnapDbusService session service" snap install --edge test-snapd-dbus-service test -f /var/lib/snapd/dbus-1/services/io.snapcraft.SnapDbusService.service diff --git a/tests/main/dbus-activation-session-legacy/task.yaml b/tests/main/dbus-activation-session-legacy/task.yaml index 0c90db85c8e..0f20ef927b8 100644 --- a/tests/main/dbus-activation-session-legacy/task.yaml +++ b/tests/main/dbus-activation-session-legacy/task.yaml @@ -7,6 +7,9 @@ details: | snap that provides an activatable D-Bus service, and verifying that the service is activated when a method call is made. +# ubuntu-core: systemd-run is not available +systems: [-ubuntu-core-*] + prepare: | snap set system experimental.user-daemons=true @@ -16,11 +19,6 @@ restore: | snap unset system experimental.user-daemons execute: | - # This filters out Ubuntu 14.04 and Ubuntu Core respectively - if [ "$(command -v systemd-run)" == "" ]; then - exit 0 - fi - cat << EOF > run-session-bus.sh #!/bin/sh cd $(pwd) diff --git a/tests/main/dbus-activation-session/task.yaml b/tests/main/dbus-activation-session/task.yaml index 59935ef32fd..4bb4c1b9158 100644 --- a/tests/main/dbus-activation-session/task.yaml +++ b/tests/main/dbus-activation-session/task.yaml @@ -6,10 +6,12 @@ details: | session, installing a snap that provides an activatable D-Bus service, and verifying that the service is activated when a method call is made. +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi # Ensure that snapd.session-agent.socket is enabled. This may not # be the case on distributions where presets have been used to # disable it. @@ -23,9 +25,6 @@ prepare: | tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore if [ -f agent-was-enabled ]; then systemctl --user --global disable snapd.session-agent.socket @@ -33,11 +32,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-session-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus session bus" - exit 0 - fi - echo "Install a snap containing an activatable D-Bus session service" snap install --edge test-snapd-dbus-service diff --git a/tests/main/dbus-activation-system/task.yaml b/tests/main/dbus-activation-system/task.yaml index df892d9dd33..c7fc0f5ef2d 100644 --- a/tests/main/dbus-activation-system/task.yaml +++ b/tests/main/dbus-activation-system/task.yaml @@ -5,6 +5,11 @@ details: | when a method call is made to them and that they are stopped when the snap is removed. +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-system-systemd-and-dbus + prepare: | snap set system experimental.user-daemons=true @@ -12,11 +17,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-system-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus system bus" - exit 0 - fi - echo "Install a snap containing an activatable D-Bus system service" snap install --edge test-snapd-dbus-service diff --git a/tests/main/debug-execution/task.yaml b/tests/main/debug-execution/task.yaml index d2f7a581e93..da949024c04 100644 --- a/tests/main/debug-execution/task.yaml +++ b/tests/main/debug-execution/task.yaml @@ -4,15 +4,16 @@ details: | This test checks that the command `snap debug execution` shows right outputs, but also verifies their correctness on the target systems +skip: + - reason: Snapd is from the archive and `debug execution`command could not be supported + if: | + # TODO: remove this check once snapd 2.65 is released (debian-12 missing) + tests.info is-snapd-from-archive + debug: | grep -n '' snap-*.out || true execute: | - # TODO: remove this check once snapd 2.65 is released - if tests.info is-snapd-from-archive; then - exit 0 - fi - snap debug execution snap > snap-default.out SNAP_REEXEC=0 snap debug execution snap > snap-no-reexec.out SNAP_REEXEC=1 snap debug execution snap > snap-yes-reexec.out diff --git a/tests/main/desktop-portal-filechooser/task.yaml b/tests/main/desktop-portal-filechooser/task.yaml index eb4fb43424d..e9a7e8b10e7 100644 --- a/tests/main/desktop-portal-filechooser/task.yaml +++ b/tests/main/desktop-portal-filechooser/task.yaml @@ -19,6 +19,10 @@ details: | # ubuntu-18.04-*: Ships xdg-desktop-portal 0.11 systems: [ubuntu-18.04-64, ubuntu-2*] +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -42,11 +46,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-open-file/task.yaml b/tests/main/desktop-portal-open-file/task.yaml index 1c9859f6afe..ec5b93144fd 100644 --- a/tests/main/desktop-portal-open-file/task.yaml +++ b/tests/main/desktop-portal-open-file/task.yaml @@ -15,6 +15,10 @@ systems: [ubuntu-18.04-64, ubuntu-2*] environment: EDITOR_HISTORY: /tmp/editor-history.txt +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -57,11 +61,6 @@ debug: | execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-open-uri/task.yaml b/tests/main/desktop-portal-open-uri/task.yaml index 60c75a8f665..3abf9c22962 100644 --- a/tests/main/desktop-portal-open-uri/task.yaml +++ b/tests/main/desktop-portal-open-uri/task.yaml @@ -12,6 +12,10 @@ systems: [ubuntu-18.04-64, ubuntu-2*] environment: BROWSER_HISTORY: /tmp/browser-history.txt +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -53,11 +57,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-screenshot/task.yaml b/tests/main/desktop-portal-screenshot/task.yaml index 11313e5d9e8..9d1f6177fa1 100644 --- a/tests/main/desktop-portal-screenshot/task.yaml +++ b/tests/main/desktop-portal-screenshot/task.yaml @@ -23,6 +23,10 @@ details: | # Expand as needed. systems: [ubuntu-18.04-64, ubuntu-2*] +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -45,11 +49,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/download-private/task.yaml b/tests/main/download-private/task.yaml index 5c474b21844..27e5db90832 100644 --- a/tests/main/download-private/task.yaml +++ b/tests/main/download-private/task.yaml @@ -11,6 +11,13 @@ details: | # no ubuntu-core: we don't have expect available nor can we install snapcraft systems: [ubuntu-1*-64, ubuntu-2*-64] +skip: + - reason: "Account store credentials are not available" + if: | + [ -z "$SPREAD_STORE_USER" ] || [ -z "$SPREAD_STORE_PASSWORD" ] + - reason: "Core is not supported" + if: os.query is-core + prepare: | echo "Install snapcraft from latest/candidate" snap install snapcraft --channel=latest/candidate --classic diff --git a/tests/main/download-timeout/task.yaml b/tests/main/download-timeout/task.yaml index c066f9fd05b..d2e6fa65e96 100644 --- a/tests/main/download-timeout/task.yaml +++ b/tests/main/download-timeout/task.yaml @@ -19,19 +19,15 @@ environment: SNAPD_DOWNLOAD_MEAS_WINDOW: 15s OVERRIDES_FILE: /etc/systemd/system/snapd.service.d/local.conf -prepare: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - # TODO: Fix the issue - tests.exec skip-test "This test fails when proxy is set for snapd" && exit 0 - fi - - device="$(ip route show default | awk '{print $5}')" - - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi +skip: + - reason: This test fails when proxy is set for snapd + if: | + # TODO: Fix the issue + [ "${SNAPD_USE_PROXY:-}" = true ] + - reason: tc fail to add a device in arm architecture with error -> "Cannot find device" + if: not os.query is-pc-amd64 +prepare: | cp "$OVERRIDES_FILE" "$OVERRIDES_FILE".bak sed "s/Environment=/Environment=SNAPD_MIN_DOWNLOAD_SPEED=${SNAPD_MIN_DOWNLOAD_SPEED} SNAPD_DOWNLOAD_MEAS_WINDOW=${SNAPD_DOWNLOAD_MEAS_WINDOW} /" -i "$OVERRIDES_FILE" @@ -39,14 +35,8 @@ prepare: | systemctl restart snapd.{socket,service} restore: | - tests.exec is-skipped && exit 0 - device="$(ip route show default | awk '{print $5}')" - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi # We need to skip this step in 23+ because it fails with error: # Error: Qdisc not classful. We have an error talking to the kernel # The test works well even after skipping this @@ -60,15 +50,8 @@ restore: | systemctl restart snapd.{socket,service} execute: | - tests.exec is-skipped && exit 0 - device="$(ip route show default | awk '{print $5}')" - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi - tc qdisc add dev "$device" ingress tc filter add dev "$device" root protocol ip u32 match u32 0 0 police rate 32kbit burst 16k drop flowid :1 tc filter add dev "$device" parent ffff: protocol ip u32 match u32 0 0 police rate 32kbit burst 16k drop flowid :1 diff --git a/tests/main/fakestore-install/task.yaml b/tests/main/fakestore-install/task.yaml index 7434d59aa8f..4a73d54f07e 100644 --- a/tests/main/fakestore-install/task.yaml +++ b/tests/main/fakestore-install/task.yaml @@ -10,19 +10,15 @@ systems: [-ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" # Ensure that "core" is installed as it is a pre-requisite of the base but diff --git a/tests/main/i18n/task.yaml b/tests/main/i18n/task.yaml index ab65df8a170..157ccd6d614 100644 --- a/tests/main/i18n/task.yaml +++ b/tests/main/i18n/task.yaml @@ -7,7 +7,7 @@ details: | systems: [-debian-sid-*] skip: - - if: os.query is_resolute + - if: os.query is_resolute || os.query is_noble reason: The Latvian translation is missing <> and causing the test to fail. Once that is fixed, the test should be renabled (in SNAPDENG-36202). restore: | diff --git a/tests/main/install-errors/task.yaml b/tests/main/install-errors/task.yaml index 85001b7bf23..d80b5d5f5e0 100644 --- a/tests/main/install-errors/task.yaml +++ b/tests/main/install-errors/task.yaml @@ -13,17 +13,16 @@ environment: SNAP_REEXEC/noreexec: 0 SNAP_REEXEC/withreexec: 1 -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | echo "Given a snap with a failing command is installed" "$TESTSTOOLS"/snaps-state install-local "$SNAP_NAME" execute: | - tests.exec is-skipped && exit 0 - echo "Install unexisting snap prints error" if snap install unexisting.canonical; then echo "Installing unexisting snap should fail" diff --git a/tests/main/install-refresh-private/task.yaml b/tests/main/install-refresh-private/task.yaml index c522dd3e18c..687f6cf3f44 100644 --- a/tests/main/install-refresh-private/task.yaml +++ b/tests/main/install-refresh-private/task.yaml @@ -10,6 +10,11 @@ details: | # we don't have expect available on ubuntu-core, so the authenticated check need to be skipped on those systems systems: [-ubuntu-core-*] +skip: + - reason: "Account store credentials are not available" + if: | + [ -z "$SPREAD_STORE_USER" ] || [ -z "$SPREAD_STORE_PASSWORD" ] + restore: | snap logout || true diff --git a/tests/main/install-sideload-epochs/task.yaml b/tests/main/install-sideload-epochs/task.yaml index ff8021402d2..ce7b3ad15d3 100644 --- a/tests/main/install-sideload-epochs/task.yaml +++ b/tests/main/install-sideload-epochs/task.yaml @@ -11,16 +11,16 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi snap pack test-snapd-epoch-1 snap pack test-snapd-epoch-2 execute: | - tests.exec is-skipped && exit 0 - rx="cannot refresh \"[^ \"]*\" to local snap with epoch [^ ]*, because it can't read the current epoch" snap try test-snapd-epoch-1 not snap try test-snapd-epoch-2 2> try.err diff --git a/tests/main/install-sideload/task.yaml b/tests/main/install-sideload/task.yaml index a2eda6d8279..4ca265a9ff9 100644 --- a/tests/main/install-sideload/task.yaml +++ b/tests/main/install-sideload/task.yaml @@ -13,11 +13,12 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | for snap in basic test-snapd-tools basic-desktop test-snapd-devmode snap-hooks-bad-install; do snap pack "$TESTSLIB"/snaps/$snap done @@ -30,8 +31,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Sideloaded snap shows status" expected='^basic 1.0 installed$' snap install --dangerous ./basic_1.0_all.snap | MATCH "$expected" diff --git a/tests/main/interface-static-attrs-update-on-refresh/task.yaml b/tests/main/interface-static-attrs-update-on-refresh/task.yaml index d3ea2adaa17..5ba1e8f57d1 100644 --- a/tests/main/interface-static-attrs-update-on-refresh/task.yaml +++ b/tests/main/interface-static-attrs-update-on-refresh/task.yaml @@ -8,6 +8,11 @@ details: | # changes to the base profile or contents of the core snap will never break the test systems: [-ubuntu-core-*] +skip: + - reason: Snap confinement is partial + if: | + [ "$(snap debug confinement)" = partial ] + prepare: | "$TESTSTOOLS"/snaps-state install-local test-snap-a-v1 "$TESTSTOOLS"/snaps-state install-local test-snap-b @@ -18,10 +23,6 @@ prepare: | tests.cleanup defer rm -rf /etc/foo /etc/bar execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi - snap info test-snap-a | MATCH "^installed: +version1" echo "test-snap-a reading /etc/foo, /etc/bar should fail." diff --git a/tests/main/interfaces-block-devices/task.yaml b/tests/main/interfaces-block-devices/task.yaml index 2979d7a7e0d..16a3ad6b7dd 100644 --- a/tests/main/interfaces-block-devices/task.yaml +++ b/tests/main/interfaces-block-devices/task.yaml @@ -8,7 +8,14 @@ prepare: | # identify which disk /var/snap lives on; we could use %Hd:%Ld, but not all # versions of coreutils support that, but it's not always obvious what the # device is if the host is using btrfs, or an alias such as /dev/root - maybe_partition_dev="$(df --output=source /var/snap | tail -n -1)" + if lsblk -f -o label,fstype | MATCH "ubuntu-data.*crypto_LUKS"; then + # This is the case when TPM is enabled and we're using FDE + # Now /var/snap is on an ubuntu-data volume made available through device + # mapper and will show up as disk, so it is required to find the parent partition + maybe_partition_dev=/dev/"$(lsblk -f -o label,fstype,name --raw | awk '/ubuntu-data.*crypto_LUKS/ { print $3 }')" + else + maybe_partition_dev="$(df --output=source /var/snap | tail -n -1)" + fi # we're expecting a partition udevadm info -q property "$maybe_partition_dev" | MATCH 'DEVTYPE=partition' # get the node name under /dev diff --git a/tests/main/interfaces-checkbox-support/task.yaml b/tests/main/interfaces-checkbox-support/task.yaml index e99b375c1e6..c6ca1088160 100644 --- a/tests/main/interfaces-checkbox-support/task.yaml +++ b/tests/main/interfaces-checkbox-support/task.yaml @@ -10,6 +10,10 @@ systems: # Systemd is too old to support passing stdio as file descriptors. - -amazon-linux-2-64 +skip: + - if: test -z "$(command -v plz-run)" + reason: The plz-run executable is missing + prepare: | snap pack test-snapd-checkbox-support snap install --dangerous ./test-snapd-checkbox-support_0.4_all.snap diff --git a/tests/main/interfaces-contacts-service/task.yaml b/tests/main/interfaces-contacts-service/task.yaml index 9d82bd12276..036749b18bd 100644 --- a/tests/main/interfaces-contacts-service/task.yaml +++ b/tests/main/interfaces-contacts-service/task.yaml @@ -35,14 +35,7 @@ restore: | tests.session -u test restore execute: | - if ! snap install --edge test-snapd-eds ; then - if [ "$SPREAD_SYSTEM" = ubuntu-16.04-64 ]; then - echo "The test-snapd-eds must be available on ubuntu-16.04-64" - exit 1 - fi - echo "SKIP: test-snapd-eds not available" - exit 0 - fi + snap install --edge test-snapd-eds echo "The interface is initially disconnected" snap interfaces -i contacts-service | MATCH -- '- +test-snapd-eds:contacts-service' diff --git a/tests/main/interfaces-content-compatibility/task.yaml b/tests/main/interfaces-content-compatibility/task.yaml index b70b93e90d5..07bfea77ff2 100644 --- a/tests/main/interfaces-content-compatibility/task.yaml +++ b/tests/main/interfaces-content-compatibility/task.yaml @@ -8,19 +8,15 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap set system experimental.content-compatibility-label=true snap install core24 diff --git a/tests/main/interfaces-cups-control-autoconnect/task.yaml b/tests/main/interfaces-cups-control-autoconnect/task.yaml index 39ce1062bc7..c53edd38d3c 100644 --- a/tests/main/interfaces-cups-control-autoconnect/task.yaml +++ b/tests/main/interfaces-cups-control-autoconnect/task.yaml @@ -17,12 +17,12 @@ systems: environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" @@ -56,10 +56,6 @@ prepare: | fi restore: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -f /etc/cups/cupsd.conf @@ -68,11 +64,6 @@ restore: | fi execute: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Install the cups-provider snap" "$TESTSTOOLS"/snaps-state install-local cups-provider diff --git a/tests/main/interfaces-custom-device-app-slot/task.yaml b/tests/main/interfaces-custom-device-app-slot/task.yaml index c7a8b243ef3..e994ce8dd18 100644 --- a/tests/main/interfaces-custom-device-app-slot/task.yaml +++ b/tests/main/interfaces-custom-device-app-slot/task.yaml @@ -14,12 +14,12 @@ systems: environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Install core snap to avoid installing it using the fake store if not snap list core; then snap install core @@ -76,18 +76,9 @@ prepare: | snap ack "${BLOB_DIR}"/asserts/*.snap-declaration restore: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Install the device-app snap" snap install device-app diff --git a/tests/main/interfaces-desktop-launch/task.yaml b/tests/main/interfaces-desktop-launch/task.yaml index d600e7ade1a..11928e63e5b 100644 --- a/tests/main/interfaces-desktop-launch/task.yaml +++ b/tests/main/interfaces-desktop-launch/task.yaml @@ -6,27 +6,22 @@ details: | systems: [-ubuntu-core-*] +skip: + - reason: This test needs systemd and dbus sessions to run + if: | + ! tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi snap remove --purge api-client || true tests.session -u test prepare tests.session -u test exec systemctl --user \ set-environment XDG_DATA_DIRS=/usr/share:/var/lib/snapd/desktop restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore rm -f ~test/snap/test-app/current/launch-data.txt execute: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - "$TESTSTOOLS"/snaps-state install-local api-client tests.cleanup defer snap remove --purge api-client diff --git a/tests/main/interfaces-gpio-memory-control/task.yaml b/tests/main/interfaces-gpio-memory-control/task.yaml index 36792f3b50b..553e26848e1 100644 --- a/tests/main/interfaces-gpio-memory-control/task.yaml +++ b/tests/main/interfaces-gpio-memory-control/task.yaml @@ -5,16 +5,16 @@ details: | systems: [ubuntu-core-18-arm-32*] +skip: + - reason: The /dev/gpiomem device does not exist in current system + if: | + ! [ -c /dev/gpiomem ] + prepare: | echo "Given the test-snapd-gpio-memory-control snap is installed" snap install test-snapd-gpio-memory-control execute: | - if ! [ -c /dev/gpiomem ]; then - echo "The /dev/gpiomem device does not exist in current system" - exit 0 - fi - echo "The interface is not connected by default" #shellcheck disable=SC1117 snap interfaces -i gpio-memory-control | MATCH '^- +test-snapd-gpio-memory-control:gpio-memory-control' diff --git a/tests/main/interfaces-kernel-module-control/task.yaml b/tests/main/interfaces-kernel-module-control/task.yaml index d1c29a82f61..4419c1717cc 100644 --- a/tests/main/interfaces-kernel-module-control/task.yaml +++ b/tests/main/interfaces-kernel-module-control/task.yaml @@ -24,6 +24,11 @@ environment: MODULE: minix MODULE_PATH: /lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko +skip: + - reason: minix module not available in the system + if: | + ! [ -f "/lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko" ] + prepare: | echo "Given a snap declaring a plug on the kernel-module-control interface is installed" snap install --edge test-snapd-kernel-module-consumer @@ -49,11 +54,6 @@ debug: | ls -R /lib/modules/"$(uname -r)"/kernel/fs execute: | - if ! [ -f "/lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko" ]; then - echo "$MODULE module not available in the system" - exit 0 - fi - echo "The plug is disconnected by default" snap interfaces -i kernel-module-control | MATCH '^- +test-snapd-kernel-module-consumer:kernel-module-control' diff --git a/tests/main/interfaces-libvirt/task.yaml b/tests/main/interfaces-libvirt/task.yaml index 22fb8a45164..245f8a5de34 100644 --- a/tests/main/interfaces-libvirt/task.yaml +++ b/tests/main/interfaces-libvirt/task.yaml @@ -15,12 +15,11 @@ details: | systems: [ubuntu-2*] -prepare: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi +skip: + - reason: The snap test-snapd-libvirt-consumer is just available for amd64 + if: not os.query is-pc-amd64 +prepare: | # Given test user is added to the libvirt group adduser test libvirt @@ -47,11 +46,6 @@ prepare: | tests.session -u test prepare restore: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi - ip link delete tap100 # remove test user from the libvirt group @@ -60,11 +54,6 @@ restore: | tests.session -u test restore execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi - echo "The interface is not connected by default" snap interfaces -i libvirt | MATCH '^- +test-snapd-libvirt-consumer:libvirt' diff --git a/tests/main/interfaces-polkit/task.yaml b/tests/main/interfaces-polkit/task.yaml index a25432c03c4..c560bfb31e6 100644 --- a/tests/main/interfaces-polkit/task.yaml +++ b/tests/main/interfaces-polkit/task.yaml @@ -19,26 +19,18 @@ systems: - -amazon-linux-2023-64 - -ubuntu-*-arm* +skip: + - reason: D-Bus session bus is not supported in the system + if: not tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi rm -f /home/test/sleep.stamp tests.session -u test restore execute: | - # We don't actually need a D-Bus session bus, but this is a good - # guard for support for a user session. - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - echo "Install the test snap" snap install --edge test-snapd-polkit diff --git a/tests/main/interfaces-requests-activates-handlers/task.yaml b/tests/main/interfaces-requests-activates-handlers/task.yaml index 0c0cecf9cfa..644e5970e2f 100644 --- a/tests/main/interfaces-requests-activates-handlers/task.yaml +++ b/tests/main/interfaces-requests-activates-handlers/task.yaml @@ -7,17 +7,15 @@ details: | systems: - ubuntu-2* -prepare: | - if os.query is-ubuntu 20.04; then - tests.exec skip-test "Ubuntu 20.04 kernels doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 ; then - tests.exec skip-test "Ubuntu 22.04 kernel $(uname -r) doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use; then - tests.exec skip-test "Ubuntu 22.04 AppArmor parser doesn't support prompting" && exit 0 - fi +skip: + - reason: Ubuntu 20.04 kernels don't support prompting + if: os.query is-ubuntu 20.04 + - reason: Ubuntu 22.04 kernel doesn't support prompting + if: os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 + - reason: Ubuntu 22.04 AppArmor parser doesn't support prompting + if: os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use +prepare: | # prerequisite for having a prompts handler service snap set system experimental.user-daemons=true "$TESTSTOOLS"/snaps-state install-local test-snapd-prompt-handler @@ -25,15 +23,11 @@ prepare: | tests.session -u test prepare restore: | - tests.exec is-skipped && exit 0 - snap unset system experimental.user-daemons snap remove --purge test-snapd-prompt-handler || true tests.session -u test restore debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check kernel notification socket presence" @@ -46,8 +40,6 @@ debug: | snap debug api /v2/system-info execute: | - tests.exec is-skipped && exit 0 - not tests.session -u test exec systemctl --user is-active \ snap.test-snapd-prompt-handler.prompt-handler.service not tests.session -u test exec systemctl --user is-enabled \ diff --git a/tests/main/interfaces-snap-interfaces-requests-control/task.yaml b/tests/main/interfaces-snap-interfaces-requests-control/task.yaml index 35e3e5f9e30..debe0aee3bf 100644 --- a/tests/main/interfaces-snap-interfaces-requests-control/task.yaml +++ b/tests/main/interfaces-snap-interfaces-requests-control/task.yaml @@ -19,17 +19,15 @@ environment: # fact all the test does is pipe the output to (go)jq PYTHONIOENCODING: utf-8 -prepare: | - if os.query is-ubuntu 20.04; then - tests.exec skip-test "Ubuntu 20.04 kernel doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 ; then - tests.exec skip-test "Ubuntu 22.04 kernel $(uname -r) doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use; then - tests.exec skip-test "Ubuntu 22.04 AppArmor parser doesn't support prompting" && exit 0 - fi +skip: + - reason: Ubuntu 20.04 kernel doesn't support prompting + if: os.query is-ubuntu 20.04 + - reason: Ubuntu 22.04 kernel <6.7 doesn't support prompting + if: os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 + - reason: Ubuntu 22.04 AppArmor parser doesn't support prompting + if: os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use +prepare: | tests.session prepare -u test snap remove --purge api-client || true @@ -37,12 +35,9 @@ prepare: | snap set system experimental.user-daemons=true restore: | - tests.exec is-skipped && exit 0 tests.session restore -u test debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check kernel notification socket presence" @@ -55,8 +50,6 @@ debug: | snap debug api /v2/system-info execute: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local api-client echo "The snap-interfaces-requests-control plug on the api-client snap is initially disconnected" snap connections api-client | MATCH "snap-interfaces-requests-control +api-client:snap-interfaces-requests-control +- +-" diff --git a/tests/main/interfaces-snapd-control-with-manage/task.yaml b/tests/main/interfaces-snapd-control-with-manage/task.yaml index ed0318c5e22..8d425e4388d 100644 --- a/tests/main/interfaces-snapd-control-with-manage/task.yaml +++ b/tests/main/interfaces-snapd-control-with-manage/task.yaml @@ -21,12 +21,12 @@ systems: [-ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false # Install test snap dependencies before switching to fake store @@ -58,21 +58,12 @@ prepare: | snap ack "${BLOB_DIR}"/asserts/*.snap-declaration restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" debug: | gojq .data.auth.device /var/lib/snapd/state.json || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap install test-snapd-control-consumer echo "The interface is connected by default" diff --git a/tests/main/interfaces-userns/task.yaml b/tests/main/interfaces-userns/task.yaml index 8b304614c78..f5b02fef193 100644 --- a/tests/main/interfaces-userns/task.yaml +++ b/tests/main/interfaces-userns/task.yaml @@ -14,6 +14,10 @@ environment: # This is used to abbreviate some of the paths below. P: /var/snap/test-snapd-userns/common +skip: + - reason: system either doesn't support unprivileged userns or it is disabled + if: not sysctl kernel.unprivileged_userns_clone + prepare: | echo "Install a helper snap (for confinement testing)" "$TESTSTOOLS"/snaps-state install-local test-snapd-userns @@ -31,12 +35,6 @@ restore: | tests.session -u test restore execute: | - # ensure that the system supports unprivileged userns and it is enabled - if ! sysctl kernel.unprivileged_userns_clone; then - echo "Skipping testing of unprivileged userns since it is not supported by the kernel" - exit 0 - fi - echo "Enable the use of unprivileged user namespaces by default" orig_userns_clone=$(sysctl -n kernel.unprivileged_userns_clone) sysctl -w kernel.unprivileged_userns_clone=1 diff --git a/tests/main/known/task.yaml b/tests/main/known/task.yaml index 8440173a77e..4a1927f1cd5 100644 --- a/tests/main/known/task.yaml +++ b/tests/main/known/task.yaml @@ -7,8 +7,6 @@ details: | properties in general. execute: | - tests.exec is-skipped && exit 0 - echo "Listing all account assertions" snap known account|MATCH "^type: account$" snap known account|MATCH "^account-id: canonical$" diff --git a/tests/main/layout-content-provider-change/task.yaml b/tests/main/layout-content-provider-change/task.yaml new file mode 100644 index 00000000000..e62bf7b516e --- /dev/null +++ b/tests/main/layout-content-provider-change/task.yaml @@ -0,0 +1,73 @@ +summary: Verify scenario in which the content provider of a snap is changed + +details: | + Verify a scenario like + https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2072395 where there's a + snap with a content consumer plug, which uses layouts to move around the + data coming from the content provider snap. The snap is refreshed, changing + to a different content provider along the way. + +environment: + STORE_DIR: $(pwd)/fake-store-blobdir + STORE_ADDR: localhost:11028 + +skip: + - reason: "Test keys need to be trusted" + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + +prepare: | + snap install core24 + + "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" + tests.cleanup defer "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" + + snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" + snap ack "$TESTSLIB/assertions/developer1.account" + snap ack "$TESTSLIB/assertions/developer1.account-key" + + cp "$TESTSLIB"/assertions/testrootorg-store.account-key "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" + + snap pack test-snapd-content-provider-v1 + snap pack test-snapd-content-provider-v2 + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider-v1_*.snap provider-v1-id + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider-v2_*.snap provider-v2-id + + snap pack test-snapd-content-consumer-v1 + snap pack test-snapd-content-consumer-v2 + +execute: | + # make consumer 1.0.0 available in the store + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-consumer_1.*.snap consumer-id + + # install the first version + snap install test-snapd-content-consumer + + # the provider was pulled in and the plug is connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider-v1:special-content" + + test-snapd-content-consumer.app |& tee output-v1.log + MATCH 'hello from app' < output-v1.log + MATCH 'hello from content provider V1' < output-v1.log + + # now simulate what a snap like firefox may do, by switching the version of + # gnome runtime + "$TESTSTOOLS"/store-state make-snap-installable --revision 2 "$STORE_DIR" \ + test-snapd-content-consumer_2.*.snap consumer-id + + snap refresh test-snapd-content-consumer + + # new provider was pulled in and is connected now + snap connections test-snapd-content-consumer | NOMATCH "test-snapd-content-provider-v1" + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider-v2:special-content" + + test-snapd-content-consumer.app |& tee output-v2.log + MATCH 'hello from app' < output-v2.log + MATCH 'hello from content provider V2' < output-v2.log diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml new file mode 100644 index 00000000000..429d0d5c1b2 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml @@ -0,0 +1,21 @@ +name: test-snapd-content-consumer +version: 1.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + command-chain: + - snap/command-chain/launch + plugs: + - special-content-v1 + +plugs: + special-content-v1: + interface: content + target: $SNAP/connected-content + # like a snap using one version of gnome runtime + default-provider: test-snapd-content-provider-v1 diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch new file mode 100755 index 00000000000..8a2e4b5db9b --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch @@ -0,0 +1,7 @@ +#!/bin/bash + +# run through wrapper provided by content snap +# prepends desktop-launch to $@ +set -- "${SNAP}/connected-content/command-chain/desktop-launch" "$@" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml new file mode 100644 index 00000000000..e0f4548de13 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml @@ -0,0 +1,22 @@ +name: test-snapd-content-consumer +version: 2.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + command-chain: + - snap/command-chain/launch + plugs: + - special-content-v2 + +plugs: + special-content-v2: + interface: content + target: $SNAP/connected-content + # in v2, we switch to a different content provider, but with a similar mount + # namespace setup + default-provider: test-snapd-content-provider-v2 diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch new file mode 100755 index 00000000000..8a2e4b5db9b --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch @@ -0,0 +1,7 @@ +#!/bin/bash + +# run through wrapper provided by content snap +# prepends desktop-launch to $@ +set -- "${SNAP}/connected-content/command-chain/desktop-launch" "$@" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch new file mode 100755 index 00000000000..4f922a98028 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch @@ -0,0 +1,5 @@ +#!/bin/bash + +echo "hello from content provider V1" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml new file mode 100644 index 00000000000..bd3d37a311d --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider-v1 +version: 1.0.0 +base: core24 + +slots: + special-content-v1: + interface: content + read: + - / diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch new file mode 100755 index 00000000000..9396c96bfe0 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch @@ -0,0 +1,5 @@ +#!/bin/bash + +echo "hello from content provider V2" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml new file mode 100644 index 00000000000..b1f96f19deb --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider-v2 +version: 2.0.0 +base: core24 + +slots: + special-content-v2: + interface: content + read: + - / diff --git a/tests/main/layout-content-refresh-connect-hooks/task.yaml b/tests/main/layout-content-refresh-connect-hooks/task.yaml new file mode 100644 index 00000000000..dd456c31cd3 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/task.yaml @@ -0,0 +1,75 @@ +summary: Verify consumer provided content to be visible when content plug connection hook executes + +details: | + Verify that the content provided by the content slot snap is visible to a + plug connect hook during its execution. + +environment: + STORE_DIR: $(pwd)/fake-store-blobdir + STORE_ADDR: localhost:11028 + +skip: + - reason: "Test keys need to be trusted" + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + +prepare: | + snap install core24 + + "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" + tests.cleanup defer "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" + + snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" + snap ack "$TESTSLIB/assertions/developer1.account" + snap ack "$TESTSLIB/assertions/developer1.account-key" + + cp "$TESTSLIB"/assertions/testrootorg-store.account-key "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" + + # provider snaps + snap pack test-snapd-content-provider-v1 + snap pack test-snapd-content-provider-v2 + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider_1*.snap provider-id + + # consumer snap + snap pack test-snapd-content-consumer + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-consumer_1.*.snap consumer-id + +debug: | + cat /var/snap/test-snapd-content-consumer/common/hook.log || true + +execute: | + # install the first version + snap install test-snapd-content-consumer + + # the provider was pulled in and the plug is connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-basic" + # content-extra plug is not connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-consumer:special-content-extra +-" + + test-snapd-content-consumer.app |& tee output.log + MATCH 'hello from app' < output.log + # check logs from connect hook + MATCH "connect content basic" < /var/snap/test-snapd-content-consumer/common/hook.log + NOMATCH "connect content extra" < /var/snap/test-snapd-content-consumer/common/hook.log + + # make v2 now available + "$TESTSTOOLS"/store-state make-snap-installable --revision 2 "$STORE_DIR" \ + test-snapd-content-provider_2*.snap provider-id + + # refresh, a new slot should be auto connected, which is observed by the + # connect plug hook on the content consumer + snap refresh test-snapd-content-provider + + # new provider was pulled in and is connected now + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-basic" + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-extra" + + test-snapd-content-consumer.app |& tee output.log + MATCH 'hello from app' < output.log + + MATCH "connect content extra" < /var/snap/test-snapd-content-consumer/common/hook.log diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic new file mode 100755 index 00000000000..dfcf7b70a5d --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic @@ -0,0 +1,10 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== connect content basic" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls +echo "should fail, file isn't there yet" +cat "$SNAP/connected-content-extra/extra-content" || true diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra new file mode 100755 index 00000000000..018c8400fc4 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra @@ -0,0 +1,9 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== connect content extra" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls +cat "$SNAP/connected-content-extra/extra-content" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic new file mode 100755 index 00000000000..8c54dd2dcfa --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic @@ -0,0 +1,8 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== disconnect content basic" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml new file mode 100644 index 00000000000..bafbac33eaa --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml @@ -0,0 +1,25 @@ +name: test-snapd-content-consumer +version: 1.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + plugs: + - special-content-basic + - special-content-extra + +plugs: + special-content-basic: + interface: content + target: $SNAP/connected-content-basic + # like a snap using one version of gnome runtime + default-provider: test-snapd-content-provider + + special-content-extra: + interface: content + target: $SNAP/connected-content-extra + # no default provider is listed diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content new file mode 100644 index 00000000000..4395b36a146 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content @@ -0,0 +1 @@ +basic V1 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic new file mode 100755 index 00000000000..e3ca4b36124 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic new file mode 100755 index 00000000000..06f6073651a --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml new file mode 100644 index 00000000000..25178bfa491 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider +version: 1.0.0 +base: core24 + +slots: + special-content-basic: + interface: content + read: + - /basic diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content new file mode 100644 index 00000000000..f6c5d59b78d --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content @@ -0,0 +1 @@ +basic V2 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content new file mode 100644 index 00000000000..5d3ffd09118 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content @@ -0,0 +1 @@ +extra V2 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic new file mode 100755 index 00000000000..e3ca4b36124 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra new file mode 100755 index 00000000000..69f79037a76 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content extra" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic new file mode 100755 index 00000000000..06f6073651a --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra new file mode 100755 index 00000000000..ee2a39cf5e9 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content extra" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml new file mode 100644 index 00000000000..8c93d28e9ef --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml @@ -0,0 +1,14 @@ +name: test-snapd-content-provider +version: 2.0.0 +base: core24 + +slots: + special-content-basic: + interface: content + read: + - /basic + + special-content-extra: + interface: content + read: + - /extra diff --git a/tests/main/lxd-mount-units/task.yaml b/tests/main/lxd-mount-units/task.yaml index 7e16ab69e7a..70ea8673d65 100644 --- a/tests/main/lxd-mount-units/task.yaml +++ b/tests/main/lxd-mount-units/task.yaml @@ -7,6 +7,12 @@ details: | # only 20.04+, we want lxd images that come with snaps preinstalled. systems: [ubuntu-2*] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + restore: | lxd.lxc stop ubuntu --force || true lxd.lxc delete ubuntu || true diff --git a/tests/main/lxd-no-fuse/task.yaml b/tests/main/lxd-no-fuse/task.yaml index 9ff65151f78..87183b8b735 100644 --- a/tests/main/lxd-no-fuse/task.yaml +++ b/tests/main/lxd-no-fuse/task.yaml @@ -7,6 +7,12 @@ details: | # we just need a single system to verify this systems: [ubuntu-22.04-64] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + restore: | lxc delete --force my-ubuntu snap remove --purge lxd diff --git a/tests/main/lxd-postrm-purge/task.yaml b/tests/main/lxd-postrm-purge/task.yaml index b4db185d16c..b2094180f2d 100644 --- a/tests/main/lxd-postrm-purge/task.yaml +++ b/tests/main/lxd-postrm-purge/task.yaml @@ -15,6 +15,12 @@ priority: 1000 # lxd downloads can be quite slow kill-timeout: 25m +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | # using apt here is ok because this test only runs on ubuntu echo "Remove any installed debs (some images carry them) to ensure we test the snap" @@ -44,10 +50,6 @@ prepare: | lxd.lxc exec my-ubuntu -- /root/prep-snapd-in-lxd.sh restore: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - exit - fi - lxd.lxc stop my-ubuntu --force || true lxd.lxc delete my-ubuntu || true snap remove --purge lxd diff --git a/tests/main/lxd-try/task.yaml b/tests/main/lxd-try/task.yaml index a0d7aaf2b61..9731bbe26b9 100644 --- a/tests/main/lxd-try/task.yaml +++ b/tests/main/lxd-try/task.yaml @@ -5,19 +5,17 @@ details: | systems: [ubuntu-2*] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | echo "Install lxd" "$TESTSTOOLS"/lxd-state prepare-snap "$TESTSTOOLS"/lxd-state launch --name ubuntu - echo "Setting up proxy *inside* the container" - if [ -n "${http_proxy:-}" ]; then - lxd.lxc exec ubuntu -- sh -c "echo http_proxy=$http_proxy >> /etc/environment" - fi - if [ -n "${https_proxy:-}" ]; then - lxd.lxc exec ubuntu -- sh -c "echo https_proxy=$https_proxy >> /etc/environment" - fi - # wait for the container to be fully up # the retry is needed because of the error "Failed to connect to bus: No such file or directory" retry --wait 1 -n 10 sh -c 'lxd.lxc exec ubuntu -- systemctl --wait is-system-running | grep -Eq "(running|degraded)"' diff --git a/tests/main/lxd/task.yaml b/tests/main/lxd/task.yaml index aa8a4f86b03..e857ee3f060 100644 --- a/tests/main/lxd/task.yaml +++ b/tests/main/lxd/task.yaml @@ -32,6 +32,12 @@ environment: REFRESH_APP_AWARENESS_OUTER/snapd_cgroup_neither: false REFRESH_APP_AWARENESS_INNER/snapd_cgroup_neither: false +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | # using apt here is ok because this test only runs on ubuntu echo "Remove any installed debs (some images carry them) to ensure we test the snap" @@ -44,10 +50,6 @@ prepare: | snap set system experimental.refresh-app-awareness=$REFRESH_APP_AWARENESS_OUTER restore: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - exit - fi - for cont_name in my-nesting-ubuntu my-ubuntu; do lxd.lxc stop $cont_name --force || true lxd.lxc delete $cont_name || true @@ -79,11 +81,6 @@ debug: | "$TESTSTOOLS"/journal-state get-log -u snap.lxd.daemon.service execute: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - echo "No run lxd test when there are not .deb files built" - exit - fi - echo "Install lxd" "$TESTSTOOLS"/lxd-state prepare-snap diff --git a/tests/main/mount-dir-detect-check/task.yaml b/tests/main/mount-dir-detect-check/task.yaml index 712e32f13f3..6ac4d5333f2 100644 --- a/tests/main/mount-dir-detect-check/task.yaml +++ b/tests/main/mount-dir-detect-check/task.yaml @@ -7,11 +7,11 @@ details: | systems: - -ubuntu-core-* -prepare: | - if tests.info is-snapd-from-archive ; then - tests.exec skip-test "snapd deb from archive has no mount detection" && exit 0 - fi +skip: + - reason: snapd deb from archive has no mount detection + if: tests.info is-snapd-from-archive +prepare: | tests.systemd stop-unit snapd.service echo "Ensure all snaps are gone" snapd.tool exec snap-mgmt --purge @@ -56,8 +56,6 @@ prepare: | test "$(snap list | wc -l)" = "0" execute: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" baddir="$(cat mock-mount-dir)" diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt deleted file mode 100644 index 1a5954b25c9..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt +++ /dev/null @@ -1,76 +0,0 @@ -2:0 / / ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+0 / /dev rw,nosuid,relatime master:-14 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+0 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro --2:+0 /home /home rw,relatime master:-16 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt deleted file mode 100644 index 78b15f5902b..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt +++ /dev/null @@ -1,77 +0,0 @@ -2:1 / / ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:-1 / /dev rw,nosuid,relatime master:-15 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+1 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+17 - squashfs /dev/loop1 ro --2:-1 /home /home rw,relatime master:-17 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+2:+0 /usr/lib/snapd /usr/lib/snapd ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-33 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:+34 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt deleted file mode 100644 index 0c5374339cc..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt +++ /dev/null @@ -1,76 +0,0 @@ -2:0 / / ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+0 / /dev rw,nosuid,relatime master:-14 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+0 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro --2:+0 /home /home rw,relatime master:-16 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt deleted file mode 100644 index a03b1856c74..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt +++ /dev/null @@ -1,77 +0,0 @@ -2:1 / / ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:-1 / /dev rw,nosuid,relatime master:-15 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+1 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+17 - squashfs /dev/loop1 ro --2:-1 /home /home rw,relatime master:-17 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+2:+0 /usr/lib/snapd /usr/lib/snapd ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-33 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:+34 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt deleted file mode 100644 index 612c5268538..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt +++ /dev/null @@ -1,120 +0,0 @@ -0:0 / / ro,relatime shared:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime shared:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime shared:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime shared:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime shared:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime shared:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime shared:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime shared:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime shared:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:+1 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime shared:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime shared:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:-5 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+6 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime shared:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime shared:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime shared:+1 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime shared:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime shared:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime shared:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 / /writable rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /writable/system-data/snap/core/1 ro,nodev,relatime shared:+47 - squashfs /dev/loop2 ro -+0:+1 / /writable/system-data/snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /writable/system-data/snap/pc-kernel/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro -+0:+1 / /writable/system-data/snap/pc/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop5 ro -+0:+1 / /writable/system-data/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop6 ro -+0:+1 / /writable/system-data/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop7 ro -+0:+1 / /writable/system-data/snap/test-snapd-rsync/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop8 ro diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt deleted file mode 100644 index a60be6da7fe..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt +++ /dev/null @@ -1,211 +0,0 @@ -0:0 / / ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime master:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime master:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - tmpfs tmpfs rw -+0:+3 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-34 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime master:15 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt deleted file mode 100644 index 1078dba890a..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt +++ /dev/null @@ -1,198 +0,0 @@ -0:3 / / ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:-3 / /dev rw,nosuid,relatime master:-60 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --2:-4 /etc /etc ro,relatime master:-6 - squashfs /dev/loop0 ro -+1:+1 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+7 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+38 - squashfs /dev/loop3 ro -+1:-2 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-48 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/ssl /etc/ssl ro,nodev,relatime master:+27 - squashfs /dev/loop3 ro -+1:-2 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:-26 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - tmpfs tmpfs rw --2:-31 /usr/lib/snapd /usr/lib/snapd ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-31 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:+32 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --2:-35 /usr/src /usr/src ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+14 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt deleted file mode 100644 index a60be6da7fe..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt +++ /dev/null @@ -1,211 +0,0 @@ -0:0 / / ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime master:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime master:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - tmpfs tmpfs rw -+0:+3 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-34 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime master:15 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt deleted file mode 100644 index 1078dba890a..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt +++ /dev/null @@ -1,198 +0,0 @@ -0:3 / / ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:-3 / /dev rw,nosuid,relatime master:-60 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --2:-4 /etc /etc ro,relatime master:-6 - squashfs /dev/loop0 ro -+1:+1 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+7 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+38 - squashfs /dev/loop3 ro -+1:-2 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-48 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/ssl /etc/ssl ro,nodev,relatime master:+27 - squashfs /dev/loop3 ro -+1:-2 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:-26 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - tmpfs tmpfs rw --2:-31 /usr/lib/snapd /usr/lib/snapd ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-31 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:+32 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --2:-35 /usr/src /usr/src ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+14 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/task.yaml b/tests/main/mount-ns/task.yaml index 3cba00be57e..aa80bdbcfca 100644 --- a/tests/main/mount-ns/task.yaml +++ b/tests/main/mount-ns/task.yaml @@ -85,16 +85,6 @@ prepare: | true ;; reboot) - # TODO: when https://github.com/snapcore/spread/pull/85 is merged - # and released this test can be allowed to run on bash 4.3. Without - # the workaround for a bug in bash REBOOT causes the spread test to - # fail instead of asking spread to reboot the machine. - if "$TESTSTOOLS"/version-compare --strict "$(echo "$BASH_VERSION" | cut -d. -f 1-2)" -eq 4.3; then - echo "SKIP: this test cannot operate on bash 4.3.x" - touch please-skip-this-test - exit 0 - fi - # # The test will reboot once before performing the test. This will # remove any ephemeral state that may be left in the kernel by prior # test cases or by project-wide prepare that is does not persist across @@ -215,9 +205,6 @@ debug: | done execute: | - if [ -e please-skip-this-test ]; then - exit 0 - fi diff -u "$SPREAD_BACKEND.$SPREAD_SYSTEM/HOST.expected.txt" HOST.deterministic.txt # The before and after host files should be identical. diff -u "$SPREAD_BACKEND.$SPREAD_SYSTEM/HOST.expected.txt" HOST-AFTER.deterministic.txt diff --git a/tests/main/network-retry/task.yaml b/tests/main/network-retry/task.yaml index 924a21f9ddd..803f2a24d0e 100644 --- a/tests/main/network-retry/task.yaml +++ b/tests/main/network-retry/task.yaml @@ -10,6 +10,13 @@ environment: # on core systems, the test was seen to misbehave when memory limit is set SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: Cannot run when there is a http proxy set + if: | + # all queries will go through the proxy so breaking DNS will not work + [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || + [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ] + prepare: | echo "Break DNS" if os.query is-core; then @@ -39,13 +46,6 @@ restore: | systemctl stop snapd.service execute: | - if [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || - [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ]; then - # all queries will go through the proxy so breaking DNS will not work - echo "SKIP: cannot run when there is a http proxy set" - exit 0 - fi - echo "Try to install a snap with broken DNS" if snap install test-snapd-sh; then echo "Installing test-snapd-sh with broken DNS should not work" diff --git a/tests/main/postrm-purge/task.yaml b/tests/main/postrm-purge/task.yaml index c27e96a4bc7..4a54ba04df8 100644 --- a/tests/main/postrm-purge/task.yaml +++ b/tests/main/postrm-purge/task.yaml @@ -6,11 +6,11 @@ details: | systems: [-ubuntu-core-*] -prepare: | - if tests.info is-snapd-from-archive; then - tests.exec skip-test "This test is skipped when the snapd pkg isn't built from local" && exit 0 - fi +skip: + - reason: This test is skipped when the snapd pkg isn't built from local + if: tests.info is-snapd-from-archive +prepare: | # TODO: unify this with tests/main/snap-mgmt/task.yaml # note: no need to unset these since this spread test purges snapd totally @@ -68,8 +68,6 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" if [ -e pkg-removed ]; then @@ -78,13 +76,9 @@ restore: | fi debug: | - tests.exec is-skipped && exit 0 - systemctl --no-legend --full | grep -E 'snap\..*\.(service|timer|socket|slice)' || true execute: | - tests.exec is-skipped && exit 0 - systemctl --no-legend --full | MATCH 'snap\..*\.(service|timer|socket|slice)' #shellcheck source=tests/lib/pkgdb.sh diff --git a/tests/main/prepare-image-check-arch/task.yaml b/tests/main/prepare-image-check-arch/task.yaml index 268dd91e5bf..ec5444c39ea 100644 --- a/tests/main/prepare-image-check-arch/task.yaml +++ b/tests/main/prepare-image-check-arch/task.yaml @@ -19,36 +19,25 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" chown -R test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - # get the model assertion gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-20-dangerous.json > "$ROOT/model.assertion" diff --git a/tests/main/prepare-image-classic/task.yaml b/tests/main/prepare-image-classic/task.yaml index 4d4a649898f..c34c21bd46a 100644 --- a/tests/main/prepare-image-classic/task.yaml +++ b/tests/main/prepare-image-classic/task.yaml @@ -18,36 +18,25 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" chown -R test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - # get the model assertion gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-22-classic-dangerous.json > "$ROOT/model.assertion" diff --git a/tests/main/prepare-image-grub/task.yaml b/tests/main/prepare-image-grub/task.yaml index 1512aa94935..5de427a631f 100644 --- a/tests/main/prepare-image-grub/task.yaml +++ b/tests/main/prepare-image-grub/task.yaml @@ -23,27 +23,19 @@ environment: STORE_ADDR: localhost:11028 UBUNTU_IMAGE_SKIP_COPY_UNVERIFIED_SNAPS: 1 +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/main/prepare-image-reproducible/task.yaml b/tests/main/prepare-image-reproducible/task.yaml index 4dd326b8539..26c8caf7d5d 100644 --- a/tests/main/prepare-image-reproducible/task.yaml +++ b/tests/main/prepare-image-reproducible/task.yaml @@ -28,31 +28,21 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$ROOT" chown test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - install_snap_to_fakestore() { local SNAP_NAME="$1" local SNAP_REVISION="$2" diff --git a/tests/main/prepare-image-uboot-uc20/task.yaml b/tests/main/prepare-image-uboot-uc20/task.yaml index 7ed91aa9a7d..1d99eab3d03 100644 --- a/tests/main/prepare-image-uboot-uc20/task.yaml +++ b/tests/main/prepare-image-uboot-uc20/task.yaml @@ -20,12 +20,15 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" @@ -35,24 +38,10 @@ prepare: | gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-pi-20.model.json > "$ROOT/model.assertion" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/main/prepare-image-validation-sets/task.yaml b/tests/main/prepare-image-validation-sets/task.yaml index f5ea7f8799c..ad44ead5520 100644 --- a/tests/main/prepare-image-validation-sets/task.yaml +++ b/tests/main/prepare-image-validation-sets/task.yaml @@ -33,30 +33,20 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$ROOT" chown test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - install_snap_to_fakestore() { local SNAP_NAME="$1" local SNAP_REVISION="$2" diff --git a/tests/main/preseed-core20/task.yaml b/tests/main/preseed-core20/task.yaml index 594a809a1cf..ecc09484581 100644 --- a/tests/main/preseed-core20/task.yaml +++ b/tests/main/preseed-core20/task.yaml @@ -16,12 +16,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh mkdir -p /tmp/tweaked-snapd-snap @@ -42,11 +42,6 @@ prepare: | gendeveloper1 show-key | gpg --homedir=~/.snap/gnupg --import restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - rm -rf /tmp/tweaked-snapd-snap rm -rf "$PREPARE_IMAGE_DIR" "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" @@ -55,11 +50,6 @@ debug: | cat preseed.log || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # have snap use the fakestore for assertions (but nothing else) export SNAPPY_FORCE_SAS_URL=http://$STORE_ADDR diff --git a/tests/main/preseed-reset/task.yaml b/tests/main/preseed-reset/task.yaml index 4420997c3c7..6c260c099c1 100644 --- a/tests/main/preseed-reset/task.yaml +++ b/tests/main/preseed-reset/task.yaml @@ -62,8 +62,9 @@ execute: | find_files > after-reset.txt diff before-preseeding.txt after-reset.txt - if [ -d "$IMAGE_MOUNTPOINT/snap" ]; then - echo "$IMAGE_MOUNTPOINT/snap shouldn't exist" + # Check that the dirs are cleaned up by checking one + if [ -d "$IMAGE_MOUNTPOINT/snap" ] && [ -n "$(ls -A "$IMAGE_MOUNTPOINT"/snap)" ]; then + echo "$IMAGE_MOUNTPOINT/snap shouldn't exist or should be empty" exit 1 fi diff --git a/tests/main/proxy/task.yaml b/tests/main/proxy/task.yaml index 4f00f9a8db0..a1ff9eb6b1c 100644 --- a/tests/main/proxy/task.yaml +++ b/tests/main/proxy/task.yaml @@ -9,21 +9,19 @@ details: | # ubuntu-14.04 does not have systemd-run systems: [-ubuntu-14.04-*] +skip: + - reason: python3 is not available + if: not command -v python3 + - reason: Cannot run when there is another http proxy + if: | + [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || + [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ] + restore: | snap set core proxy.https= systemctl stop tinyproxy || true execute: | - if ! command -v python3; then - echo "SKIP: need python3" - exit 0 - fi - if [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || - [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ]; then - echo "SKIP: cannot run when there is another http proxy" - exit 0 - fi - systemd-run --service-type=notify --unit tinyproxy -- python3 "$TESTSLIB/tinyproxy/tinyproxy.py" tests.systemd wait-for-service -n 30 --state active tinyproxy diff --git a/tests/main/refresh-all-undo/task.yaml b/tests/main/refresh-all-undo/task.yaml index dea0664fdfc..680cf21a6bc 100644 --- a/tests/main/refresh-all-undo/task.yaml +++ b/tests/main/refresh-all-undo/task.yaml @@ -12,12 +12,12 @@ environment: GOOD_SNAP: test-snapd-python-webserver BAD_SNAP: test-snapd-tools -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given two snaps are installed" for snap in $GOOD_SNAP $BAD_SNAP; do snap install "$snap" @@ -27,20 +27,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date" diff --git a/tests/main/refresh-all/task.yaml b/tests/main/refresh-all/task.yaml index 9e4e8673b44..65f2e9d44ac 100644 --- a/tests/main/refresh-all/task.yaml +++ b/tests/main/refresh-all/task.yaml @@ -11,12 +11,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # needed for test-snapd-tools_instance snap set system experimental.parallel-instances=true @@ -29,21 +29,12 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" snap set system experimental.parallel-instances=null execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh --list 2>&1 | MATCH "All snaps up to date." snap refresh 2>&1 | MATCH "All snaps up to date." diff --git a/tests/main/refresh-app-awareness/task.yaml b/tests/main/refresh-app-awareness/task.yaml index 9121d7849b4..83d90d9c6c3 100644 --- a/tests/main/refresh-app-awareness/task.yaml +++ b/tests/main/refresh-app-awareness/task.yaml @@ -10,6 +10,10 @@ environment: CONFINEMENT/classic: classic CONFINEMENT/strict: strict +skip: + - reason: Unsupported confinement variant + if: not snap debug sandbox-features --required "confinement-options:$CONFINEMENT" + prepare: | sed -e "s/@CONFINEMENT@/$CONFINEMENT/g" test-snapd-refresh.v1/meta/snap.yaml sed -e "s/@CONFINEMENT@/$CONFINEMENT/g" test-snapd-refresh.v2/meta/snap.yaml @@ -32,10 +36,6 @@ restore: | tests.session -u test restore execute: | - if ! snap debug sandbox-features --required "confinement-options:$CONFINEMENT"; then - echo "SKIP: unsupported confinement variant" - exit 0 - fi # Install v1 and see that it runs as expected. case "$CONFINEMENT" in classic) diff --git a/tests/main/refresh-devmode/task.yaml b/tests/main/refresh-devmode/task.yaml index 404fb29ece7..0a39895faaf 100644 --- a/tests/main/refresh-devmode/task.yaml +++ b/tests/main/refresh-devmode/task.yaml @@ -19,17 +19,12 @@ environment: STORE_TYPE/fake: fake STORE_TYPE/remote: ${REMOTE_STORE} -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install --devmode test-snapd-tools @@ -41,28 +36,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - # FIXME: currently the --list from channel doesn't work # echo "Then the new version is available for the snap to be refreshed" # expected="$SNAP_NAME +$SNAP_VERSION_PATTERN" diff --git a/tests/main/refresh-many-transactional-undo/task.yaml b/tests/main/refresh-many-transactional-undo/task.yaml index d158da437fc..95c3907ea22 100644 --- a/tests/main/refresh-many-transactional-undo/task.yaml +++ b/tests/main/refresh-many-transactional-undo/task.yaml @@ -13,12 +13,12 @@ environment: GOOD_SNAP: test-snapd-python-webserver BAD_SNAP: test-snapd-tools -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given two snaps are installed" for snap in $GOOD_SNAP $BAD_SNAP; do snap install "$snap" @@ -28,20 +28,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date" diff --git a/tests/main/refresh-many-transactional/task.yaml b/tests/main/refresh-many-transactional/task.yaml index dc6b1081103..5201018c366 100644 --- a/tests/main/refresh-many-transactional/task.yaml +++ b/tests/main/refresh-many-transactional/task.yaml @@ -11,12 +11,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given snaps installed" for snap in test-snapd-tools test-snapd-python-webserver; do snap install $snap @@ -26,20 +26,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date." diff --git a/tests/main/refresh/task.yaml b/tests/main/refresh/task.yaml index 5961eb9bed9..daabc6bcd77 100644 --- a/tests/main/refresh/task.yaml +++ b/tests/main/refresh/task.yaml @@ -21,24 +21,17 @@ environment: STORE_TYPE/parallel_strict_fake,strict_fake,classic_fake: fake STORE_TYPE/parallel_strict_remote,strict_remote,classic_remote: ${REMOTE_STORE} -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Classic snaps are not supported in this system + if: | + [[ "$SNAP_NAME" =~ classic && "$SPREAD_SYSTEM" =~ ^(fedora-|arch-|centos-) ]] +prepare: | flags= if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac flags=--classic fi @@ -57,48 +50,13 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" if [[ "$SPREAD_VARIANT" =~ parallel ]]; then snap set system experimental.parallel-instances=null fi execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - - if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac - fi - # FIXME: currently the --list from channel doesn't work # echo "Then the new version is available for the snap to be refreshed" # expected="$SNAP_NAME +$SNAP_VERSION_PATTERN" diff --git a/tests/main/revert-devmode/task.yaml b/tests/main/revert-devmode/task.yaml index fe449c0a1da..645a5bbcc03 100644 --- a/tests/main/revert-devmode/task.yaml +++ b/tests/main/revert-devmode/task.yaml @@ -16,17 +16,12 @@ environment: STORE_TYPE/remote: ${REMOTE_STORE} BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install --devmode test-snapd-tools @@ -38,28 +33,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - echo "When a refresh is made" snap refresh --devmode --edge test-snapd-tools diff --git a/tests/main/revert/task.yaml b/tests/main/revert/task.yaml index da7be20ea68..766006dc9d0 100644 --- a/tests/main/revert/task.yaml +++ b/tests/main/revert/task.yaml @@ -14,17 +14,12 @@ environment: STORE_TYPE/remote: ${REMOTE_STORE} BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install test-snapd-tools @@ -36,28 +31,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - echo "Revert without snap name shows error" if snap revert; then echo "Reverting without snap name should fail" diff --git a/tests/main/searching/task.yaml b/tests/main/searching/task.yaml index 2da2fd000a9..1806af82477 100644 --- a/tests/main/searching/task.yaml +++ b/tests/main/searching/task.yaml @@ -15,8 +15,6 @@ backends: [-autopkgtest] systems: [-ubuntu-*-ppc64el, -ubuntu-*-s390x] execute: | - tests.exec is-skipped && exit 0 - echo "List all featured snaps" expected='(?s).*Name +Version +Publisher +Notes +Summary *\n(.*?\n)?.*' snap find > featured.txt diff --git a/tests/main/security-apparmor/task.yaml b/tests/main/security-apparmor/task.yaml index f214db4c4df..446f159866a 100644 --- a/tests/main/security-apparmor/task.yaml +++ b/tests/main/security-apparmor/task.yaml @@ -4,14 +4,16 @@ details: | Check that a strictly confined snap can access paths available to it but accesses to paths out of its confinement are denied. +skip: + - reason: The confinement is partial + if: | + [ "$(snap debug confinement)" = partial ] + prepare: | echo "Given a basic snap is installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-sh execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi echo "Then an unconfined action should succeed" test-snapd-sh.sh -c 'touch /dev/shm/snap.test-snapd-sh.foo' test -f /dev/shm/snap.test-snapd-sh.foo diff --git a/tests/main/security-device-cgroups/task.yaml b/tests/main/security-device-cgroups/task.yaml index 77880b43c34..11d8d12a94c 100644 --- a/tests/main/security-device-cgroups/task.yaml +++ b/tests/main/security-device-cgroups/task.yaml @@ -25,13 +25,13 @@ environment: OTHER_UDEVADM_PATH/uinput: /sys/devices/virtual/mem/kmsg OTHER_DEVICE_ID/uinput: "c 1:11 rwm" +skip: + - reason: No uinput support, cannot run test + if: | + # some systems (like s390x) do not have support for this + [ ! -e /sys/devices/virtual/misc/uinput ] && ! modprobe uinput + prepare: | - if [ ! -e /sys/devices/virtual/misc/uinput ]; then - if ! modprobe uinput; then - echo "no uinput support, cannot run test" - exit 0 - fi - fi # create nvidia devices if they don't exist if [ ! -e /dev/nvidia0 ]; then mknod /dev/nvidia0 c 195 0 @@ -80,12 +80,6 @@ restore: | fi execute: | - # some systems (like s390x) do not have support for this - if [ ! -e /sys/devices/virtual/misc/uinput ]; then - echo "no uinput support, cannot run test" - exit 0 - fi - tags_are_sticky=0 systemd_ver="$(systemctl --version | awk '/systemd [0-9]+/ { print $2 }' | cut -f1 -d"~")" if [ "$systemd_ver" -ge 247 ]; then @@ -161,3 +155,15 @@ execute: | else udevadm info "$UDEVADM_PATH" | NOMATCH "E: TAGS=.*snap_test-snapd-sh_sh" fi + + # In the unlikely case of low value of RLIMIT_MEMLOCK, snap-confine can + # increase the value automatically. Here we explicitly pass a small value + # to observe that we can construct everything from scratch just fine. Note + # that this requires us to have at least one device tagged to the snap, + # otherwise snap-confine will not run the relevant logic. + "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 + rm -f /sys/fs/bpf/snap/snap_test-snapd-sh-core24_sh + prlimit --memlock=65536 env SNAP_CONFINE_DEBUG=1 test-snapd-sh-core24.sh -c 'true' + # Remove observable state of the previous command. + rm -f /sys/fs/bpf/snap/snap_test-snapd-core24-sh_sh + snapd.tool exec snap-discard-ns test-snapd-sh-core24 diff --git a/tests/main/security-devpts/task.yaml b/tests/main/security-devpts/task.yaml index 573eae06a9b..a3d6c9630f9 100644 --- a/tests/main/security-devpts/task.yaml +++ b/tests/main/security-devpts/task.yaml @@ -5,11 +5,12 @@ details: | can read /dev/pts, can openpty, and can access the PTY via /dev/ptmx, both with and without the physical-memory-observe interface connected. -execute: | - if [ "$(snap debug confinement)" = none ] ; then - exit 0 - fi +skip: + - reason: The systems has "none" debug confinement + if: | + [ "$(snap debug confinement)" = none ] +execute: | echo "Given a basic snap is installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-devpts diff --git a/tests/main/security-group-policy/task.yaml b/tests/main/security-group-policy/task.yaml index 9fdbe1d42e1..85372cdeb05 100644 --- a/tests/main/security-group-policy/task.yaml +++ b/tests/main/security-group-policy/task.yaml @@ -17,21 +17,18 @@ environment: SNAP_REEXEC/no_reexec: 0 SNAP_REEXEC/with_reexec: 1 -prepare: | - LIBEXEC_DIR="$(os.paths libexec-dir)" - vers="$("$LIBEXEC_DIR"/snapd/snap-confine --version | cut -f2 -d' ' | sed -e 's/\+.*//')" - - if os.query is-ubuntu && [ "$SPREAD_VARIANT" = "no_reexec" ]; then +skip: + - reason: This test needs a test build of snapd, got native version instead + if: | # Ubuntu is the only distribution where snapd comes preinstalled, so # unless we are doing SRU validation or installing from a private PPA # (as part of the release process) the no-reexec variant would actually # try to exercise this feature using the native package, which may be # too old to have it in the first place - if [ "$SRU_VALIDATION" != "1" ] && [ -z "$PPA_SOURCE_LINE" ] && [ -z "$PPA_VALIDATION_NAME" ]; then - tests.exec skip-test "This test needs a test build of snapd, got native version $vers instead" - fi - fi - tests.exec is-skipped && exit 0 + os.query is-ubuntu && [ "$SPREAD_VARIANT" = "no_reexec" ] && [ "$SRU_VALIDATION" != "1" ] && [ -z "$PPA_SOURCE_LINE" ] && [ -z "$PPA_VALIDATION_NAME" ] + +prepare: | + LIBEXEC_DIR="$(os.paths libexec-dir)" case "$SPREAD_SYSTEM" in fedora-*|arch-*|centos-*) @@ -67,7 +64,6 @@ prepare: | tests.session -u test prepare restore: | - tests.exec is-skipped && exit 0 tests.session -u test restore debug: | @@ -76,7 +72,6 @@ debug: | getcap "$LIBEXEC_DIR"/snapd/snap-confine || true execute: | - tests.exec is-skipped && exit 0 tests.session -u test exec sh -c "test-snapd-sh-core24.sh -c 'true' 2>&1" | \ MATCH 'user is not a member of group' diff --git a/tests/main/security-profiles/task.yaml b/tests/main/security-profiles/task.yaml index 7f03fd79665..5bce79af880 100644 --- a/tests/main/security-profiles/task.yaml +++ b/tests/main/security-profiles/task.yaml @@ -4,14 +4,16 @@ details: | This test verifies that profiles are properly generated and loaded for a set of apps and hooks. +skip: + - reason: The system has "partial" debug confinement + if: | + [ "$(snap debug confinement)" = partial ] + + prepare: | snap pack "$TESTSLIB"/snaps/basic-hooks execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi - seccomp_profile_directory="/var/lib/snapd/seccomp/bpf" echo "Security profiles are generated and loaded for apps" diff --git a/tests/main/security-seccomp/task.yaml b/tests/main/security-seccomp/task.yaml index 2ef31fee51b..f243cf15be6 100644 --- a/tests/main/security-seccomp/task.yaml +++ b/tests/main/security-seccomp/task.yaml @@ -28,6 +28,10 @@ environment: BIN: /var/lib/snapd/seccomp/bpf/snap.test-snapd-setpriority.test-snapd-setpriority.bin2 AAP: /var/lib/snapd/apparmor/profiles/snap.test-snapd-setpriority.test-snapd-setpriority +skip: + - reason: seccomp doesn't support BPF argument filtering in this system + if: not snap debug sandbox-features --required seccomp:bpf-argument-filtering + prepare: | echo "Install a helper snap with default confinement" snap install test-snapd-setpriority @@ -63,12 +67,6 @@ restore: | fi execute: | - # other tests ensure seccomp is available so we can skip any systems that - # don't have it - if ! snap debug sandbox-features --required seccomp:bpf-argument-filtering ; then - exit 0 - fi - echo "Remove any setpriority rules from the filter" sed 's/^\(setpriority.*\)/#SPREAD: \1/g' "$SRC".orig > "$SRC" snapd.tool exec snap-seccomp compile "$SRC" "$BIN" diff --git a/tests/main/services-socket-activation/task.yaml b/tests/main/services-socket-activation/task.yaml index 29891eebf3d..799d3324d18 100644 --- a/tests/main/services-socket-activation/task.yaml +++ b/tests/main/services-socket-activation/task.yaml @@ -8,14 +8,16 @@ environment: CONFINEMENT/strict: strict CONFINEMENT/classic: classic +skip: + - reason: Cannot install classic snaps on core + if: | + [ "$CONFINEMENT" = classic ] && os.query is-core + prepare: | case "$CONFINEMENT" in classic) SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" - if os.query is-core; then - # cannot install classic snaps on core - exit 0 - elif [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then + if [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then # although classic snaps do not work out of the box on fedora, # we still want to verify if the basics do work if the user # symlinks /snap to $SNAP_MOUNT_DIR themselves @@ -33,15 +35,6 @@ restore: | systemctl daemon-reload execute: | - case "$CONFINEMENT" in - classic) - if os.query is-core; then - # cannot install classic snaps on core - exit 0 - fi - ;; - esac - [ -f /etc/systemd/system/snap.socket-activation.sleep-daemon.sock.socket ] [ -S /var/snap/socket-activation/common/socket ] diff --git a/tests/main/set-proxy-store/task.yaml b/tests/main/set-proxy-store/task.yaml index 980379b331f..56479428a37 100644 --- a/tests/main/set-proxy-store/task.yaml +++ b/tests/main/set-proxy-store/task.yaml @@ -13,12 +13,12 @@ environment: SNAP_VERSION_PATTERN: \d+\.\d+\+fake1 BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given a snap is installed" snap install "$SNAP_NAME" @@ -44,10 +44,6 @@ prepare: | "$TESTSTOOLS"/store-state init-fake-refreshes "$BLOB_DIR" "$SNAP_NAME" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi systemctl start snapd.socket snap set core proxy.store= @@ -55,11 +51,6 @@ restore: | "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Configure to use the fakestore through store assertion and proxy.store" snap set core proxy.store=fake diff --git a/tests/main/snap-confine-from-core/task.yaml b/tests/main/snap-confine-from-core/task.yaml index dd09bbddee3..3f5963b3dd6 100644 --- a/tests/main/snap-confine-from-core/task.yaml +++ b/tests/main/snap-confine-from-core/task.yaml @@ -9,22 +9,20 @@ details: | # Disable for Fedora, openSUSE, Arch and Amazon Linux 2 as re-exec is not support there yet systems: [-ubuntu-core-*, -fedora-*, -opensuse-*, -arch-*, -amazon-*, -centos-*] +skip: + - if: | + [ "$SNAP_REEXEC" = "0" ] + reason: "This tests re-exec functionality and is skipped if re-exec is disabled" + prepare: | echo "Installing test-snapd-sh" snap install test-snapd-sh echo "Breaking host snap-confine" - chmod 0755 /usr/lib/snapd/snap-confine - -restore: | - echo "Restoring host snap-confine" - chmod 4755 /usr/lib/snapd/snap-confine + mv /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine.bak + cp "$(type -P false)" /usr/lib/snapd/snap-confine + tests.cleanup defer mv /usr/lib/snapd/snap-confine.bak /usr/lib/snapd/snap-confine execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - echo "skipping test when SNAP_REEXEC is disabled" - exit 0 - fi - echo "Ensure we re-exec by default" # It is not possible to check by using journal-state tools because the # reexec "DEBUG: restarting into" line appears before the snapd state is diff --git a/tests/main/snap-ns-forward-compat/task.yaml b/tests/main/snap-ns-forward-compat/task.yaml index b71beb4be8d..a02955b2334 100644 --- a/tests/main/snap-ns-forward-compat/task.yaml +++ b/tests/main/snap-ns-forward-compat/task.yaml @@ -9,21 +9,18 @@ details: | # Skip debian-sid as pivot_root binary is not anymore within util-linux systems: [-*-32, -debian-sid-*] +skip: + - reason: Unshare command doesn't support saving the namespace + if: | + # Check if `unshare --mount=` is supported + unshare --mount=/something true 2>&1 | grep "option '--mount' doesn't allow an argument" + prepare: | echo "Install test snap" mkdir testsnap/import "$TESTSTOOLS"/snaps-state install-local testsnap execute: | - echo "Checking if the unshare command supports saving the namespace" - unshare --mount=/something true 2> error.log || true - tests.cleanup defer rm error.log - if grep "option '--mount' doesn't allow an argument" error.log; then - echo "unshare --mount= is not supported, skipping test" - exit 0 - fi - - echo "Creating a mount namespace whose root is a tmpfs" mkdir -p /run/snapd/ns/ mount -o bind --make-private /run/snapd/ns/ /run/snapd/ns/ diff --git a/tests/main/snap-quota-install/task.yaml b/tests/main/snap-quota-install/task.yaml index 9cbcc6a7e5a..359731f312b 100644 --- a/tests/main/snap-quota-install/task.yaml +++ b/tests/main/snap-quota-install/task.yaml @@ -15,7 +15,7 @@ restore: | snap remove-quota foobar || true execute: | - if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-centos 7 || os.query is-xenial || os.query is-core16; then + if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-xenial || os.query is-core16; then # just check that we can't do anything with quota groups on systems with # old systemd versions, we need at least 230 to avoid buggy slice usage # reporting diff --git a/tests/main/snap-quota/task.yaml b/tests/main/snap-quota/task.yaml index 7b805083a0a..0a7ac62d6a5 100644 --- a/tests/main/snap-quota/task.yaml +++ b/tests/main/snap-quota/task.yaml @@ -27,7 +27,7 @@ debug: | find /sys/fs/cgroup/ -name 'snap.group*' -ls || true execute: | - if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-centos 7 || os.query is-xenial || os.query is-core16; then + if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-xenial || os.query is-core16; then # just check that we can't do anything with quota groups on systems with # old systemd versions, we need at least 230 to avoid buggy slice usage # reporting diff --git a/tests/main/snap-run-devmode-classic/task.yaml b/tests/main/snap-run-devmode-classic/task.yaml index d866f70b62f..b5863e7f9f0 100644 --- a/tests/main/snap-run-devmode-classic/task.yaml +++ b/tests/main/snap-run-devmode-classic/task.yaml @@ -34,12 +34,11 @@ environment: BASE_CORE_STRICT_SNAP: test-snapd-sh BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18 -prepare: | - # Core snap is not modified for classic re-exec any more in this scenario - if tests.info is-snapd-from-archive; then - tests.exec skip-test "Core snap is not modified for classic re-exec any more in this scenario" && exit 0 - fi +skip: + - reason: Core snap is not modified for classic re-exec any more in this scenario + if: tests.info is-snapd-from-archive +prepare: | CURRENT_SNAPD_SNAP="$(ls "$SNAPD_WORK_DIR"/snapd_snap/snapd_*.snap)" cp "$CURRENT_SNAPD_SNAP" "$PWD/snapd-from-branch.snap" @@ -69,8 +68,6 @@ prepare: | rm -r "$snapddir" execute: | - tests.exec is-skipped && exit 0 - if [ "$SNAP_TO_USE_FIRST" = "core" ]; then # first install our core snap because we don't have the snapd snap on diff --git a/tests/main/snap-run-hook/task.yaml b/tests/main/snap-run-hook/task.yaml index 8106703c7e4..a24d78e87ee 100644 --- a/tests/main/snap-run-hook/task.yaml +++ b/tests/main/snap-run-hook/task.yaml @@ -11,10 +11,12 @@ environment: SNAP_REEXEC/reexec1: 1 ENVDUMP: /var/snap/basic-hooks/current/hooks-env +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi "$TESTSTOOLS"/snaps-state install-local basic-hooks SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$SNAP_REEXEC" = "1" ] && [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then @@ -25,8 +27,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - # Note that `snap run` doesn't exit non-zero if the hook is missing, so we # check the output instead. diff --git a/tests/main/snap-run/task.yaml b/tests/main/snap-run/task.yaml index 56483fa727c..f8647e0ab67 100644 --- a/tests/main/snap-run/task.yaml +++ b/tests/main/snap-run/task.yaml @@ -14,19 +14,13 @@ environment: STRACE_STATIC_CHANNEL: candidate prepare: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local basic-run "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 debug: | - tests.exec is-skipped && exit 0 - cat stderr || true execute: | - tests.exec is-skipped && exit 0 - echo "Running a trivial command causes no DENIED messages" test-snapd-sh-core24.sh -c 'echo hello' if os.query is-arch-linux && [ "$SNAP_REEXEC" != "1" ]; then diff --git a/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml b/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml index 66da4078934..ddd2f926c3a 100644 --- a/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml +++ b/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml @@ -11,6 +11,11 @@ systems: # Systemd on Amazon Linux 2 does not have the user@uid unit - -amazon-linux-2-* +skip: + - reason: Debug confinement is not strict on the system + if: | + [ "$(snap debug confinement)" != strict ] + prepare: | # Ensure that snapd.session-agent.socket is enabled. This may not # be the case on distributions where presets have been used to @@ -33,10 +38,6 @@ restore: | fi execute: | - if [ "$(snap debug confinement)" != strict ]; then - exit 0 - fi - echo "The snap session agent REST API socket exists" test -S "/run/user/12345/snapd-session-agent.socket" diff --git a/tests/main/snap-userd-reexec/task.yaml b/tests/main/snap-userd-reexec/task.yaml index af9dd3fd26a..9dfbc6df559 100644 --- a/tests/main/snap-userd-reexec/task.yaml +++ b/tests/main/snap-userd-reexec/task.yaml @@ -11,9 +11,12 @@ environment: # uploading the snapd snap triggers OOM SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: skipping test when SNAP_REEXEC is disabled + if: | + [ "${SNAP_REEXEC:-}" = "0" ] + restore: | - tests.exec is-skipped && exit 0 - # Remove the local revision of snapd, if we installed one. SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$(readlink "$SNAP_MOUNT_DIR/snapd/current")" = x1 ]; then @@ -22,10 +25,6 @@ restore: | fi execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - tests.exec skip-test "skipping test when SNAP_REEXEC is disabled" && exit 0 - fi - snap list snapd | awk "/^snapd / {print(\$3)}" > prevBoot echo "Ensure service file is created if missing (e.g. on re-exec)" diff --git a/tests/main/snapd-apparmor/task.yaml b/tests/main/snapd-apparmor/task.yaml index c2f50918c11..6862f699957 100644 --- a/tests/main/snapd-apparmor/task.yaml +++ b/tests/main/snapd-apparmor/task.yaml @@ -8,15 +8,14 @@ details: | environment: CONSUMER_SNAP: test-snapd-policy-app-consumer +skip: + - reason: The snapd.apparmor.service is not active in the system + if: not systemctl is-active snapd.apparmor.service + debug: | "$TESTSTOOLS"/journal-state get-log -u snap.apparmor.service execute: | - if ! systemctl is-active snapd.apparmor.service; then - echo "Skipping test since snapd.apparmor.service is not active" - exit 0 - fi - echo "Ensure snapd.apparmor is enabled" systemctl is-enabled snapd.apparmor.service diff --git a/tests/main/snapd-homedirs-vendored/task.yaml b/tests/main/snapd-homedirs-vendored/task.yaml index 096184cdc7b..bfe5e457856 100644 --- a/tests/main/snapd-homedirs-vendored/task.yaml +++ b/tests/main/snapd-homedirs-vendored/task.yaml @@ -12,11 +12,12 @@ systems: [ubuntu-18*, ubuntu-20*, ubuntu-22*] environment: USERNAME: home-sweet-home -prepare: | - if [[ "$SNAP_REEXEC" = "0" ]] || tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when either the snapd pkg is from the repository or reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when either the snapd pkg is from the repository or reexec is disabled + if: | + [[ "$SNAP_REEXEC" = "0" ]] || tests.info is-snapd-from-archive +prepare: | # Create a new user in a non-standard location mkdir -p /remote/users useradd -b /remote/users -m -U "$USERNAME" @@ -32,8 +33,6 @@ prepare: | rm -rf "${unpackdir}" restore: | - tests.exec is-skipped && exit 0 - userdel -f --remove "$USERNAME" rm -rf /remote/users @@ -44,8 +43,6 @@ restore: | distro_install_build_snapd debug: | - tests.exec is-skipped && exit 0 - # output custom snap-confine snippets ls -l /var/lib/snapd/apparmor/snap-confine/ for f in /var/lib/snapd/apparmor/snap-confine/*; do @@ -54,8 +51,6 @@ debug: | done execute: | - tests.exec is-skipped && exit 0 - echo "Downgrading the snapd deb to pre-vendored apparmor times" TARGET_VER="$(apt list -a snapd | grep -- -updates | cut -f2 -d' ')" # Ubuntu release on development doesn't have updates diff --git a/tests/main/snapd-reexec/task.yaml b/tests/main/snapd-reexec/task.yaml index b8d21a64a77..a7f7292529c 100644 --- a/tests/main/snapd-reexec/task.yaml +++ b/tests/main/snapd-reexec/task.yaml @@ -18,11 +18,12 @@ environment: SNAPD_SRC/core: "core" SNAPD_SRC/snapd: "snapd" -prepare: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - tests.exec skip-test "skipping test when SNAP_REEXEC is disabled" && exit 0 - fi +skip: + - reason: skipping test when SNAP_REEXEC is disabled + if: | + [ "${SNAP_REEXEC:-}" = "0" ] +prepare: | # when testing core remove snapd snap as option for re-exec if [ "$SNAPD_SRC" == "core" ]; then systemctl stop snapd.service snapd.socket @@ -37,8 +38,6 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" SNAPD_MOUNT_DIR="$SNAP_MOUNT_DIR/$SNAPD_SRC" # remove the locale revision of the snapd source snap, if we installed one @@ -70,14 +69,10 @@ restore: | systemctl start snapd.service debug: | - tests.exec is-skipped && exit 0 - ls /etc/systemd/system/snapd.service.d cat /etc/systemd/system/snapd.service.d/* execute: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" SNAPD_MOUNT_DIR="$SNAP_MOUNT_DIR/$SNAPD_SRC" diff --git a/tests/main/snapd-slow-startup/task.yaml b/tests/main/snapd-slow-startup/task.yaml index c153a7c4a6a..cc4a1a3988a 100644 --- a/tests/main/snapd-slow-startup/task.yaml +++ b/tests/main/snapd-slow-startup/task.yaml @@ -8,7 +8,7 @@ details: | Internally, snapd will calculate the expected startup time based on the number of snaps and adjust systemd's timeout to match it. -systems: [ubuntu-18.04-64] +systems: [ubuntu-2*] restore: | # extra cleanup in case something in this test went wrong @@ -20,12 +20,6 @@ debug: | cat /etc/systemd/system/snapd.service.d/* || true execute: | - systemd_ver="$(systemctl --version|head -1|cut -d ' ' -f2)" - if [ "${systemd_ver}" -lt 236 ]; then - echo "systemd ${systemd_ver} too old, no EXTEND_TIMEOUT_USEC support" - exit 0 - fi - # have 6 extra snaps installed, makes 8 with core and snapd snap snap pack "$TESTSLIB"/snaps/basic snap set system experimental.parallel-instances=true diff --git a/tests/main/snapd-snap-transition-auto-install/task.yaml b/tests/main/snapd-snap-transition-auto-install/task.yaml index 5c14a5ece7a..16bb9c619b4 100644 --- a/tests/main/snapd-snap-transition-auto-install/task.yaml +++ b/tests/main/snapd-snap-transition-auto-install/task.yaml @@ -14,11 +14,11 @@ environment: SNAPD_SRC/deb: "deb" SNAPD_SRC/core: "core" -prepare: | - if tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs snapd deb built from local" && exit 0 - fi +skip: + - reason: This test needs snapd deb built from local + if: tests.info is-snapd-from-archive +prepare: | # Expect system preparation stage installed built snapd and core snaps. # Check this and remove all snaps to remove snapd. snap list core @@ -49,8 +49,6 @@ prepare: | not snap list snapd execute: | - tests.exec is-skipped && exit 0 - # check re-exec disabled, exec from snapd deb or re-exec from core snap snap_mount_dir="$(os.paths snap-mount-dir)" expect="" diff --git a/tests/main/snapd-snap/task.yaml b/tests/main/snapd-snap/task.yaml index b652941d5ac..a8053a7fa61 100644 --- a/tests/main/snapd-snap/task.yaml +++ b/tests/main/snapd-snap/task.yaml @@ -44,11 +44,12 @@ environment: # workaround for running on openstack backend no_proxy: ppa.launchpad.net -prepare: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - tests.exec skip-test "Snapcraft fails to snap snapd when the proxy is set" && exit 0 - fi +skip: + - reason: Snapcraft fails to snap snapd when the proxy is set + if: | + [ "${SNAPD_USE_PROXY:-}" = true ] +prepare: | # shellcheck source=tests/lib/systems.sh . "$TESTSLIB/systems.sh" @@ -132,8 +133,6 @@ prepare: | fi debug: | - tests.exec is-skipped && exit 0 - # get the snapd sandbox features snap debug sandbox-features @@ -142,8 +141,6 @@ debug: | "$TESTSTOOLS"/journal-state get-log execute: | - tests.exec is-skipped && exit 0 - # shellcheck source=tests/lib/systems.sh . "$TESTSLIB/systems.sh" diff --git a/tests/main/snapd-state/task.yaml b/tests/main/snapd-state/task.yaml index 93f41bea98e..709bbdbfc9c 100644 --- a/tests/main/snapd-state/task.yaml +++ b/tests/main/snapd-state/task.yaml @@ -6,7 +6,7 @@ details: | This test verifies the different functionalities provided by such tool. -backends: [google, qemu] +backends: [google, qemu, openstack] prepare: | snap install test-snapd-tools diff --git a/tests/main/snapd-without-core/task.yaml b/tests/main/snapd-without-core/task.yaml index 2926a5a7e3e..fa5b6df19aa 100644 --- a/tests/main/snapd-without-core/task.yaml +++ b/tests/main/snapd-without-core/task.yaml @@ -13,15 +13,15 @@ environment: # uploading large snap triggers OOM SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: SNAP_REEXEC is disabled in the system + if: | + [ "${SNAP_REEXEC:-}" = "0" ] + restore: | rm -f /tmp/snapd_*.snap execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - echo "skipping test when SNAP_REEXEC is disabled" - exit 0 - fi - echo "Create modified snapd snap" #shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh diff --git a/tests/main/snaps-state/task.yaml b/tests/main/snaps-state/task.yaml index e032ddbf114..35e03b89f34 100644 --- a/tests/main/snaps-state/task.yaml +++ b/tests/main/snaps-state/task.yaml @@ -6,7 +6,7 @@ details: | and otherwise it tries from $TESTSLIB. Finally verifies that the confinement for the current system can be checked -backends: [google, qemu] +backends: [google, qemu, openstack] prepare: | snap set system experimental.parallel-instances=true diff --git a/tests/main/store-state/task.yaml b/tests/main/store-state/task.yaml index c5fc08d86c4..dc9f78210d1 100644 --- a/tests/main/store-state/task.yaml +++ b/tests/main/store-state/task.yaml @@ -11,21 +11,16 @@ backends: [-external] # ubuntu-14.04: systemd-run not supported systems: [-ubuntu-14.04-64] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # acquire session macaroon snap find core execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # Check help "$TESTSTOOLS"/store-state | MATCH "usage: store-state setup-fake-store " "$TESTSTOOLS"/store-state -h | MATCH "usage: store-state setup-fake-store " diff --git a/tests/main/system-usernames-snap-scoped/task.yaml b/tests/main/system-usernames-snap-scoped/task.yaml index cc3e46bf33d..4d2a673960f 100644 --- a/tests/main/system-usernames-snap-scoped/task.yaml +++ b/tests/main/system-usernames-snap-scoped/task.yaml @@ -28,12 +28,12 @@ environment: APPROVED_SNAP_NAME/azuredeviceupdate: deviceupdate-agent TESTED_USERS/azuredeviceupdate: snap_aziotdu -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false # install test snap dependencies before switching to fake store @@ -71,11 +71,6 @@ prepare: | "$TESTSTOOLS"/store-state make-snap-installable "$STORE_DIR" "${snap_path}" "$APPROVED_SNAP_ID" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - for user in $TESTED_USERS do userdel -f "$user" || userdel -f --extrausers "$user" || true @@ -87,14 +82,9 @@ restore: | "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Try to install a snap which is not entitled to use the user(s) under test" OUT=$(snap install "$UNAPPROVED_SNAP_NAME" 2>&1 || true) - echo "$OUT" | MATCH "snap \"$UNAPPROVED_SNAP_NAME\" is not allowed to use the system user \"(${TESTED_USERS// /|})\"" + echo "$OUT" | tr '\n' ' ' | tr -s ' ' | MATCH "snap \"$UNAPPROVED_SNAP_NAME\" is not allowed to use the system user \"(${TESTED_USERS// /|})\"" # Make sure no user(s) nor group(s) under test are created for user in $TESTED_USERS diff --git a/tests/main/systemd-creds/task.yaml b/tests/main/systemd-creds/task.yaml index 42d79f96067..dfe6f9e8da3 100644 --- a/tests/main/systemd-creds/task.yaml +++ b/tests/main/systemd-creds/task.yaml @@ -1,4 +1,5 @@ summary: verify access to systemd credentials + details: | Systemd has introduced a feature where services can be provisioned with credentials that are stored in manner safer than typical default and where said @@ -10,9 +11,11 @@ details: | This test shows how such credentials are provisioned and how they can be accessed. Note that credentials are only available to systemd services. + systems: - ubuntu-core-24-64 - ubuntu-24.04-64 + prepare: | mkdir /etc/systemd/system/snap.test-snapd-credentials.daemon.service.d tests.cleanup defer rm -rf /etc/systemd/system/snap.test-snapd-credentials.daemon.service.d @@ -22,6 +25,7 @@ prepare: | __CONF__ "$TESTSTOOLS"/snaps-state install-local test-snapd-credentials + execute: | MATCH '^CREDENTIALS_DIRECTORY=/run/credentials/snap.test-snapd-credentials.daemon.service$' +#include +#include +#include +#include +#include /* SYS_* constants */ +#include + +static int memfd_secret(unsigned int flags) { return syscall(SYS_memfd_secret, flags); } + +static void fd_close(int *fd) { + if (fd != NULL && *fd >= 0) { + close(*fd); + *fd = -1; + } +} + +int main(int argc, char *argv[]) { + if (argc != 2) { + fprintf(stderr, "usage: %s [secret|create]\n", argv[0]); + return 1; + } + + int fd __attribute__((cleanup(fd_close))) = -1; + if (strcmp(argv[1], "secret") == 0) { + fd = memfd_secret(0); + } else if (strcmp(argv[1], "create") == 0) { + fd = memfd_create("test", 0); + } else { + fprintf(stderr, "incorrect mode: '%s'\n", argv[1]); + return 1; + } + + if (fd < 0) { + perror("memfd"); + return 1; + } + + if (ftruncate(fd, 1024) != 0) { + perror("ftruncate failed"); + return 1; + } + + const char canary[] = "hello"; + size_t canary_len = strlen(canary); + + void *addr = mmap(NULL, canary_len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (addr == NULL) { + perror("map"); + return 1; + } + + fd_close(&fd); + + strncpy(addr, canary, canary_len); + + if (strcmp(addr, canary) != 0) { + fprintf(stderr, "unexpected data\n"); + return 1; + } + return 0; +} diff --git a/tests/main/template-memfd/task.yaml b/tests/main/template-memfd/task.yaml new file mode 100644 index 00000000000..e78bfb23d46 --- /dev/null +++ b/tests/main/template-memfd/task.yaml @@ -0,0 +1,44 @@ +summary: Verify access to memfd_create and memfd_secret + +details: | + Verify access to memfd_create and memfd_secret for snaps. + +systems: + # UC: cannot use gcc + - -ubuntu-core-* + # no support at all for either syscall + - -ubuntu-20.04-* + - -ubuntu-18.04-* + - -ubuntu-16.04-* + - -amazon-linux-2-* + +environment: + MODE/secret: "secret" + MODE/create: "create" + +skip: + - reason: "Unsupported by host kernel" + if: | + case "$MODE/$SPREAD_SYSTEM" in + secret/debian-12-*|secret/ubuntu-22.04-*|secret/centos-9-*|secret/opensuse-15.6-*) + # supports memfd_create, but not memfd_secret, fallthrough + ;& + secret/amazon-linux-2023-*) + # supports memfd_create, but not memfd_secret + exit 0 + ;; + *) + exit 1 + ;; + esac + +prepare: | + "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 + + gcc -o memfd -Wall -Wextra memfd.c + cp -v memfd /var/snap/test-snapd-sh-core24/common/ + +execute: | + # these should not fail, unless it's unsupported system call + # shellcheck disable=SC2016 + test-snapd-sh-core24.sh -c "\$SNAP_COMMON/memfd $MODE" diff --git a/tests/main/template-seccomp-pidfd-open/task.yaml b/tests/main/template-seccomp-pidfd-open/task.yaml new file mode 100644 index 00000000000..ff9e2a0707a --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/task.yaml @@ -0,0 +1,57 @@ +summary: Ensure that pidfd_open syscall is allowed by default seccomp profile + +details: | + The pidfd_open(2) system call allows obtaining a file descriptor that refers + to a process. This test verifies that the syscall is allowed by the default + seccomp profile for all snaps. + +systems: + # Exclude ubuntu-core systems as they don't have gcc + - -ubuntu-core-* + # Too old to support pidfd_open + - -ubuntu-16.04-* + - -ubuntu-18.04-* + - -centos-9-* + - -amazon-linux-2-* + - -amazon-linux-2023-* + +prepare: | + echo "Compile the test program on the host" + # Build the test binary statically, as it will be running inside a base with + # potentially older glibc. + mkdir -p test-snapd-pidfd-open/bin + gcc -Wall -Wextra -Werror test-pidfd-open.c -o test-snapd-pidfd-open/bin/test-pidfd-open -static + + echo "Create the snap package" + snap pack test-snapd-pidfd-open + + echo "Install the test snap" + snap install --dangerous test-snapd-pidfd-open_1.0_*.snap + +restore: | + snap remove --purge test-snapd-pidfd-open || true + rm -f test-snapd-pidfd-open_1.0_*.snap + +execute: | + echo "Test that pidfd_open is allowed from within the snap" + # The test program will: + # - Return 0 and print "success" if pidfd_open works + # - Return 0 and print "not supported" if kernel doesn't support it + # - Return 1 if it's blocked by seccomp + output=$(snap run test-snapd-pidfd-open 2>&1) + echo "$output" + + # Check that it's either successful or not supported by kernel, + # but not blocked by seccomp + if echo "$output" | grep -q "blocked"; then + echo "FAIL: pidfd_open was blocked by seccomp" + exit 1 + fi + + if echo "$output" | grep -qE "(success|not supported)"; then + echo "PASS: pidfd_open is allowed or not supported by kernel" + exit 0 + fi + + echo "FAIL: Unexpected output from test program" + exit 1 diff --git a/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c new file mode 100644 index 00000000000..74381be2b5e --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c @@ -0,0 +1,77 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include + +int main(void) { + pid_t pid; + int fd; + siginfo_t info; + + // Get our own PID + pid = getpid(); + printf("Testing pidfd_open with PID %d\n", pid); + + // Try to open a pidfd for our own process + fd = syscall(__NR_pidfd_open, pid, 0); + + if (fd == -1) { + if (errno == ENOSYS) { + printf("pidfd_open: not supported by kernel\n"); + return 0; + } else if (errno == EPERM || errno == EACCES) { + printf("pidfd_open: blocked (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } else { + printf("pidfd_open: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } + } + + printf("pidfd_open: success (fd=%d)\n", fd); + close(fd); + + // Now test opening pidfd for PID 1 and waitid + printf("\nTesting pidfd_open with PID 1\n"); + fd = syscall(__NR_pidfd_open, 1, 0); + + if (fd == -1) { + if (errno == ENOSYS) { + printf("pidfd_open: not supported by kernel\n"); + return 0; + } else if (errno == EPERM || errno == EACCES) { + printf("pidfd_open for PID 1: blocked (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } else { + printf("pidfd_open for PID 1: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } + } + + printf("pidfd_open for PID 1: success (fd=%d)\n", fd); + + // Try to waitid on PID 1 (should fail since it's not a child process) + printf("Attempting waitid on PID 1 (should fail since it's not a child)...\n"); + int ret = waitid(P_PIDFD, fd, &info, WEXITED); + + if (ret == -1) { + if (errno == ECHILD) { + printf("waitid: correctly failed with ECHILD (PID 1 is not a child process)\n"); + close(fd); + return 0; + } else { + printf("waitid: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + close(fd); + return 1; + } + } else { + printf("waitid: unexpectedly succeeded\n"); + close(fd); + return 1; + } +} diff --git a/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml b/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml new file mode 100644 index 00000000000..467b7ef8923 --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml @@ -0,0 +1,10 @@ +name: test-snapd-pidfd-open +version: 1.0 +summary: Test snap for pidfd_open syscall +description: | + This snap tests that the pidfd_open syscall is allowed by the default + seccomp profile. + +apps: + test-snapd-pidfd-open: + command: bin/test-pidfd-open diff --git a/tests/main/try/task.yaml b/tests/main/try/task.yaml index 725714d0dee..5a982020a94 100644 --- a/tests/main/try/task.yaml +++ b/tests/main/try/task.yaml @@ -15,21 +15,15 @@ environment: SERVICE_NAME: "test-service" prepare: | - tests.exec is-skipped && exit 0 - # shellcheck source=tests/lib/network.sh . "$TESTSLIB"/network.sh make_network_service "$SERVICE_NAME" "$PORT" restore: | - tests.exec is-skipped && exit 0 - systemctl stop "$SERVICE_NAME" rm -f "$READABLE_FILE" execute: | - tests.exec is-skipped && exit 0 - echo "Given a buildable snap in a known directory" echo "When try is executed on that directory" snap try "$TESTSLIB"/snaps/test-snapd-tools diff --git a/tests/main/uc20-create-partitions-encrypt/task.yaml b/tests/main/uc20-create-partitions-encrypt/task.yaml index 9e5d90b3afb..e3d69fe5d23 100644 --- a/tests/main/uc20-create-partitions-encrypt/task.yaml +++ b/tests/main/uc20-create-partitions-encrypt/task.yaml @@ -23,12 +23,11 @@ environment: SNAPD_DEBUG: "1" DISK_MAPPING_JSON: /run/mnt/ubuntu-data/system-data/var/lib/snapd/device/disk-mapping.json -prepare: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi +skip: + - reason: The test is designed for amd64 architecture + if: not os.query is-pc-amd64 +prepare: | echo "Create a fake block device image that looks like an image from u-i" truncate --size=5GB fake.img @@ -77,11 +76,6 @@ prepare: | unsquashfs -d gadget-dir pc_*.snap restore: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - for m in ubuntu-seed ubuntu-save ubuntu-data ubuntu-boot; do if mountpoint "/run/mnt/$m"; then umount "/run/mnt/$m" @@ -113,11 +107,6 @@ debug: | cat /proc/partitions execute: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - if os.query is-ubuntu-lt 22.04; then VERSION=20 elif os.query is-ubuntu-ge 22.04 && os.query is-ubuntu-lt 24.04; then diff --git a/tests/main/uc20-create-partitions-reinstall/task.yaml b/tests/main/uc20-create-partitions-reinstall/task.yaml index 1c7b3f87ef6..5e79c829586 100644 --- a/tests/main/uc20-create-partitions-reinstall/task.yaml +++ b/tests/main/uc20-create-partitions-reinstall/task.yaml @@ -16,12 +16,11 @@ systems: [ubuntu-2*] environment: SNAPD_DEBUG: "1" -prepare: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi +skip: + - reason: The test is designed for amd64 architecture + if: not os.query is-pc-amd64 +prepare: | echo "Create a fake block device image that looks like an image from u-i" truncate --size=20GB fake.img @@ -50,11 +49,6 @@ prepare: | unsquashfs -d gadget-dir pc_*.snap restore: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - for label in ubuntu-seed ubuntu-save ubuntu-data ubuntu-boot; do if mountpoint "/run/mnt/$label"; then umount "/run/mnt/$label" @@ -83,11 +77,6 @@ debug: | fi execute: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - LOOP="$(cat loop.txt)" # debug message to see if the udev database is correctly updated diff --git a/tests/main/uc20-create-partitions/task.yaml b/tests/main/uc20-create-partitions/task.yaml index 87013d05634..156394cf5ef 100644 --- a/tests/main/uc20-create-partitions/task.yaml +++ b/tests/main/uc20-create-partitions/task.yaml @@ -17,12 +17,11 @@ environment: SNAPD_DEBUG: "1" DISK_MAPPING_JSON: /run/mnt/ubuntu-data/system-data/var/lib/snapd/device/disk-mapping.json -prepare: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi +skip: + - reason: The test is designed for amd64 architecture + if: not os.query is-pc-amd64 +prepare: | echo "Create a fake block device image that looks like an image from u-i" truncate --size=5GB fake.img @@ -59,11 +58,6 @@ prepare: | unsquashfs -d gadget-dir pc_*.snap restore: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - for label in ubuntu-seed ubuntu-save ubuntu-data ubuntu-boot other-ext4; do if mountpoint "/run/mnt/$label"; then umount "/run/mnt/$label" @@ -96,11 +90,6 @@ debug: | fi execute: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi - channel=20 if os.query is-ubuntu-ge 22.04; then channel=22 diff --git a/tests/main/upgrade-from-release/task.yaml b/tests/main/upgrade-from-release/task.yaml index 2d61f05e917..bfd828b5c65 100644 --- a/tests/main/upgrade-from-release/task.yaml +++ b/tests/main/upgrade-from-release/task.yaml @@ -6,27 +6,21 @@ details: | systems: [ubuntu-1*-64, ubuntu-2*-64] -prepare: | - if os.query is-arm; then - tests.exec skip-test "there is no content for arm64 in repo http://archive.ubuntu.com/ubuntu (just amd64)" && exit 0 - elif os.query is-ubuntu 25.10; then - tests.exec skip-test "there is no updates content for daily images in repo http://archive.ubuntu.com/ubuntu" && exit 0 - fi +skip: + - reason: there is no content for arm64 in repo http://archive.ubuntu.com/ubuntu (just amd64) + if: os.query is-arm +prepare: | #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" distro_purge_package snapd restore: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" distro_install_build_snapd execute: | - tests.exec is-skipped && exit 0 - . /etc/os-release # trusty has no UBUNTU_CODENAME in /etc/os-release and we need to cheat # because snapd was not part of the original 14.04 release so we get @@ -47,9 +41,10 @@ execute: | apt update -qq fi + # TODO: add automatic package lookup - manual list maintenance is impractical declare -A EXPECTED_SNAPD_VERSIONS=( - ["26.04"]='2.73\+ubuntu26.04' - ["25.04"]='2.67.1\+25.04' + ["26.04"]='2.74\+ubuntu26.04' + ["25.10"]='2.73\+ubuntu25.10' ["24.04"]='2.62\+24.04' ["22.04"]='2.55.3\+22.04' ["20.04"]='2.44.3\+20.04' diff --git a/tests/main/user-session-env/task.yaml b/tests/main/user-session-env/task.yaml index 4a0cdb9c9d0..68baef60254 100644 --- a/tests/main/user-session-env/task.yaml +++ b/tests/main/user-session-env/task.yaml @@ -18,7 +18,6 @@ environment: TEST_FISH_USER: test-fish prepare: | - echo "Create a user with a different shell" useradd --create-home --user-group -s /usr/bin/zsh "$TEST_ZSH_USER" useradd --create-home --user-group -s /usr/bin/fish "$TEST_FISH_USER" diff --git a/tests/main/validate-container-happy/task.yaml b/tests/main/validate-container-happy/task.yaml index d9db6f96541..b706a792dea 100644 --- a/tests/main/validate-container-happy/task.yaml +++ b/tests/main/validate-container-happy/task.yaml @@ -10,10 +10,7 @@ details: | environment: SNAP: test-snapd-validate-container-happy -prepare: | - execute: | - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" # We shouldn't use relative symlinks in Github as they cannot be packed correctly. diff --git a/tests/main/writable-areas/task.yaml b/tests/main/writable-areas/task.yaml index 119a1b7d94e..e5c54ac9098 100644 --- a/tests/main/writable-areas/task.yaml +++ b/tests/main/writable-areas/task.yaml @@ -12,10 +12,12 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi snap pack data-writer SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$SNAP_REEXEC" = "1" ] && [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then @@ -26,8 +28,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - snap install --dangerous data-writer_1.0_all.snap echo "Apps can write to writable areas" diff --git a/tests/nested/core/core-revert/task.yaml b/tests/nested/core/core-revert/task.yaml index 8dcf208b9f0..bb2d86d5f59 100644 --- a/tests/nested/core/core-revert/task.yaml +++ b/tests/nested/core/core-revert/task.yaml @@ -15,6 +15,11 @@ kill-timeout: 30m environment: IMAGE_FILE: $SNAPD_WORK_DIR/images/ubuntu-core-new.img +skip: + - reason: This test needs to start from beta/candidate/stable channel + if: | + [ "$NESTED_BUILD_SNAPD_FROM_CURRENT" = "true" ] || [ "$NESTED_CORE_CHANNEL" = "$NESTED_CORE_REFRESH_CHANNEL" ] + debug: | systemctl stop nested-vm || true if [ -f "$IMAGE_FILE" ]; then @@ -33,11 +38,6 @@ debug: | fi execute: | - if [ "$NESTED_BUILD_SNAPD_FROM_CURRENT" = "true" ] || [ "$NESTED_CORE_CHANNEL" = "$NESTED_CORE_REFRESH_CHANNEL" ]; then - echo "This test need to start from beta/candidate/stable channel" - exit 0 - fi - echo "Refresh the core snap to $NESTED_CORE_REFRESH_CHANNEL channel" remote.exec "snap info core" | MATCH "tracking: +latest/${NESTED_CORE_CHANNEL}" remote.exec "sudo snap refresh --${NESTED_CORE_REFRESH_CHANNEL} core" || true diff --git a/tests/nested/manual/build-with-kernel-modules-components/task.yaml b/tests/nested/manual/build-with-kernel-modules-components/task.yaml index 17d5367ef3e..747439647b2 100644 --- a/tests/nested/manual/build-with-kernel-modules-components/task.yaml +++ b/tests/nested/manual/build-with-kernel-modules-components/task.yaml @@ -59,7 +59,7 @@ execute: | # check component from store has been early-installed check_efi_pstore # Additionally, check that modules loaded by systemd right after switch root could be loaded - lsmod | MATCH ip_tables + remote.exec lsmod | MATCH ahci # No mounts for unset versions are found mount | not MATCH efi-pstore_unset mount | not MATCH pc-kernel_unset @@ -69,7 +69,7 @@ execute: | remote.exec sudo reboot || true tests.nested wait-for reboot "$boot_id" check_efi_pstore - lsmod | MATCH ip_tables + remote.exec lsmod | MATCH ahci # remove kernel component remote.exec sudo snap remove pc-kernel+"$KMOD_COMP" diff --git a/tests/nested/manual/cmdline-option/task.yaml b/tests/nested/manual/cmdline-option/task.yaml index 50d25e4ac90..00c8dd45fa5 100644 --- a/tests/nested/manual/cmdline-option/task.yaml +++ b/tests/nested/manual/cmdline-option/task.yaml @@ -41,12 +41,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -113,11 +113,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -127,11 +122,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Waiting for the system to be seeded" remote.exec "sudo snap wait system seed.loaded" diff --git a/tests/nested/manual/component-recovery-system-offline/task.yaml b/tests/nested/manual/component-recovery-system-offline/task.yaml index 490a84b8fd6..03dc50501b4 100644 --- a/tests/nested/manual/component-recovery-system-offline/task.yaml +++ b/tests/nested/manual/component-recovery-system-offline/task.yaml @@ -25,12 +25,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap install test-snapd-swtpm --edge snap download test-snapd-curl --edge --basename=test-snapd-curl snap download core18 --basename=core18 diff --git a/tests/nested/manual/component-recovery-system/task.yaml b/tests/nested/manual/component-recovery-system/task.yaml index d659422b007..4f4dd0ebcd9 100644 --- a/tests/nested/manual/component-recovery-system/task.yaml +++ b/tests/nested/manual/component-recovery-system/task.yaml @@ -21,12 +21,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap install test-snapd-swtpm --edge "${TESTSTOOLS}/store-state" setup-fake-store "${NESTED_FAKESTORE_BLOB_DIR}" diff --git a/tests/nested/manual/core20-auto-remove-user/task.yaml b/tests/nested/manual/core20-auto-remove-user/task.yaml index 8497279be99..49c4c01fa3f 100644 --- a/tests/nested/manual/core20-auto-remove-user/task.yaml +++ b/tests/nested/manual/core20-auto-remove-user/task.yaml @@ -36,12 +36,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # set the expiration of the assert to 60 minutes, and replace the version # with the version we are testing VERSION="$(tests.nested show version)" @@ -114,21 +114,11 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" diff --git a/tests/nested/manual/core20-boot-config-update/task.yaml b/tests/nested/manual/core20-boot-config-update/task.yaml index 46aedeecb74..21c7ba277e1 100644 --- a/tests/nested/manual/core20-boot-config-update/task.yaml +++ b/tests/nested/manual/core20-boot-config-update/task.yaml @@ -15,12 +15,12 @@ environment: NESTED_ENABLE_TPM: true NESTED_ENABLE_SECURE_BOOT: true -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs a build of snapd with testing features enabled" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh build_snapd_snap . @@ -71,11 +71,6 @@ debug: | cat boot-chains-after.json || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs a build of snapd with testing features enabled" - exit - fi - remote.exec sudo cat /var/lib/snapd/device/fde/boot-chains > boot-chains-before.json SEALED_KEY_MTIME_1="$(remote.exec sudo stat --format="%Y" /run/mnt/ubuntu-boot/device/fde/ubuntu-data.sealed-key)" RESEAL_COUNT_1="$(gojq -r '.["reseal-count"]' < boot-chains-before.json )" diff --git a/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml b/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml index fbafea980eb..387b5f8671c 100644 --- a/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml +++ b/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml @@ -51,12 +51,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -145,11 +145,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" @@ -162,11 +157,6 @@ debug: | remote.exec "cloud-init status --long" || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" diff --git a/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml b/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml index 446e3317421..3a78e7faea7 100644 --- a/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml +++ b/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Setup the fake-store for ubuntu-image to use when creating our core image. # We immediately tear down the staging store, to make sure snapd is not pointed # towards this once we invoke ubuntu-image. @@ -110,22 +110,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 3 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-gadget-cloud-conf/task.yaml b/tests/nested/manual/core20-gadget-cloud-conf/task.yaml index cc9a2b9c667..d41dcb7dc98 100644 --- a/tests/nested/manual/core20-gadget-cloud-conf/task.yaml +++ b/tests/nested/manual/core20-gadget-cloud-conf/task.yaml @@ -49,12 +49,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # setup the fakestore, but don't use it for our snapd here on the host VM, so # tear down the staging_store immediately afterwards so that only the SAS is # running and our snapd is not pointed at it, ubuntu-image is the only thing @@ -108,11 +108,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -122,11 +117,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "The initial cloud-init user was created" remote.exec "cat /var/lib/extrausers/passwd" | MATCH normal-user diff --git a/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml b/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml index 6956db8c591..087d9044f1e 100644 --- a/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml +++ b/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml @@ -44,12 +44,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -104,11 +104,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -118,11 +113,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml b/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml index 3e6b6cfd734..2bd116e3e0b 100644 --- a/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml +++ b/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -106,11 +106,6 @@ prepare: | tests.nested create-vm core --param-cdrom "-cdrom $(pwd)/seed.iso" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -120,11 +115,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml b/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml index bacf7202e00..6c4589328a3 100644 --- a/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml +++ b/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Setup the fake-store for ubuntu-image to use when creating our core image. # We immediately tear down the staging store, to make sure snapd is not pointed # towards this once we invoke ubuntu-image. @@ -100,22 +100,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml b/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml index af58f2b0dce..735ffba34d7 100644 --- a/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml +++ b/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml @@ -40,12 +40,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # setup the fakestore, but don't use it for our snapd here on the host VM, so # tear down the staging_store immediately afterwards so that only the SAS is # running and our snapd is not pointed at it, ubuntu-image is the only thing @@ -112,22 +112,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 3 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-validation-sets/task.yaml b/tests/nested/manual/core20-validation-sets/task.yaml index 7b08c19c141..4887a60de64 100644 --- a/tests/nested/manual/core20-validation-sets/task.yaml +++ b/tests/nested/manual/core20-validation-sets/task.yaml @@ -21,12 +21,12 @@ environment: NESTED_FAKESTORE_BLOB_DIR: $(pwd)/fake-store-blobdir NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$NESTED_FAKESTORE_BLOB_DIR" add_official_snap_to_fakestore() { @@ -85,19 +85,9 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize system state change to be done, it's the change that # seeds the system, and it must complete correctly. Initialize device will fail due # to the serial assertion missing at this point diff --git a/tests/nested/manual/core22-basic/task.yaml b/tests/nested/manual/core22-basic/task.yaml index dfa87ec1548..3b0e19fdcd4 100644 --- a/tests/nested/manual/core22-basic/task.yaml +++ b/tests/nested/manual/core22-basic/task.yaml @@ -11,10 +11,12 @@ environment: EXPECT_TOKENS/tokens: true EXPECT_TOKENS/files: false +skip: + - reason: Tokens require UC 24.04 + if: | + os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ] + prepare: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - tests.exec skip-test "Tokens require UC 24.04" && exit 0 - fi tests.nested build-image core tests.nested create-vm core @@ -24,8 +26,6 @@ debug: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Wait for the system to be seeded first" remote.exec "sudo snap wait system seed.loaded" diff --git a/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml b/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml index 9be93a1cff0..fccfd4cbf54 100644 --- a/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml +++ b/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml @@ -21,12 +21,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" #shellcheck source=tests/lib/nested.sh diff --git a/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml b/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml index 202ad47c48c..1707ad03330 100644 --- a/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml +++ b/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml @@ -21,6 +21,11 @@ environment: KEY_DATABASE/kek: KEK KEY_DATABASE/pk: PK +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" @@ -29,11 +34,6 @@ prepare: | tests.pkgs install efitools - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" echo "Expose the needed assertions through the fakestore" diff --git a/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml b/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml index 0562e592020..77ed27b1681 100644 --- a/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml +++ b/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml @@ -22,11 +22,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # TODO: this setup for hybrid tests is repeated in other tests # check if it can be made into helper or extend setup_nested_hybrid_system.sh diff --git a/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml b/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml index 26b76729d6b..64081bf3132 100644 --- a/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml +++ b/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml @@ -26,12 +26,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" #shellcheck source=tests/lib/nested.sh diff --git a/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml b/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml index c736987eaf5..c6d65ac72f9 100644 --- a/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml +++ b/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml @@ -24,11 +24,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # TODO: this setup for hybrid tests is repeated in other tests # check if it can be made into helper or extend setup_nested_hybrid_system.sh diff --git a/tests/nested/manual/kernel-modules-components/task.yaml b/tests/nested/manual/kernel-modules-components/task.yaml index 5f2d9a51152..a7ffcf79465 100644 --- a/tests/nested/manual/kernel-modules-components/task.yaml +++ b/tests/nested/manual/kernel-modules-components/task.yaml @@ -7,8 +7,6 @@ systems: - -ubuntu-1* - -ubuntu-20* - -ubuntu-22* - # FIXME - - -ubuntu-26* environment: # Test both encrypted and unencrypted cases diff --git a/tests/nested/manual/muinstaller-core/task.yaml b/tests/nested/manual/muinstaller-core/task.yaml index d4aa1a60fff..2d3d24e5154 100644 --- a/tests/nested/manual/muinstaller-core/task.yaml +++ b/tests/nested/manual/muinstaller-core/task.yaml @@ -41,11 +41,10 @@ environment: INSTALL_OPTIONAL_ALL/install_optional_all: true INSTALL_OPTIONAL_EXPECT_ALL/install_optional_all: true -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] restore: | rm -rf pc-kernel.* pc.* initrd* linux* kernel* tmp* pc-gadget snap-with-comps.snap snap-with-comps+comp1.comp core-seed fake-disk.img diff --git a/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml b/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml index 66fb7d2b3a2..8549363ce9a 100644 --- a/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml +++ b/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml @@ -17,11 +17,12 @@ environment: # image IMAGE_MOUNTPOINT: /mnt/cloudimg +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | diff --git a/tests/nested/manual/muinstaller-real/task.yaml b/tests/nested/manual/muinstaller-real/task.yaml index e8cc8e0d7f9..534ec1c2696 100644 --- a/tests/nested/manual/muinstaller-real/task.yaml +++ b/tests/nested/manual/muinstaller-real/task.yaml @@ -3,9 +3,9 @@ summary: End-to-end test for install via muinstaller details: End-to-end test for install via muinstaller systems: - # FIXME: make it work on 26 - ubuntu-22* - ubuntu-24* + - ubuntu-26* environment: # No partial gadget by default @@ -39,11 +39,12 @@ environment: # image IMAGE_MOUNTPOINT: /mnt/cloudimg +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | @@ -153,7 +154,7 @@ execute: | # Make sure it was loaded early remote.exec systemctl show -p ExecMainStatus modprobe@efi_pstore.service | MATCH ExecMainStatus=0 # Additionally, check that modules loaded by systemd right after switch root could be loaded - remote.exec lsmod | MATCH ip_tables + remote.exec lsmod | MATCH ahci # Check that the kernel-modules component can be removed remote.exec sudo snap remove pc-kernel+efi-pstore fi @@ -177,13 +178,17 @@ execute: | remote.exec "sudo test -e /var/lib/snapd/device/fde/marker" remote.exec "sudo blkid /dev/disk/by-label/ubuntu-data-enc" | MATCH crypto_LUKS - echo "Ensure recovery keys are available on classic FDE too" - # We check for the key twice (see LP#2036631) - #shellcheck disable=SC2034 - for i in 1 2; do - remote.exec "sudo snap recovery --show-keys" > show-keys.out - MATCH 'recovery:\s+[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}' < show-keys.out - done + # 25.10+ systems are not permitted to use /v2/system-recovery-keys, it can only + # show the recovery key at the point where it gets created. + if os.query is_ubuntu_lt 25.10; then + echo "Ensure recovery keys are available on classic FDE too" + # We check for the key twice (see LP#2036631) + #shellcheck disable=SC2034 + for i in 1 2; do + remote.exec "sudo snap recovery --show-keys" > show-keys.out + MATCH 'recovery:\s+[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}' < show-keys.out + done + fi # check disk mappings # TODO: no ubuntu-save right now because: @@ -199,9 +204,21 @@ execute: | # check that on an already provisioned system the API will give a # sensible reason why the system cannot be installed without further # action. + if os.query is_ubuntu_ge 25.10; then + # satisfy preinstall check need for locating boot images + remote.exec "sudo mkdir -p /cdrom/EFI/boot/" + remote.exec "sudo touch /cdrom/EFI/boot/bootx64.efi" + remote.exec "sudo touch /cdrom/EFI/boot/grubx64.efi" + remote.exec "sudo mkdir -p /cdrom/casper" + remote.exec "sudo touch /cdrom/casper/vmlinuz" + fi remote.exec "sudo snap debug api /v2/systems/classic" > system gojq '.result."storage-encryption".support' < system | MATCH "unavailable" - gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: the TPM is in DA lockout mode" + if os.query is_ubuntu_ge 25.10; then + gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: error with TPM2 device: one or more of the TPM hierarchies is already owned" + else + gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: the TPM is in DA lockout mode" + fi fi if os.query is-ubuntu-ge 24.04; then diff --git a/tests/nested/manual/muinstaller/task.yaml b/tests/nested/manual/muinstaller/task.yaml index 741df34b5fd..6e6140685a4 100644 --- a/tests/nested/manual/muinstaller/task.yaml +++ b/tests/nested/manual/muinstaller/task.yaml @@ -6,7 +6,7 @@ details: | # this is a UC20+ specific test # TODO this currently fails on ubuntu-20.04-64 timing out -systems: [ubuntu-22.04-64, ubuntu-24.04-64] +systems: [ubuntu-22.04-64, ubuntu-24.04-64, ubuntu-26.04-64] environment: # nested test so that we can test encryted installs eventually @@ -21,11 +21,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Install used snaps" if [ -d /var/lib/snapd/seed ]; then mv /var/lib/snapd/seed /var/lib/snapd/seed.orig @@ -34,10 +35,6 @@ prepare: | restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/seed if [ -d /var/lib/snapd/seed.orig ]; then mv /var/lib/snapd/seed.orig /var/lib/snapd/seed @@ -46,11 +43,6 @@ restore: | rm -rf pc-kernel.* pc.* initrd* linux* kernel* tmp* pc-gadget pc muinstaller classic-seed fake-disk.img fdisk_output execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # XXX: the code in DeviceManager.SystemAndGadgetInfo() will only work on # classic systems with modeenv right now (which is something we may need # to fix to work from the classic installer). @@ -108,8 +100,16 @@ execute: | cp -a ./classic-seed/system-seed/ /var/lib/snapd/seed rm -rf classic-seed - # do some light checking that the system is valid + if os.query is_ubuntu_ge 25.10; then + # satisfy preinstall check need for locating boot images + mkdir -p /cdrom/EFI/boot/ + touch /cdrom/EFI/boot/bootx64.efi + touch /cdrom/EFI/boot/grubx64.efi + mkdir -p /cdrom/casper + touch /cdrom/casper/vmlinuz + fi + snap debug api /v2/systems | gojq '.result.systems[0].label' | MATCH "$LABEL" snap debug api "/v2/systems/$LABEL" > system gojq '.result.model.distribution' system | MATCH "ubuntu" diff --git a/tests/nested/manual/optee-fde/task.yaml b/tests/nested/manual/optee-fde/task.yaml index 0eda1421566..fb7aa03b863 100644 --- a/tests/nested/manual/optee-fde/task.yaml +++ b/tests/nested/manual/optee-fde/task.yaml @@ -23,12 +23,12 @@ environment: KEY_PROTECTOR/optee: "optee" KEY_PROTECTOR/hooks: "fde-setup-hook" -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | kernel_name="" kernel_revision="" gadget_name="" diff --git a/tests/nested/manual/preseed/task.yaml b/tests/nested/manual/preseed/task.yaml index 6e5d459b027..36eb177c456 100644 --- a/tests/nested/manual/preseed/task.yaml +++ b/tests/nested/manual/preseed/task.yaml @@ -112,11 +112,8 @@ execute: | remote.exec "snap debug seeding" | MATCH "preseeded:\s+true" remote.exec "snap debug seeding" | MATCH "seeded:\s+true" - # FIXME: this just checks that the time is of the form "xxx.xxxs", which could - # break if the preseeding takes more than 60s and golang formats the - # time.Duration as "1m2.03s", etc. but for now this should be good enough - remote.exec "snap debug seeding" | MATCH "image-preseeding:\s+[0-9]+\.[0-9]+s" - remote.exec "snap debug seeding" | MATCH "seed-completion:\s+[0-9]+\.[0-9]+s" + remote.exec "snap debug seeding" | MATCH "image-preseeding:\s+([0-9]+m)?[0-9]+\.[0-9]+s" + remote.exec "snap debug seeding" | MATCH "seed-completion:\s+([0-9]+m)?[0-9]+\.[0-9]+s" # there is no longer any seeded snaps in base or minimal cloud images # in noble, skip lxd checks for noble diff --git a/tests/nested/manual/recovery-system-reboot/task.yaml b/tests/nested/manual/recovery-system-reboot/task.yaml index 496e6ee326a..1417bb4ed2f 100644 --- a/tests/nested/manual/recovery-system-reboot/task.yaml +++ b/tests/nested/manual/recovery-system-reboot/task.yaml @@ -28,12 +28,12 @@ environment: NESTED_ENABLE_SECURE_BOOT/install: false NESTED_ENABLE_TPM/install: false -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/refresh-revert-fundamentals/task.yaml b/tests/nested/manual/refresh-revert-fundamentals/task.yaml index d4e792941e4..0b591d0f8d0 100644 --- a/tests/nested/manual/refresh-revert-fundamentals/task.yaml +++ b/tests/nested/manual/refresh-revert-fundamentals/task.yaml @@ -26,16 +26,14 @@ environment: SNAP/base: core20 TRACK/base: latest -prepare: | - FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" - TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" - - if [ "$FROM_REV" = "$TO_REV" ]; then - echo "Initial and target revisions are the same, skipping..." - touch skip.test - exit - fi +skip: + - reason: Initial and target revisions are the same + if: | + FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" + TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" + [ "$FROM_REV" = "$TO_REV" ] +prepare: | tests.nested build-image core tests.nested create-vm core @@ -43,10 +41,6 @@ debug: | remote.exec "snap changes" || true execute: | - if [ -f skip.test ]; then - exit - fi - FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" diff --git a/tests/nested/manual/remodel-to-installed-kernel/task.yaml b/tests/nested/manual/remodel-to-installed-kernel/task.yaml index c6eeb121357..f099ab41a4d 100644 --- a/tests/nested/manual/remodel-to-installed-kernel/task.yaml +++ b/tests/nested/manual/remodel-to-installed-kernel/task.yaml @@ -34,12 +34,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/remodel-with-components-offline/task.yaml b/tests/nested/manual/remodel-with-components-offline/task.yaml index 7c050c45a0f..cd531988983 100644 --- a/tests/nested/manual/remodel-with-components-offline/task.yaml +++ b/tests/nested/manual/remodel-with-components-offline/task.yaml @@ -10,8 +10,6 @@ systems: - -ubuntu-1* - -ubuntu-20* - -ubuntu-22* - # FIXME - - -ubuntu-26* environment: INITIAL_MODEL_JSON: $TESTSLIB/assertions/test-snapd-component-remodel-initial-pc-VERSION.json @@ -27,12 +25,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge @@ -86,9 +84,17 @@ execute: | kernel_id='pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza' + # include declaration extras for driver slots + extra_decl_args="" + if [ "$(tests.nested show version)" -ge 26 ]; then + extra_decl_args="--extra-decl-json $TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + # bump the available kernel version in the fake store + #shellcheck disable=SC2086 "${TESTSTOOLS}"/store-state make-snap-installable --noack \ --revision 2 \ + $extra_decl_args \ "${NESTED_FAKESTORE_BLOB_DIR}" \ ./pc-kernel-with-comps.snap \ "${kernel_id}" diff --git a/tests/nested/manual/remodel-with-components/task.yaml b/tests/nested/manual/remodel-with-components/task.yaml index 127f6bea5b4..0f8739d6876 100644 --- a/tests/nested/manual/remodel-with-components/task.yaml +++ b/tests/nested/manual/remodel-with-components/task.yaml @@ -8,8 +8,8 @@ details: | validates that the newly created system can be rebooted into. systems: - # FIXME: make it work on 26 - ubuntu-24* + - ubuntu-26* environment: INITIAL_MODEL_JSON: $TESTSLIB/assertions/test-snapd-component-remodel-initial-pc-VERSION.json @@ -25,12 +25,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge @@ -84,9 +84,17 @@ execute: | kernel_id='pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza' + # include declaration extras for driver slots + extra_decl_args="" + if [ "$(tests.nested show version)" -ge 26 ]; then + extra_decl_args="--extra-decl-json $TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + # bump the available kernel version in the fake store + #shellcheck disable=SC2086 "${TESTSTOOLS}"/store-state make-snap-installable --noack \ --revision 2 \ + $extra_decl_args \ "${NESTED_FAKESTORE_BLOB_DIR}" \ ./pc-kernel-with-comps.snap \ "${kernel_id}" diff --git a/tests/nested/manual/seeding-failure/task.yaml b/tests/nested/manual/seeding-failure/task.yaml index 94d4618c5a9..f3a94770761 100644 --- a/tests/nested/manual/seeding-failure/task.yaml +++ b/tests/nested/manual/seeding-failure/task.yaml @@ -30,12 +30,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "${TRUST_TEST_KEYS}" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge @@ -79,13 +79,10 @@ prepare: | tests.nested build-image core restore: | - tests.exec is-skipped && exit 0 systemctl stop fakedevicesvc || true "${TESTSTOOLS}/store-state" teardown-fake-store "${NESTED_FAKESTORE_BLOB_DIR}" execute: | - tests.exec is-skipped && exit 0 - # this setup is required since "create-vm core" can't fully complete, due to # seeding failing on the first try export NESTED_EXPECT_SHUTDOWN=1 diff --git a/tests/nested/manual/split-refresh/task.yaml b/tests/nested/manual/split-refresh/task.yaml index 6dcd44e73ba..f328cc7213b 100644 --- a/tests/nested/manual/split-refresh/task.yaml +++ b/tests/nested/manual/split-refresh/task.yaml @@ -18,21 +18,18 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi if [ -d /var/lib/snapd/seed ]; then mv /var/lib/snapd/seed /var/lib/snapd/seed.orig fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/seed if [ -d /var/lib/snapd/seed.orig ]; then mv /var/lib/snapd/seed.orig /var/lib/snapd/seed @@ -48,11 +45,6 @@ debug: | fi execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/nested/manual/uc20-fde-hooks/task.yaml b/tests/nested/manual/uc20-fde-hooks/task.yaml index a2e2036c20d..7aed30d4e06 100644 --- a/tests/nested/manual/uc20-fde-hooks/task.yaml +++ b/tests/nested/manual/uc20-fde-hooks/task.yaml @@ -17,12 +17,12 @@ environment: EXPECT_TOKENS/tokens: true EXPECT_TOKENS/files: false -prepare: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - # SKIP - exit 0 - fi +skip: + - reason: Tokens are expected but ubuntu is lt 24.04 + if: | + os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ] +prepare: | echo "Build a kernel snap with the fde-setup hook" # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" @@ -40,11 +40,6 @@ prepare: | tests.nested create-vm core execute: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - # SKIP - exit 0 - fi - echo "Check that we have an encrypted system" remote.exec "find /dev/mapper" | MATCH ubuntu-data-[0-9a-f-]+ diff --git a/tests/nested/manual/uc20-storage-safety/task.yaml b/tests/nested/manual/uc20-storage-safety/task.yaml index 74755f47d4f..c29a1334da2 100644 --- a/tests/nested/manual/uc20-storage-safety/task.yaml +++ b/tests/nested/manual/uc20-storage-safety/task.yaml @@ -17,12 +17,12 @@ environment: NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 NESTED_FAKESTORE_BLOB_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # setup the fakestore, but don't use it for our snapd here on the # host VM, so tear down the staging_store immediately afterwards # so that only the SAS is running and our snapd is not pointed at @@ -40,19 +40,9 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Verify that no fde keys are generated" remote.exec "test ! -d /var/lib/snapd/device/fde" diff --git a/tests/smoke/find-info/task.yaml b/tests/smoke/find-info/task.yaml index 98181a0f3db..b9a55420d2e 100644 --- a/tests/smoke/find-info/task.yaml +++ b/tests/smoke/find-info/task.yaml @@ -6,8 +6,6 @@ details: | display detailed information about it by using the "snap info" command. execute: | - tests.exec is-skipped && exit 0 - echo "Ensure 'snap find' works" snap find test-snapd-tools | MATCH ^test-snapd-tools diff --git a/tests/smoke/install/task.yaml b/tests/smoke/install/task.yaml index e2f24f0a834..ea11da28ff2 100644 --- a/tests/smoke/install/task.yaml +++ b/tests/smoke/install/task.yaml @@ -10,8 +10,6 @@ details: | snaps: core, core18, core20 and core22. restore: | - tests.exec is-skipped && exit 0 - rm -f /home/test/stderr.log rm -f /home/test/stdout.log # required! in autopkgtest no suite restore is run at all @@ -21,16 +19,12 @@ restore: | done debug: | - tests.exec is-skipped && exit 0 - if test -e stderr.log; then echo "content of stderr.log" cat stderr.log fi execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/systems.sh . "$TESTSLIB"/systems.sh diff --git a/tests/smoke/remove/task.yaml b/tests/smoke/remove/task.yaml index 9498fa38c5e..af870c607d5 100644 --- a/tests/smoke/remove/task.yaml +++ b/tests/smoke/remove/task.yaml @@ -7,8 +7,6 @@ details: | removal no leftovers remain in the mounting area. execute: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" diff --git a/tests/smoke/sandbox/task.yaml b/tests/smoke/sandbox/task.yaml index dc6110b6dcb..6652043d596 100644 --- a/tests/smoke/sandbox/task.yaml +++ b/tests/smoke/sandbox/task.yaml @@ -8,6 +8,11 @@ details: | works for both the main architecture, and for the 32-bit sub-architecture if the CPU supports one. +skip: + - reason: No sandboxing in the system + if: | + [ "$(snap debug confinement)" != "strict" ] && not os.query is-ubuntu + prepare: | if tests.session has-session-systemd-and-dbus; then tests.session -u test prepare @@ -15,23 +20,17 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - rm -f /home/test/foo # required! in autopkgtest no suite restore is run at all snap remove --purge test-snapd-sandbox snap remove --purge test-snapd-hello-multi-arch execute: | - tests.exec is-skipped && exit 0 - if [ "$(snap debug confinement)" != "strict" ]; then if os.query is-ubuntu; then echo "all ubuntu systems must have strict confinement" exit 1 fi - echo "SKIP: no sandboxing" - exit 0 fi "$TESTSTOOLS"/snaps-state install-local test-snapd-sandbox diff --git a/tests/upgrade/basic/task.yaml b/tests/upgrade/basic/task.yaml index bd3325bcb39..7b5d4f2897f 100644 --- a/tests/upgrade/basic/task.yaml +++ b/tests/upgrade/basic/task.yaml @@ -14,11 +14,12 @@ environment: # downloading the core snap triggers OOM occasionally SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: This test doesn't work with the staging store + if: | + [ "$REMOTE_STORE" = staging ] + restore: | - if [ "$REMOTE_STORE" = staging ]; then - echo "skip upgrade tests while talking to the staging store" - exit 0 - fi rm -f /var/tmp/myevil.txt # An older version of snapd might have been missing proper context @@ -33,10 +34,6 @@ restore: | esac execute: | - if [ "$REMOTE_STORE" = staging ]; then - echo "skip upgrade tests while talking to the staging store" - exit 0 - fi #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" @@ -51,7 +48,7 @@ execute: | esac echo "Install previous snapd version from the store" - distro_install_package snap-confine snapd + distro_install_package snapd case "$SPREAD_SYSTEM" in arch-*|centos-*) @@ -111,8 +108,8 @@ execute: | if os.query is-arch-linux; then # Arch's pacman is a bit funky here, the command that's run is: # pacman -U --noconfirm --force /home/gopath/snapd-*.pkg.tar.xz - # The official repo package contains snapd and snap-confine. The local test package - # conflicts with snap-confine, thus pacman will ask to remove snap-confine, displaying + # The official repo package contains snapd and snap-confine (up to snapd < 2.74). The local + # test package conflicts with snap-confine, thus pacman will ask to remove snap-confine, displaying # a question, but at the same time it completely ignores --noconfirm and aborts the upgrade. # As a workaround, drop --noconfirm and pass 'y' to all the questions. yes | pacman -U "$GOHOME"/snap*."$pkg_extension" diff --git a/tests/upgrade/selinux-relabel/task.yaml b/tests/upgrade/selinux-relabel/task.yaml index f0493fce67e..94cb7d35b98 100644 --- a/tests/upgrade/selinux-relabel/task.yaml +++ b/tests/upgrade/selinux-relabel/task.yaml @@ -10,12 +10,13 @@ systems: - fedora-* - centos-* -execute: | - # TODO: remove this when snapd and snap-confine are uploaded to CentOS Stream 9 repo - if os.query is-centos 9; then - exit 0 - fi +skip: + - reason: Snapd and snap-confine are not upoloaded to CentOS Stream 9 repo yet + if: | + # TODO: remove this when snapd and snap-confine are uploaded to CentOS Stream 9 repo + os.query is-centos 9 +execute: | # only runs on distros with SELinux enabled selinuxenabled diff --git a/tests/upgrade/snapd-xdg-open/task.yaml b/tests/upgrade/snapd-xdg-open/task.yaml index 8fc8205301e..9933bb08682 100644 --- a/tests/upgrade/snapd-xdg-open/task.yaml +++ b/tests/upgrade/snapd-xdg-open/task.yaml @@ -9,12 +9,6 @@ details: | systems: [-ubuntu-core-*, -debian-*, -ubuntu-14.04-*, -fedora-*, -arch-*, -amazon-*, -centos-*] -restore: | - if [ "$REMOTE_STORE" = staging ]; then - echo "skip upgrade tests while talking to the staging store" - exit 0 - fi - execute: | #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" diff --git a/tests/upgrade/sudoers-conffile-removal/task.yaml b/tests/upgrade/sudoers-conffile-removal/task.yaml index 127e632c562..5dc499d2ae1 100644 --- a/tests/upgrade/sudoers-conffile-removal/task.yaml +++ b/tests/upgrade/sudoers-conffile-removal/task.yaml @@ -9,12 +9,11 @@ details: | systems: [ubuntu-2*] -execute: | - if not os.query is-pc-amd64; then - echo "test designed for amd64 architecture, exiting..." - exit - fi +skip: + - reason: This test is just designed for amd64 architecture + if: not os.query is-pc-amd64 +execute: | echo "download snapd 2.45.1" wget -q https://launchpad.net/ubuntu/+source/snapd/2.45.1/+build/19499801/+files/snapd_2.45.1_amd64.deb apt install -y --allow-downgrades ./snapd_2.45*_amd64.deb diff --git a/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml b/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml index cf069f25757..358ac688db3 100644 --- a/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml +++ b/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml @@ -5,7 +5,7 @@ details: | using the desired image, kernel and initrd, and then run the build-spread task which builds snapd snap on the target system. -kill-timeout: 120m +kill-timeout: 180m environment: VERSION/jammy: 22.04 @@ -86,7 +86,7 @@ prepare: | tests.systemd wait-for-service -n 15 --wait 2 --state active "$SERVICE_NAME" # Wait until the nested vm is accessible through ssh (50 retries with 10 sec wait) - tests.nested wait-for ssh 50 10 + tests.nested wait-for ssh 100 10 restore: | systemctl stop "$SERVICE_NAME" || true diff --git a/tests/utils/cross-build/suite/build-snapd/task.yaml b/tests/utils/cross-build/suite/build-snapd/task.yaml index 5dcc17f0d84..e13abcb2b61 100644 --- a/tests/utils/cross-build/suite/build-snapd/task.yaml +++ b/tests/utils/cross-build/suite/build-snapd/task.yaml @@ -5,7 +5,7 @@ details: | systems: [ubuntu-*] -kill-timeout: 100m +kill-timeout: 150m prepare: | # make sure snapd snap is refreshed