From 03405fe4b393542df5399cc7b1d5025118a08a5e Mon Sep 17 00:00:00 2001 From: Katie May Date: Tue, 20 Jan 2026 13:23:31 +0100 Subject: [PATCH 01/41] tests: update preseed-reset to account for new logic leaving snap dir intact (#16460) --- tests/main/preseed-reset/task.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/main/preseed-reset/task.yaml b/tests/main/preseed-reset/task.yaml index 4420997c3c7..6c260c099c1 100644 --- a/tests/main/preseed-reset/task.yaml +++ b/tests/main/preseed-reset/task.yaml @@ -62,8 +62,9 @@ execute: | find_files > after-reset.txt diff before-preseeding.txt after-reset.txt - if [ -d "$IMAGE_MOUNTPOINT/snap" ]; then - echo "$IMAGE_MOUNTPOINT/snap shouldn't exist" + # Check that the dirs are cleaned up by checking one + if [ -d "$IMAGE_MOUNTPOINT/snap" ] && [ -n "$(ls -A "$IMAGE_MOUNTPOINT"/snap)" ]; then + echo "$IMAGE_MOUNTPOINT/snap shouldn't exist or should be empty" exit 1 fi From 326b86f827a87697af4a7434801a3a5171e350a0 Mon Sep 17 00:00:00 2001 From: Katie May Date: Wed, 21 Jan 2026 17:39:40 +0100 Subject: [PATCH 02/41] tests: remove setuid on snap-confine in snap-confine-from-core (#16464) --- tests/main/snap-confine-from-core/task.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/tests/main/snap-confine-from-core/task.yaml b/tests/main/snap-confine-from-core/task.yaml index dd09bbddee3..12c0ec28685 100644 --- a/tests/main/snap-confine-from-core/task.yaml +++ b/tests/main/snap-confine-from-core/task.yaml @@ -9,22 +9,20 @@ details: | # Disable for Fedora, openSUSE, Arch and Amazon Linux 2 as re-exec is not support there yet systems: [-ubuntu-core-*, -fedora-*, -opensuse-*, -arch-*, -amazon-*, -centos-*] +skip: + - if: | + [ "$SNAP_REEXEC" = "0" ] + reason: "This tests re-exec functionality and is skipped if re-exec is disabled" + prepare: | echo "Installing test-snapd-sh" snap install test-snapd-sh echo "Breaking host snap-confine" - chmod 0755 /usr/lib/snapd/snap-confine - -restore: | - echo "Restoring host snap-confine" - chmod 4755 /usr/lib/snapd/snap-confine + mv /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine.bak + cp "$(which false)" /usr/lib/snapd/snap-confine + tests.cleanup defer mv /usr/lib/snapd/snap-confine.bak /usr/lib/snapd/snap-confine execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - echo "skipping test when SNAP_REEXEC is disabled" - exit 0 - fi - echo "Ensure we re-exec by default" # It is not possible to check by using journal-state tools because the # reexec "DEBUG: restarting into" line appears before the snapd state is From 823496103e82f4cb4ab6499c5d3bb2c5a2f0c36d Mon Sep 17 00:00:00 2001 From: Katie May Date: Thu, 22 Jan 2026 13:56:04 +0100 Subject: [PATCH 03/41] tests: use type instead of which when copying false over snap-confine (#16474) --- tests/main/snap-confine-from-core/task.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/main/snap-confine-from-core/task.yaml b/tests/main/snap-confine-from-core/task.yaml index 12c0ec28685..3f5963b3dd6 100644 --- a/tests/main/snap-confine-from-core/task.yaml +++ b/tests/main/snap-confine-from-core/task.yaml @@ -19,7 +19,7 @@ prepare: | snap install test-snapd-sh echo "Breaking host snap-confine" mv /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine.bak - cp "$(which false)" /usr/lib/snapd/snap-confine + cp "$(type -P false)" /usr/lib/snapd/snap-confine tests.cleanup defer mv /usr/lib/snapd/snap-confine.bak /usr/lib/snapd/snap-confine execute: | From 4b166cb1612c57e6b93494a77f4c09f6df883012 Mon Sep 17 00:00:00 2001 From: Ernest Lotter Date: Fri, 23 Jan 2026 18:35:16 +0200 Subject: [PATCH 04/41] test: fix muinstaller-real (#16447) --- tests/lib/tools/build_kernel_with_comps.sh | 5 +-- .../task.yaml | 4 +-- .../nested/manual/muinstaller-real/task.yaml | 36 +++++++++++++------ 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/tests/lib/tools/build_kernel_with_comps.sh b/tests/lib/tools/build_kernel_with_comps.sh index 99c13b4d19f..d952d7bf97e 100755 --- a/tests/lib/tools/build_kernel_with_comps.sh +++ b/tests/lib/tools/build_kernel_with_comps.sh @@ -40,11 +40,12 @@ EOF # Replace _ or - with [_-], as it can be any of these glob_mod_name=$(printf '%s' "$mod_name" | sed -r 's/[-_]/[-_]/g') module_path=$(find kernel -name "${glob_mod_name}.ko*") - cp "$module_path" "$comp_ko_dir" + mapfile -t module_path <<< "$module_path" + cp --update=none "${module_path[@]}" "$comp_ko_dir" snap pack --filename="${kernel_name}+${comp_name}".comp "$comp_name" # Create kernel without the kernel module - rm "$module_path" + rm "${module_path[@]}" # depmod wants a lib subdir mkdir -p kernel/lib ln -s ../modules kernel/lib/modules diff --git a/tests/nested/manual/build-with-kernel-modules-components/task.yaml b/tests/nested/manual/build-with-kernel-modules-components/task.yaml index 17d5367ef3e..aa137066e59 100644 --- a/tests/nested/manual/build-with-kernel-modules-components/task.yaml +++ b/tests/nested/manual/build-with-kernel-modules-components/task.yaml @@ -59,7 +59,7 @@ execute: | # check component from store has been early-installed check_efi_pstore # Additionally, check that modules loaded by systemd right after switch root could be loaded - lsmod | MATCH ip_tables + lsmod | MATCH ahci # No mounts for unset versions are found mount | not MATCH efi-pstore_unset mount | not MATCH pc-kernel_unset @@ -69,7 +69,7 @@ execute: | remote.exec sudo reboot || true tests.nested wait-for reboot "$boot_id" check_efi_pstore - lsmod | MATCH ip_tables + lsmod | MATCH ahci # remove kernel component remote.exec sudo snap remove pc-kernel+"$KMOD_COMP" diff --git a/tests/nested/manual/muinstaller-real/task.yaml b/tests/nested/manual/muinstaller-real/task.yaml index e8cc8e0d7f9..96f1dada110 100644 --- a/tests/nested/manual/muinstaller-real/task.yaml +++ b/tests/nested/manual/muinstaller-real/task.yaml @@ -3,9 +3,9 @@ summary: End-to-end test for install via muinstaller details: End-to-end test for install via muinstaller systems: - # FIXME: make it work on 26 - ubuntu-22* - ubuntu-24* + - ubuntu-26* environment: # No partial gadget by default @@ -153,7 +153,7 @@ execute: | # Make sure it was loaded early remote.exec systemctl show -p ExecMainStatus modprobe@efi_pstore.service | MATCH ExecMainStatus=0 # Additionally, check that modules loaded by systemd right after switch root could be loaded - remote.exec lsmod | MATCH ip_tables + remote.exec lsmod | MATCH ahci # Check that the kernel-modules component can be removed remote.exec sudo snap remove pc-kernel+efi-pstore fi @@ -177,13 +177,17 @@ execute: | remote.exec "sudo test -e /var/lib/snapd/device/fde/marker" remote.exec "sudo blkid /dev/disk/by-label/ubuntu-data-enc" | MATCH crypto_LUKS - echo "Ensure recovery keys are available on classic FDE too" - # We check for the key twice (see LP#2036631) - #shellcheck disable=SC2034 - for i in 1 2; do - remote.exec "sudo snap recovery --show-keys" > show-keys.out - MATCH 'recovery:\s+[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}' < show-keys.out - done + # 25.10+ systems are not permitted to use /v2/system-recovery-keys, it can only + # show the recovery key at the point where it gets created. + if os.query is_ubuntu_lt 25.10; then + echo "Ensure recovery keys are available on classic FDE too" + # We check for the key twice (see LP#2036631) + #shellcheck disable=SC2034 + for i in 1 2; do + remote.exec "sudo snap recovery --show-keys" > show-keys.out + MATCH 'recovery:\s+[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}-[0-9]{5}' < show-keys.out + done + fi # check disk mappings # TODO: no ubuntu-save right now because: @@ -199,9 +203,21 @@ execute: | # check that on an already provisioned system the API will give a # sensible reason why the system cannot be installed without further # action. + if os.query is_ubuntu_ge 25.10; then + # satisfy preinstall check need for locating boot images + remote.exec "sudo mkdir -p /cdrom/EFI/boot/" + remote.exec "sudo touch /cdrom/EFI/boot/bootx64.efi" + remote.exec "sudo touch /cdrom/EFI/boot/grubx64.efi" + remote.exec "sudo mkdir -p /cdrom/casper" + remote.exec "sudo touch /cdrom/casper/vmlinuz" + fi remote.exec "sudo snap debug api /v2/systems/classic" > system gojq '.result."storage-encryption".support' < system | MATCH "unavailable" - gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: the TPM is in DA lockout mode" + if os.query is_ubuntu_ge 25.10; then + gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: error with TPM2 device: one or more of the TPM hierarchies is already owned" + else + gojq '.result."storage-encryption"."unavailable-reason"' < system | MATCH "not encrypting device storage as checking TPM gave: the TPM is in DA lockout mode" + fi fi if os.query is-ubuntu-ge 24.04; then From 451cee9071ee886ab0a3c6966feb651ac0fce6fc Mon Sep 17 00:00:00 2001 From: Ernest Lotter Date: Fri, 23 Jan 2026 20:40:53 +0200 Subject: [PATCH 05/41] tests/nested/manual: correct matching seeding time past a minute (#16485) --- tests/nested/manual/preseed/task.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/nested/manual/preseed/task.yaml b/tests/nested/manual/preseed/task.yaml index 6e5d459b027..36eb177c456 100644 --- a/tests/nested/manual/preseed/task.yaml +++ b/tests/nested/manual/preseed/task.yaml @@ -112,11 +112,8 @@ execute: | remote.exec "snap debug seeding" | MATCH "preseeded:\s+true" remote.exec "snap debug seeding" | MATCH "seeded:\s+true" - # FIXME: this just checks that the time is of the form "xxx.xxxs", which could - # break if the preseeding takes more than 60s and golang formats the - # time.Duration as "1m2.03s", etc. but for now this should be good enough - remote.exec "snap debug seeding" | MATCH "image-preseeding:\s+[0-9]+\.[0-9]+s" - remote.exec "snap debug seeding" | MATCH "seed-completion:\s+[0-9]+\.[0-9]+s" + remote.exec "snap debug seeding" | MATCH "image-preseeding:\s+([0-9]+m)?[0-9]+\.[0-9]+s" + remote.exec "snap debug seeding" | MATCH "seed-completion:\s+([0-9]+m)?[0-9]+\.[0-9]+s" # there is no longer any seeded snaps in base or minimal cloud images # in noble, skip lxd checks for noble From c2c1bd6a743b9d83189257ada06e841a6c460f1a Mon Sep 17 00:00:00 2001 From: Katie May Date: Mon, 26 Jan 2026 18:48:15 +0100 Subject: [PATCH 06/41] spread: use 16GB for focal on google (#16496) --- spread.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spread.yaml b/spread.yaml index 69fdacbc0df..9b8822ef628 100644 --- a/spread.yaml +++ b/spread.yaml @@ -153,10 +153,11 @@ backends: workers: 8 - ubuntu-20.04-64: image: ubuntu-2004-64 - storage: 15G + storage: 16G workers: 8 - ubuntu-secboot-20.04-64: image: ubuntu-2004-64 + storage: 16G workers: 1 secure-boot: true - ubuntu-22.04-64: From abef03d4cf24747d9cff462ab441a18de2a585a7 Mon Sep 17 00:00:00 2001 From: Katie May Date: Tue, 27 Jan 2026 08:46:35 +0100 Subject: [PATCH 07/41] github, tests: get store creds tests running on master (#16481) * github: add store user and password secrets to workflow * tests: add skip conditions to spread tasks and correct env variable name * github: add secrets inheritance to scheduled workflows --- .github/workflows/ci-test.yaml | 4 ++++ .github/workflows/nightly-spread.yaml | 8 ++++++++ .github/workflows/spread-tests.yaml | 2 ++ .github/workflows/weekly-feature-tagging.yaml | 3 +++ .github/workflows/weekly-state-locks.yaml | 1 + tests/main/auto-refresh-private/task.yaml | 2 +- tests/main/download-private/task.yaml | 7 +++++++ tests/main/install-refresh-private/task.yaml | 5 +++++ 8 files changed, 31 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml index 9a4c964c66f..3f62e5db233 100644 --- a/.github/workflows/ci-test.yaml +++ b/.github/workflows/ci-test.yaml @@ -539,6 +539,7 @@ jobs: needs: [unit-tests, unit-tests-c, snap-builds, read-systems] if: contains(needs.read-systems.outputs.fundamental-systems, 'systems') name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -578,6 +579,7 @@ jobs: # only after the fundamental systems job succeeds. needs: [unit-tests, unit-tests-c, snap-builds, read-systems, spread-fundamental] name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -612,6 +614,7 @@ jobs: # on the fundamental systems job's success before running this job. needs: [unit-tests, unit-tests-c, snap-builds, read-systems] name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -638,6 +641,7 @@ jobs: needs: [unit-tests, unit-tests-c, snap-builds, read-systems] if: contains(needs.read-systems.outputs.nested-systems, 'systems') name: "spread ${{ matrix.group }}" + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. diff --git a/.github/workflows/nightly-spread.yaml b/.github/workflows/nightly-spread.yaml index 7e6496cbc14..0036097469b 100644 --- a/.github/workflows/nightly-spread.yaml +++ b/.github/workflows/nightly-spread.yaml @@ -30,6 +30,7 @@ jobs: spread-nightly: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-nightly') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: openstack @@ -42,6 +43,7 @@ jobs: spread-nightly-google: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-nightly-google') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} @@ -79,6 +81,7 @@ jobs: spread-test-build-from-current: if: ${{ github.event.schedule == '0 6 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-build-from-current') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} @@ -99,6 +102,7 @@ jobs: spread-test-experimental: if: ${{ github.event.schedule == '0 2 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-experimental') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: openstack @@ -132,6 +136,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -155,6 +160,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -177,6 +183,7 @@ jobs: uses: ./.github/workflows/spread-tests.yaml name: "spread master ${{ matrix.group }}" needs: [read-systems] + secrets: inherit with: # Github doesn't support passing sequences as parameters. # Instead here we create a json array and pass it as a string. @@ -197,6 +204,7 @@ jobs: spread-test-with-kernels: if: ${{ github.event.schedule == '0 6 * * *' || (github.event_name == 'workflow_dispatch' && inputs.job == 'spread-test-with-kernels') }} uses: ./.github/workflows/spread-tests.yaml + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} diff --git a/.github/workflows/spread-tests.yaml b/.github/workflows/spread-tests.yaml index a7407733a62..e14b7666115 100644 --- a/.github/workflows/spread-tests.yaml +++ b/.github/workflows/spread-tests.yaml @@ -65,6 +65,8 @@ jobs: env: SPREAD_EXPERIMENTAL_FEATURES: ${{ inputs.spread-experimental-features }} GH_TOKEN: ${{ github.token }} + SPREAD_STORE_USER: ${{ secrets.SPREAD_STORE_USER }} + SPREAD_STORE_PASSWORD: ${{ secrets.SPREAD_STORE_PASSWORD }} runs-on: ${{ fromJSON(inputs.runs-on) }} steps: diff --git a/.github/workflows/weekly-feature-tagging.yaml b/.github/workflows/weekly-feature-tagging.yaml index 538e80a37b0..627e4aef10c 100644 --- a/.github/workflows/weekly-feature-tagging.yaml +++ b/.github/workflows/weekly-feature-tagging.yaml @@ -84,6 +84,7 @@ jobs: needs: [set-inputs, read-systems] name: "spread ${{ matrix.group }}" if: needs.read-systems.outputs.fundamental-systems != '' + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} @@ -105,6 +106,7 @@ jobs: needs: [set-inputs, read-systems] if: needs.read-systems.outputs.non-fundamental-systems != '' name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} @@ -125,6 +127,7 @@ jobs: needs: [set-inputs, read-systems] if: needs.read-systems.outputs.nested-systems != '' name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '${{ matrix.runs-on }}' group: ${{ matrix.group }} diff --git a/.github/workflows/weekly-state-locks.yaml b/.github/workflows/weekly-state-locks.yaml index 713b386894d..fcc186434a5 100644 --- a/.github/workflows/weekly-state-locks.yaml +++ b/.github/workflows/weekly-state-locks.yaml @@ -9,6 +9,7 @@ jobs: run-spread-tests: uses: ./.github/workflows/spread-tests.yaml name: "spread ${{ matrix.group }}" + secrets: inherit with: runs-on: '["self-hosted", "spread-enabled"]' group: ${{ matrix.group }} diff --git a/tests/main/auto-refresh-private/task.yaml b/tests/main/auto-refresh-private/task.yaml index 7e8b9913b4f..8532c23c155 100644 --- a/tests/main/auto-refresh-private/task.yaml +++ b/tests/main/auto-refresh-private/task.yaml @@ -13,7 +13,7 @@ systems: [-ubuntu-core-*] skip: - reason: "Account store credentials are not available" if: | - [[ -z "$SPREAD_STORE_USER" || -z "$SPREAD_STORE_USER_PASSWORD" ]] + [[ -z "$SPREAD_STORE_USER" || -z "$SPREAD_STORE_PASSWORD" ]] restore: | snap logout || true diff --git a/tests/main/download-private/task.yaml b/tests/main/download-private/task.yaml index 5c474b21844..27e5db90832 100644 --- a/tests/main/download-private/task.yaml +++ b/tests/main/download-private/task.yaml @@ -11,6 +11,13 @@ details: | # no ubuntu-core: we don't have expect available nor can we install snapcraft systems: [ubuntu-1*-64, ubuntu-2*-64] +skip: + - reason: "Account store credentials are not available" + if: | + [ -z "$SPREAD_STORE_USER" ] || [ -z "$SPREAD_STORE_PASSWORD" ] + - reason: "Core is not supported" + if: os.query is-core + prepare: | echo "Install snapcraft from latest/candidate" snap install snapcraft --channel=latest/candidate --classic diff --git a/tests/main/install-refresh-private/task.yaml b/tests/main/install-refresh-private/task.yaml index c522dd3e18c..687f6cf3f44 100644 --- a/tests/main/install-refresh-private/task.yaml +++ b/tests/main/install-refresh-private/task.yaml @@ -10,6 +10,11 @@ details: | # we don't have expect available on ubuntu-core, so the authenticated check need to be skipped on those systems systems: [-ubuntu-core-*] +skip: + - reason: "Account store credentials are not available" + if: | + [ -z "$SPREAD_STORE_USER" ] || [ -z "$SPREAD_STORE_PASSWORD" ] + restore: | snap logout || true From b654f9fa1f4d3757c9dc71f20995a9cf04d23823 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Tue, 27 Jan 2026 15:24:26 -0300 Subject: [PATCH 08/41] tests: skip kernel-base-gadget tests when running beta validation (#16316) * tests: skip kernel-base-gadget tests when running beta validation When we run edge/beta validation the pc snap is asserted, so these tests needs to be skipped. In the ci the pc kernel is unasserted so these tests shouldn't be skipped. * skip interfaces-checkbox-support for veta validation This is skipped also because in external backend the plz-run binary is not built during prepare * Migrate the tests to the new skip format * Update tests/main/interfaces-checkbox-support/task.yaml Co-authored-by: Katie May --------- Co-authored-by: Katie May --- .../task.yaml | 9 ++++----- .../core/kernel-base-gadget-pair-single-reboot/task.yaml | 9 ++++----- .../kernel-base-gadget-single-reboot-failover/task.yaml | 9 ++++----- tests/core/kernel-base-gadget-single-reboot/task.yaml | 9 ++++----- tests/main/interfaces-checkbox-support/task.yaml | 4 ++++ 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml b/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml index a0b11a5f40d..c2092e2df54 100644 --- a/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml +++ b/tests/core/kernel-base-gadget-pair-single-reboot-failover/task.yaml @@ -26,6 +26,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -46,11 +50,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml b/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml index f28aceeb78a..80edadeb167 100644 --- a/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml +++ b/tests/core/kernel-base-gadget-pair-single-reboot/task.yaml @@ -24,6 +24,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -44,11 +48,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml b/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml index d5fb7fc6c91..1b3a1565ac2 100644 --- a/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml +++ b/tests/core/kernel-base-gadget-single-reboot-failover/task.yaml @@ -18,6 +18,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -33,11 +37,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/core/kernel-base-gadget-single-reboot/task.yaml b/tests/core/kernel-base-gadget-single-reboot/task.yaml index e17f5b390b8..80f8f62305e 100644 --- a/tests/core/kernel-base-gadget-single-reboot/task.yaml +++ b/tests/core/kernel-base-gadget-single-reboot/task.yaml @@ -18,6 +18,10 @@ environment: # on UC20+ this has proved to be an issue SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - if: snap list pc | NOMATCH "x[1-9]" + reason: This test needs a host using an unasserted 'pc' gadget snap + prepare: | # To get VERSION_ID defined . /etc/os-release @@ -33,11 +37,6 @@ execute: | # To get VERSION_ID defined . /etc/os-release - if snap list pc | NOMATCH "x[1-9]"; then - echo "This test needs a host using an unasserted 'pc' gadget snap" - exit 1 - fi - # does not work for 16, but we don't support 16 for this core_snap="core${VERSION_ID}" diff --git a/tests/main/interfaces-checkbox-support/task.yaml b/tests/main/interfaces-checkbox-support/task.yaml index e99b375c1e6..c6ca1088160 100644 --- a/tests/main/interfaces-checkbox-support/task.yaml +++ b/tests/main/interfaces-checkbox-support/task.yaml @@ -10,6 +10,10 @@ systems: # Systemd is too old to support passing stdio as file descriptors. - -amazon-linux-2-64 +skip: + - if: test -z "$(command -v plz-run)" + reason: The plz-run executable is missing + prepare: | snap pack test-snapd-checkbox-support snap install --dangerous ./test-snapd-checkbox-support_0.4_all.snap From 052913daeb0f44a1de5f928b254f056bcb0db339 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Wed, 28 Jan 2026 00:59:23 -0300 Subject: [PATCH 09/41] tests: migrate tests.exec is-skipped to new skip format (#16501) * tests: Migreate tests.exec is-skipped to new skip format This change migrates all the used of `tests.exec is-skipped && exit 0` to the new skip format. Also are removed other usages when it was required skip the whole crossdistro and smoke test suites. * Update tests/main/cloud-init/task.yaml Co-authored-by: Oliver Calder * Update tests/main/interfaces-snap-interfaces-requests-control/task.yaml Co-authored-by: Oliver Calder * Update tests/main/cloud-init/task.yaml Co-authored-by: Oliver Calder * Fixes addressing review comments * Cloud init now executed in arm uc * fix shell check --------- Co-authored-by: Oliver Calder --- .../task.yaml | 21 +++---- tests/core/failover/task.yaml | 27 ++++----- .../gadget-kernel-refs-update-pc/task.yaml | 24 ++++---- tests/lib/tools/tests.exec | 58 ------------------- .../task.yaml | 14 ++--- tests/main/auto-refresh-retry/task.yaml | 15 ++--- .../main/classic-custom-device-reg/task.yaml | 14 ++--- tests/main/classic-firstboot/task.yaml | 14 ++--- .../classic-prepare-image-no-core/task.yaml | 14 ++--- tests/main/classic-prepare-image/task.yaml | 14 ++--- tests/main/classic-snapd-firstboot/task.yaml | 15 ++--- tests/main/cloud-init/task.yaml | 27 +++------ tests/main/command-chain/task.yaml | 11 ++-- tests/main/download-timeout/task.yaml | 33 +++-------- tests/main/install-errors/task.yaml | 11 ++-- tests/main/install-sideload-epochs/task.yaml | 10 ++-- tests/main/install-sideload/task.yaml | 11 ++-- .../task.yaml | 24 +++----- .../task.yaml | 23 +++----- tests/main/known/task.yaml | 2 - tests/main/mount-dir-detect-check/task.yaml | 10 ++-- tests/main/postrm-purge/task.yaml | 14 ++--- tests/main/searching/task.yaml | 2 - tests/main/security-group-policy/task.yaml | 19 +++--- tests/main/snap-run-devmode-classic/task.yaml | 11 ++-- tests/main/snap-run-hook/task.yaml | 10 ++-- tests/main/snap-run/task.yaml | 6 -- tests/main/snap-userd-reexec/task.yaml | 11 ++-- tests/main/snapd-homedirs-vendored/task.yaml | 15 ++--- tests/main/snapd-reexec/task.yaml | 15 ++--- .../task.yaml | 10 ++-- tests/main/snapd-snap/task.yaml | 14 ++--- tests/main/try/task.yaml | 6 -- tests/main/upgrade-from-release/task.yaml | 16 ++--- tests/main/writable-areas/task.yaml | 10 ++-- tests/nested/manual/core22-basic/task.yaml | 10 ++-- .../manual/hybrid-fde-recovery-keys/task.yaml | 9 +-- .../manual/hybrid-xkb-kcmdline/task.yaml | 9 +-- tests/nested/manual/seeding-failure/task.yaml | 13 ++--- tests/smoke/find-info/task.yaml | 2 - tests/smoke/install/task.yaml | 6 -- tests/smoke/remove/task.yaml | 2 - tests/smoke/sandbox/task.yaml | 4 -- 43 files changed, 196 insertions(+), 410 deletions(-) delete mode 100755 tests/lib/tools/tests.exec diff --git a/tests/core/auto-refresh-backoff-after-reboot/task.yaml b/tests/core/auto-refresh-backoff-after-reboot/task.yaml index c63c0d3b38e..ca3a5216d2f 100644 --- a/tests/core/auto-refresh-backoff-after-reboot/task.yaml +++ b/tests/core/auto-refresh-backoff-after-reboot/task.yaml @@ -15,14 +15,15 @@ environment: # SNAP_NAME/gadget: pc # SNAP_ID/gadget: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | # Prevent refreshes until we have right snap revisions snap set system refresh.hold=forever @@ -45,21 +46,15 @@ prepare: | snap ack "$BLOB_DIR/asserts/developer1.account-key" restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" snap set system refresh.hold! debug: | - tests.exec is-skipped && exit 0 - snap debug api /v2/changes?select=ready | gojq "[.result[] | select(.kind == \"auto-refresh\")] | sort_by(.id|tonumber)" execute: | - tests.exec is-skipped && exit 0 - # The daemon is configured to point to the fake store "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" diff --git a/tests/core/failover/task.yaml b/tests/core/failover/task.yaml index 2a60041d3e6..c79bdf1cc3a 100644 --- a/tests/core/failover/task.yaml +++ b/tests/core/failover/task.yaml @@ -36,17 +36,18 @@ environment: # pc-kernel snap is specific to x86-64 SNAP_ID_pc_kernel: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if [ "$TARGET_SNAP" = "kernel" ] && os.query is-arm; then - tests.exec skip-test "variant not supported on ARM architectures" && exit 0 - fi - if [ "$TARGET_SNAP" = "kernel" ] && os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Variant not supported on ARM architectures + if: | + [ "$TARGET_SNAP" = "kernel" ] && os.query is-arm + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + [ "$TARGET_SNAP" = "kernel" ] && os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" snap ack "$TESTSLIB/assertions/developer1.account" snap ack "$TESTSLIB/assertions/developer1.account-key" @@ -55,22 +56,16 @@ prepare: | mkdir -p "$BUILD_DIR" restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BUILD_DIR" debug: | - tests.exec is-skipped && exit 0 - snap debug boot-vars || true snap list || true snap changes || true execute: | - tests.exec is-skipped && exit 0 - inject_rclocalcrash_failure(){ chmod a+x "$BUILD_DIR/unpack/etc/rc.local" cat < "$BUILD_DIR/unpack/etc/rc.local" diff --git a/tests/core/gadget-kernel-refs-update-pc/task.yaml b/tests/core/gadget-kernel-refs-update-pc/task.yaml index 062a68c929e..721b5964b49 100644 --- a/tests/core/gadget-kernel-refs-update-pc/task.yaml +++ b/tests/core/gadget-kernel-refs-update-pc/task.yaml @@ -23,17 +23,17 @@ environment: # uploading a large snap makes OOM kill snapd SNAPD_NO_MEMORY_LIMIT: 1 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi - if os.query is-arm; then - tests.exec skip-test "Test not supported on arm architecture" && exit 0 - fi - if os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "The kernel snap used for openstack cannot be refreshed with Canonical model" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Test not supported on arm architecture + if: os.query is-arm + - reason: The kernel snap used for openstack cannot be refreshed with Canonical model + if: | + os.query is-core18 && [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" readlink /snap/pc/current > pc-revision.txt @@ -98,8 +98,6 @@ prepare: | systemctl restart snapd restore: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" # XXX: ideally we would restore the kernel/gadget here but the kernel # restore requires a reboot :/ @@ -109,8 +107,6 @@ restore: | systemctl restart snapd execute: | - tests.exec is-skipped && exit 0 - if [ "$SPREAD_REBOOT" = 0 ]; then # first install the gadget that knows about the kernel # (but no edition bump so this will install fine) diff --git a/tests/lib/tools/tests.exec b/tests/lib/tools/tests.exec deleted file mode 100755 index d33ae520bbc..00000000000 --- a/tests/lib/tools/tests.exec +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -set -eu - -show_help() { - echo "usage: tests.exec skip-test [MSG]" - echo "usage: tests.exec is-skipped" - echo - echo "Supported commands:" - echo " skip-test: indicates the test has to be skipped and saves the raeson" - echo " is-skipped: check if the test has to be skipped and prints the raeson" -} - -skip_test() { - local raeson="${1:-}" - echo "$raeson" > tests.exec -} - -is_skipped() { - if [ -f tests.exec ]; then - echo "skip raeson: $(cat tests.exec)" - return 0 - fi - return 1 -} - -main() { - if [ $# -eq 0 ]; then - show_help - exit 0 - fi - - local subcommand="$1" - local action= - while [ $# -gt 0 ]; do - case "$subcommand" in - -h|--help) - show_help - exit 0 - ;; - *) - action=$(echo "$subcommand" | tr '-' '_') - shift - break - ;; - esac - done - - if [ -z "$(declare -f "$action")" ]; then - echo "tests.exec: no such command: $subcommand" - show_help - exit 1 - fi - - "$action" "$@" -} - -main "$@" diff --git a/tests/main/apparmor-prompting-prompt-restoration/task.yaml b/tests/main/apparmor-prompting-prompt-restoration/task.yaml index 8c6eaacf0ff..6f9c0122af7 100644 --- a/tests/main/apparmor-prompting-prompt-restoration/task.yaml +++ b/tests/main/apparmor-prompting-prompt-restoration/task.yaml @@ -11,11 +11,11 @@ details: | systems: - ubuntu-2* -prepare: | - if os.query is-kernel-lt 6.16; then - tests.exec skip-test "Requires AppArmor notification protocol v5+ which is only in ubuntu kernels 6.16+" && exit 0 - fi +skip: + - reason: Requires AppArmor notification protocol v5+ which is only in ubuntu kernels 6.16+ + if: os.query is-kernel-lt 6.16 +prepare: | echo "Check that the system AppArmor supports notification protocol v5" uname -a ls /sys/kernel/security/apparmor/features/policy @@ -42,8 +42,6 @@ prepare: | snap connect prompt-requester:home restore: | - tests.exec is-skipped && exit 0 - SNAPD_PID="$(systemctl show --property MainPID snapd.service | cut -f2 -d=)" echo "Remove any new listener ID file" @@ -62,8 +60,6 @@ restore: | snap remove test-snapd-prompt-handler debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check system info" @@ -74,8 +70,6 @@ debug: | tests.session -u test exec snap debug api /v2/interfaces/requests/prompts execute: | - tests.exec is-skipped && exit 0 - echo "Remove any existing listener ID file so snapd will register new listener" rm -f /run/snapd/interfaces-requests/listener-id diff --git a/tests/main/auto-refresh-retry/task.yaml b/tests/main/auto-refresh-retry/task.yaml index f0ce5e1e158..3cd0838647d 100644 --- a/tests/main/auto-refresh-retry/task.yaml +++ b/tests/main/auto-refresh-retry/task.yaml @@ -6,26 +6,23 @@ details: | systems: [-ubuntu-14.04-*] -restore: | - tests.exec is-skipped && exit 0 +skip: + - reason: This test fails when proxy is set for snapd + if: | + # TODO: Fix the issue + [ "${SNAPD_USE_PROXY:-}" = true ] +restore: | rm -f /etc/systemd/system/snapd.service.d/override.conf ip netns delete testns || true umount /run/netns || true debug: | - tests.exec is-skipped && exit 0 - systemctl cat snapd.service ip netns list || true ip netns pids testns || true execute: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - # TODO: Fix the issue - tests.exec skip-test "This test fails when proxy is set for snapd" && exit 0 - fi - echo "Install a snap from stable" snap install test-snapd-tools diff --git a/tests/main/classic-custom-device-reg/task.yaml b/tests/main/classic-custom-device-reg/task.yaml index a82f1e0e97b..09334a9e477 100644 --- a/tests/main/classic-custom-device-reg/task.yaml +++ b/tests/main/classic-custom-device-reg/task.yaml @@ -14,12 +14,12 @@ kill-timeout: 5m environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/classic-gadget" snap download "--$CORE_CHANNEL" core @@ -52,16 +52,12 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-firstboot/task.yaml b/tests/main/classic-firstboot/task.yaml index 3daedca3dd6..1aabed39642 100644 --- a/tests/main/classic-firstboot/task.yaml +++ b/tests/main/classic-firstboot/task.yaml @@ -13,12 +13,12 @@ systems: [-ubuntu-core-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/basic" snap pack "$TESTSLIB/snaps/test-snapd-service" snap download "--$CORE_CHANNEL" core @@ -51,14 +51,10 @@ prepare: | cp ./test-snapd-service_1.0_all.snap "$SEED_DIR/snaps/test-snapd-service.snap" restore: | - tests.exec is-skipped && exit 0 - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - echo "Start the daemon with an empty state, this will make it import " echo "assertions from the $SEED_DIR/assertions subdirectory and " echo "install the seed snaps." diff --git a/tests/main/classic-prepare-image-no-core/task.yaml b/tests/main/classic-prepare-image-no-core/task.yaml index d52c45b3492..8cf125fe8dc 100644 --- a/tests/main/classic-prepare-image-no-core/task.yaml +++ b/tests/main/classic-prepare-image-no-core/task.yaml @@ -19,12 +19,12 @@ environment: STORE_ADDR: localhost:11028 SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" snap pack "$TESTSLIB/snaps/basic18" @@ -49,8 +49,6 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" @@ -59,8 +57,6 @@ restore: | rm -rf "$ROOT" execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-prepare-image/task.yaml b/tests/main/classic-prepare-image/task.yaml index c2d755b5df8..51c3ad7cc14 100644 --- a/tests/main/classic-prepare-image/task.yaml +++ b/tests/main/classic-prepare-image/task.yaml @@ -18,12 +18,12 @@ environment: STORE_ADDR: localhost:11028 SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" snap pack "$TESTSLIB/snaps/basic" @@ -48,8 +48,6 @@ prepare: | systemd-run --unit fakedevicesvc fakedevicesvc localhost:11029 restore: | - tests.exec is-skipped && exit 0 - systemctl stop snapd.service snapd.socket fakedevicesvc rm -rf "$SEED_DIR" @@ -58,8 +56,6 @@ restore: | rm -rf "$ROOT" execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/main/classic-snapd-firstboot/task.yaml b/tests/main/classic-snapd-firstboot/task.yaml index 98c7da85a11..951de2857fb 100644 --- a/tests/main/classic-snapd-firstboot/task.yaml +++ b/tests/main/classic-snapd-firstboot/task.yaml @@ -11,12 +11,13 @@ systems: [-ubuntu-core-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - # In this scenario, the keys from the snapd pkg are used - if [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + # In this scenario, the keys from the snapd pkg are used + [ "$TRUST_TEST_KEYS" = "false" ] || tests.info is-snapd-from-archive +prepare: | snap pack "$TESTSLIB/snaps/basic18" snap download "--$SNAPD_CHANNEL" snapd snap download core18 @@ -51,14 +52,10 @@ prepare: | cp ./basic18_1.0_all.snap "$SEED_DIR/snaps/basic18.snap" restore: | - tests.exec is-skipped && exit 0 - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - tests.exec is-skipped && exit 0 - echo "Start the daemon with an empty state, this will make it import " echo "assertions from the $SEED_DIR/assertions subdirectory and " echo "install the seed snaps." diff --git a/tests/main/cloud-init/task.yaml b/tests/main/cloud-init/task.yaml index e366fd1d80f..13754420bb0 100644 --- a/tests/main/cloud-init/task.yaml +++ b/tests/main/cloud-init/task.yaml @@ -5,12 +5,12 @@ details: | to the snaps. Run the test on a live backend which sets instance data properly. -prepare: | - # TODO: revert this once cloud-init v25.1.4 is landed for arm - if os.query is-arm && os.query is-core && [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "Openstack metadata service for configuration data cannot be accessed on arm64" && exit 0 - fi +skip: + - reason: This test is only valid for google and openstack backends that provide cloud info + if: | + ! [[ "$SPREAD_BACKEND" =~ google ]] && ! [[ "$SPREAD_BACKEND" =~ openstack ]] +prepare: | cat < /etc/systemd/system/snapd.service.d/http-debug.conf [Service] Environment=SNAPD_DEBUG_HTTP=7 @@ -18,25 +18,14 @@ prepare: | systemctl restart snapd.service restore: | - tests.exec is-skipped && exit 0 rm /etc/systemd/system/snapd.service.d/http-debug.conf systemctl restart snapd.service execute: | - tests.exec is-skipped && exit 0 - if ! [[ "$SPREAD_BACKEND" =~ google ]] && ! [[ "$SPREAD_BACKEND" =~ openstack ]]; then - tests.exec skip-test "This test is only valid for google and openstack backends that provide cloud info" && exit 0 - fi - if [[ ! -e /run/cloud-init/instance-data.json ]]; then - echo "cloud-init instance data is required to execute the test" - - if os.query is-ubuntu && not os.query is-trusty; then - # we expect the test to run on all Ubuntu images excluding 14.04 - echo "the test expected to run on $SPREAD_SYSTEM" - exit 1 - fi - exit 0 + # we expect the test to run on all cloud images provided by google and openstack + echo "the test expected to have cloud-init instance data on $SPREAD_SYSTEM" + exit 1 fi get_conf() { diff --git a/tests/main/command-chain/task.yaml b/tests/main/command-chain/task.yaml index 46bbfeee019..689e06e7e9f 100644 --- a/tests/main/command-chain/task.yaml +++ b/tests/main/command-chain/task.yaml @@ -15,11 +15,12 @@ environment: BREADCRUMB: /var/snap/command-chain/current/breadcrumb ENVDUMP: /var/snap/command-chain/current/env -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | echo "Build command chain snap" snap pack command-chain snap install --dangerous command-chain_1.0_all.snap @@ -32,8 +33,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Test that command-chain runs for hooks" [ "$(cat "$BREADCRUMB")" = "chain1 chain2 configure" ] MATCH '^CHAIN_1_RAN=1$' < "$ENVDUMP" diff --git a/tests/main/download-timeout/task.yaml b/tests/main/download-timeout/task.yaml index c066f9fd05b..d2e6fa65e96 100644 --- a/tests/main/download-timeout/task.yaml +++ b/tests/main/download-timeout/task.yaml @@ -19,19 +19,15 @@ environment: SNAPD_DOWNLOAD_MEAS_WINDOW: 15s OVERRIDES_FILE: /etc/systemd/system/snapd.service.d/local.conf -prepare: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - # TODO: Fix the issue - tests.exec skip-test "This test fails when proxy is set for snapd" && exit 0 - fi - - device="$(ip route show default | awk '{print $5}')" - - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi +skip: + - reason: This test fails when proxy is set for snapd + if: | + # TODO: Fix the issue + [ "${SNAPD_USE_PROXY:-}" = true ] + - reason: tc fail to add a device in arm architecture with error -> "Cannot find device" + if: not os.query is-pc-amd64 +prepare: | cp "$OVERRIDES_FILE" "$OVERRIDES_FILE".bak sed "s/Environment=/Environment=SNAPD_MIN_DOWNLOAD_SPEED=${SNAPD_MIN_DOWNLOAD_SPEED} SNAPD_DOWNLOAD_MEAS_WINDOW=${SNAPD_DOWNLOAD_MEAS_WINDOW} /" -i "$OVERRIDES_FILE" @@ -39,14 +35,8 @@ prepare: | systemctl restart snapd.{socket,service} restore: | - tests.exec is-skipped && exit 0 - device="$(ip route show default | awk '{print $5}')" - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi # We need to skip this step in 23+ because it fails with error: # Error: Qdisc not classful. We have an error talking to the kernel # The test works well even after skipping this @@ -60,15 +50,8 @@ restore: | systemctl restart snapd.{socket,service} execute: | - tests.exec is-skipped && exit 0 - device="$(ip route show default | awk '{print $5}')" - if not os.query is-pc-amd64; then - echo "tc fail to add a device in arm architecture with error: \"Cannot find device $device\"" - exit - fi - tc qdisc add dev "$device" ingress tc filter add dev "$device" root protocol ip u32 match u32 0 0 police rate 32kbit burst 16k drop flowid :1 tc filter add dev "$device" parent ffff: protocol ip u32 match u32 0 0 police rate 32kbit burst 16k drop flowid :1 diff --git a/tests/main/install-errors/task.yaml b/tests/main/install-errors/task.yaml index 85001b7bf23..d80b5d5f5e0 100644 --- a/tests/main/install-errors/task.yaml +++ b/tests/main/install-errors/task.yaml @@ -13,17 +13,16 @@ environment: SNAP_REEXEC/noreexec: 0 SNAP_REEXEC/withreexec: 1 -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | echo "Given a snap with a failing command is installed" "$TESTSTOOLS"/snaps-state install-local "$SNAP_NAME" execute: | - tests.exec is-skipped && exit 0 - echo "Install unexisting snap prints error" if snap install unexisting.canonical; then echo "Installing unexisting snap should fail" diff --git a/tests/main/install-sideload-epochs/task.yaml b/tests/main/install-sideload-epochs/task.yaml index ff8021402d2..ce7b3ad15d3 100644 --- a/tests/main/install-sideload-epochs/task.yaml +++ b/tests/main/install-sideload-epochs/task.yaml @@ -11,16 +11,16 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi snap pack test-snapd-epoch-1 snap pack test-snapd-epoch-2 execute: | - tests.exec is-skipped && exit 0 - rx="cannot refresh \"[^ \"]*\" to local snap with epoch [^ ]*, because it can't read the current epoch" snap try test-snapd-epoch-1 not snap try test-snapd-epoch-2 2> try.err diff --git a/tests/main/install-sideload/task.yaml b/tests/main/install-sideload/task.yaml index a2eda6d8279..4ca265a9ff9 100644 --- a/tests/main/install-sideload/task.yaml +++ b/tests/main/install-sideload/task.yaml @@ -13,11 +13,12 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 -prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive +prepare: | for snap in basic test-snapd-tools basic-desktop test-snapd-devmode snap-hooks-bad-install; do snap pack "$TESTSLIB"/snaps/$snap done @@ -30,8 +31,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Sideloaded snap shows status" expected='^basic 1.0 installed$' snap install --dangerous ./basic_1.0_all.snap | MATCH "$expected" diff --git a/tests/main/interfaces-requests-activates-handlers/task.yaml b/tests/main/interfaces-requests-activates-handlers/task.yaml index 0c0cecf9cfa..644e5970e2f 100644 --- a/tests/main/interfaces-requests-activates-handlers/task.yaml +++ b/tests/main/interfaces-requests-activates-handlers/task.yaml @@ -7,17 +7,15 @@ details: | systems: - ubuntu-2* -prepare: | - if os.query is-ubuntu 20.04; then - tests.exec skip-test "Ubuntu 20.04 kernels doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 ; then - tests.exec skip-test "Ubuntu 22.04 kernel $(uname -r) doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use; then - tests.exec skip-test "Ubuntu 22.04 AppArmor parser doesn't support prompting" && exit 0 - fi +skip: + - reason: Ubuntu 20.04 kernels don't support prompting + if: os.query is-ubuntu 20.04 + - reason: Ubuntu 22.04 kernel doesn't support prompting + if: os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 + - reason: Ubuntu 22.04 AppArmor parser doesn't support prompting + if: os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use +prepare: | # prerequisite for having a prompts handler service snap set system experimental.user-daemons=true "$TESTSTOOLS"/snaps-state install-local test-snapd-prompt-handler @@ -25,15 +23,11 @@ prepare: | tests.session -u test prepare restore: | - tests.exec is-skipped && exit 0 - snap unset system experimental.user-daemons snap remove --purge test-snapd-prompt-handler || true tests.session -u test restore debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check kernel notification socket presence" @@ -46,8 +40,6 @@ debug: | snap debug api /v2/system-info execute: | - tests.exec is-skipped && exit 0 - not tests.session -u test exec systemctl --user is-active \ snap.test-snapd-prompt-handler.prompt-handler.service not tests.session -u test exec systemctl --user is-enabled \ diff --git a/tests/main/interfaces-snap-interfaces-requests-control/task.yaml b/tests/main/interfaces-snap-interfaces-requests-control/task.yaml index 35e3e5f9e30..debe0aee3bf 100644 --- a/tests/main/interfaces-snap-interfaces-requests-control/task.yaml +++ b/tests/main/interfaces-snap-interfaces-requests-control/task.yaml @@ -19,17 +19,15 @@ environment: # fact all the test does is pipe the output to (go)jq PYTHONIOENCODING: utf-8 -prepare: | - if os.query is-ubuntu 20.04; then - tests.exec skip-test "Ubuntu 20.04 kernel doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 ; then - tests.exec skip-test "Ubuntu 22.04 kernel $(uname -r) doesn't support prompting" && exit 0 - fi - if os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use; then - tests.exec skip-test "Ubuntu 22.04 AppArmor parser doesn't support prompting" && exit 0 - fi +skip: + - reason: Ubuntu 20.04 kernel doesn't support prompting + if: os.query is-ubuntu 20.04 + - reason: Ubuntu 22.04 kernel <6.7 doesn't support prompting + if: os.query is-ubuntu 22.04 && os.query is-kernel-lt 6.7 + - reason: Ubuntu 22.04 AppArmor parser doesn't support prompting + if: os.query is-ubuntu 22.04 && not tests.info is-reexec-in-use +prepare: | tests.session prepare -u test snap remove --purge api-client || true @@ -37,12 +35,9 @@ prepare: | snap set system experimental.user-daemons=true restore: | - tests.exec is-skipped && exit 0 tests.session restore -u test debug: | - tests.exec is-skipped && exit 0 - echo "Check kernel version" uname -a echo "Check kernel notification socket presence" @@ -55,8 +50,6 @@ debug: | snap debug api /v2/system-info execute: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local api-client echo "The snap-interfaces-requests-control plug on the api-client snap is initially disconnected" snap connections api-client | MATCH "snap-interfaces-requests-control +api-client:snap-interfaces-requests-control +- +-" diff --git a/tests/main/known/task.yaml b/tests/main/known/task.yaml index 8440173a77e..4a1927f1cd5 100644 --- a/tests/main/known/task.yaml +++ b/tests/main/known/task.yaml @@ -7,8 +7,6 @@ details: | properties in general. execute: | - tests.exec is-skipped && exit 0 - echo "Listing all account assertions" snap known account|MATCH "^type: account$" snap known account|MATCH "^account-id: canonical$" diff --git a/tests/main/mount-dir-detect-check/task.yaml b/tests/main/mount-dir-detect-check/task.yaml index 712e32f13f3..6ac4d5333f2 100644 --- a/tests/main/mount-dir-detect-check/task.yaml +++ b/tests/main/mount-dir-detect-check/task.yaml @@ -7,11 +7,11 @@ details: | systems: - -ubuntu-core-* -prepare: | - if tests.info is-snapd-from-archive ; then - tests.exec skip-test "snapd deb from archive has no mount detection" && exit 0 - fi +skip: + - reason: snapd deb from archive has no mount detection + if: tests.info is-snapd-from-archive +prepare: | tests.systemd stop-unit snapd.service echo "Ensure all snaps are gone" snapd.tool exec snap-mgmt --purge @@ -56,8 +56,6 @@ prepare: | test "$(snap list | wc -l)" = "0" execute: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" baddir="$(cat mock-mount-dir)" diff --git a/tests/main/postrm-purge/task.yaml b/tests/main/postrm-purge/task.yaml index c27e96a4bc7..4a54ba04df8 100644 --- a/tests/main/postrm-purge/task.yaml +++ b/tests/main/postrm-purge/task.yaml @@ -6,11 +6,11 @@ details: | systems: [-ubuntu-core-*] -prepare: | - if tests.info is-snapd-from-archive; then - tests.exec skip-test "This test is skipped when the snapd pkg isn't built from local" && exit 0 - fi +skip: + - reason: This test is skipped when the snapd pkg isn't built from local + if: tests.info is-snapd-from-archive +prepare: | # TODO: unify this with tests/main/snap-mgmt/task.yaml # note: no need to unset these since this spread test purges snapd totally @@ -68,8 +68,6 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" if [ -e pkg-removed ]; then @@ -78,13 +76,9 @@ restore: | fi debug: | - tests.exec is-skipped && exit 0 - systemctl --no-legend --full | grep -E 'snap\..*\.(service|timer|socket|slice)' || true execute: | - tests.exec is-skipped && exit 0 - systemctl --no-legend --full | MATCH 'snap\..*\.(service|timer|socket|slice)' #shellcheck source=tests/lib/pkgdb.sh diff --git a/tests/main/searching/task.yaml b/tests/main/searching/task.yaml index 2da2fd000a9..1806af82477 100644 --- a/tests/main/searching/task.yaml +++ b/tests/main/searching/task.yaml @@ -15,8 +15,6 @@ backends: [-autopkgtest] systems: [-ubuntu-*-ppc64el, -ubuntu-*-s390x] execute: | - tests.exec is-skipped && exit 0 - echo "List all featured snaps" expected='(?s).*Name +Version +Publisher +Notes +Summary *\n(.*?\n)?.*' snap find > featured.txt diff --git a/tests/main/security-group-policy/task.yaml b/tests/main/security-group-policy/task.yaml index 9fdbe1d42e1..85372cdeb05 100644 --- a/tests/main/security-group-policy/task.yaml +++ b/tests/main/security-group-policy/task.yaml @@ -17,21 +17,18 @@ environment: SNAP_REEXEC/no_reexec: 0 SNAP_REEXEC/with_reexec: 1 -prepare: | - LIBEXEC_DIR="$(os.paths libexec-dir)" - vers="$("$LIBEXEC_DIR"/snapd/snap-confine --version | cut -f2 -d' ' | sed -e 's/\+.*//')" - - if os.query is-ubuntu && [ "$SPREAD_VARIANT" = "no_reexec" ]; then +skip: + - reason: This test needs a test build of snapd, got native version instead + if: | # Ubuntu is the only distribution where snapd comes preinstalled, so # unless we are doing SRU validation or installing from a private PPA # (as part of the release process) the no-reexec variant would actually # try to exercise this feature using the native package, which may be # too old to have it in the first place - if [ "$SRU_VALIDATION" != "1" ] && [ -z "$PPA_SOURCE_LINE" ] && [ -z "$PPA_VALIDATION_NAME" ]; then - tests.exec skip-test "This test needs a test build of snapd, got native version $vers instead" - fi - fi - tests.exec is-skipped && exit 0 + os.query is-ubuntu && [ "$SPREAD_VARIANT" = "no_reexec" ] && [ "$SRU_VALIDATION" != "1" ] && [ -z "$PPA_SOURCE_LINE" ] && [ -z "$PPA_VALIDATION_NAME" ] + +prepare: | + LIBEXEC_DIR="$(os.paths libexec-dir)" case "$SPREAD_SYSTEM" in fedora-*|arch-*|centos-*) @@ -67,7 +64,6 @@ prepare: | tests.session -u test prepare restore: | - tests.exec is-skipped && exit 0 tests.session -u test restore debug: | @@ -76,7 +72,6 @@ debug: | getcap "$LIBEXEC_DIR"/snapd/snap-confine || true execute: | - tests.exec is-skipped && exit 0 tests.session -u test exec sh -c "test-snapd-sh-core24.sh -c 'true' 2>&1" | \ MATCH 'user is not a member of group' diff --git a/tests/main/snap-run-devmode-classic/task.yaml b/tests/main/snap-run-devmode-classic/task.yaml index d866f70b62f..b5863e7f9f0 100644 --- a/tests/main/snap-run-devmode-classic/task.yaml +++ b/tests/main/snap-run-devmode-classic/task.yaml @@ -34,12 +34,11 @@ environment: BASE_CORE_STRICT_SNAP: test-snapd-sh BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18 -prepare: | - # Core snap is not modified for classic re-exec any more in this scenario - if tests.info is-snapd-from-archive; then - tests.exec skip-test "Core snap is not modified for classic re-exec any more in this scenario" && exit 0 - fi +skip: + - reason: Core snap is not modified for classic re-exec any more in this scenario + if: tests.info is-snapd-from-archive +prepare: | CURRENT_SNAPD_SNAP="$(ls "$SNAPD_WORK_DIR"/snapd_snap/snapd_*.snap)" cp "$CURRENT_SNAPD_SNAP" "$PWD/snapd-from-branch.snap" @@ -69,8 +68,6 @@ prepare: | rm -r "$snapddir" execute: | - tests.exec is-skipped && exit 0 - if [ "$SNAP_TO_USE_FIRST" = "core" ]; then # first install our core snap because we don't have the snapd snap on diff --git a/tests/main/snap-run-hook/task.yaml b/tests/main/snap-run-hook/task.yaml index 8106703c7e4..a24d78e87ee 100644 --- a/tests/main/snap-run-hook/task.yaml +++ b/tests/main/snap-run-hook/task.yaml @@ -11,10 +11,12 @@ environment: SNAP_REEXEC/reexec1: 1 ENVDUMP: /var/snap/basic-hooks/current/hooks-env +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi "$TESTSTOOLS"/snaps-state install-local basic-hooks SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$SNAP_REEXEC" = "1" ] && [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then @@ -25,8 +27,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - # Note that `snap run` doesn't exit non-zero if the hook is missing, so we # check the output instead. diff --git a/tests/main/snap-run/task.yaml b/tests/main/snap-run/task.yaml index 56483fa727c..f8647e0ab67 100644 --- a/tests/main/snap-run/task.yaml +++ b/tests/main/snap-run/task.yaml @@ -14,19 +14,13 @@ environment: STRACE_STATIC_CHANNEL: candidate prepare: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local basic-run "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 debug: | - tests.exec is-skipped && exit 0 - cat stderr || true execute: | - tests.exec is-skipped && exit 0 - echo "Running a trivial command causes no DENIED messages" test-snapd-sh-core24.sh -c 'echo hello' if os.query is-arch-linux && [ "$SNAP_REEXEC" != "1" ]; then diff --git a/tests/main/snap-userd-reexec/task.yaml b/tests/main/snap-userd-reexec/task.yaml index af9dd3fd26a..9dfbc6df559 100644 --- a/tests/main/snap-userd-reexec/task.yaml +++ b/tests/main/snap-userd-reexec/task.yaml @@ -11,9 +11,12 @@ environment: # uploading the snapd snap triggers OOM SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: skipping test when SNAP_REEXEC is disabled + if: | + [ "${SNAP_REEXEC:-}" = "0" ] + restore: | - tests.exec is-skipped && exit 0 - # Remove the local revision of snapd, if we installed one. SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$(readlink "$SNAP_MOUNT_DIR/snapd/current")" = x1 ]; then @@ -22,10 +25,6 @@ restore: | fi execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - tests.exec skip-test "skipping test when SNAP_REEXEC is disabled" && exit 0 - fi - snap list snapd | awk "/^snapd / {print(\$3)}" > prevBoot echo "Ensure service file is created if missing (e.g. on re-exec)" diff --git a/tests/main/snapd-homedirs-vendored/task.yaml b/tests/main/snapd-homedirs-vendored/task.yaml index 096184cdc7b..bfe5e457856 100644 --- a/tests/main/snapd-homedirs-vendored/task.yaml +++ b/tests/main/snapd-homedirs-vendored/task.yaml @@ -12,11 +12,12 @@ systems: [ubuntu-18*, ubuntu-20*, ubuntu-22*] environment: USERNAME: home-sweet-home -prepare: | - if [[ "$SNAP_REEXEC" = "0" ]] || tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when either the snapd pkg is from the repository or reexec is disabled" && exit 0 - fi +skip: + - reason: No need to test when either the snapd pkg is from the repository or reexec is disabled + if: | + [[ "$SNAP_REEXEC" = "0" ]] || tests.info is-snapd-from-archive +prepare: | # Create a new user in a non-standard location mkdir -p /remote/users useradd -b /remote/users -m -U "$USERNAME" @@ -32,8 +33,6 @@ prepare: | rm -rf "${unpackdir}" restore: | - tests.exec is-skipped && exit 0 - userdel -f --remove "$USERNAME" rm -rf /remote/users @@ -44,8 +43,6 @@ restore: | distro_install_build_snapd debug: | - tests.exec is-skipped && exit 0 - # output custom snap-confine snippets ls -l /var/lib/snapd/apparmor/snap-confine/ for f in /var/lib/snapd/apparmor/snap-confine/*; do @@ -54,8 +51,6 @@ debug: | done execute: | - tests.exec is-skipped && exit 0 - echo "Downgrading the snapd deb to pre-vendored apparmor times" TARGET_VER="$(apt list -a snapd | grep -- -updates | cut -f2 -d' ')" # Ubuntu release on development doesn't have updates diff --git a/tests/main/snapd-reexec/task.yaml b/tests/main/snapd-reexec/task.yaml index b8d21a64a77..a7f7292529c 100644 --- a/tests/main/snapd-reexec/task.yaml +++ b/tests/main/snapd-reexec/task.yaml @@ -18,11 +18,12 @@ environment: SNAPD_SRC/core: "core" SNAPD_SRC/snapd: "snapd" -prepare: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - tests.exec skip-test "skipping test when SNAP_REEXEC is disabled" && exit 0 - fi +skip: + - reason: skipping test when SNAP_REEXEC is disabled + if: | + [ "${SNAP_REEXEC:-}" = "0" ] +prepare: | # when testing core remove snapd snap as option for re-exec if [ "$SNAPD_SRC" == "core" ]; then systemctl stop snapd.service snapd.socket @@ -37,8 +38,6 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" SNAPD_MOUNT_DIR="$SNAP_MOUNT_DIR/$SNAPD_SRC" # remove the locale revision of the snapd source snap, if we installed one @@ -70,14 +69,10 @@ restore: | systemctl start snapd.service debug: | - tests.exec is-skipped && exit 0 - ls /etc/systemd/system/snapd.service.d cat /etc/systemd/system/snapd.service.d/* execute: | - tests.exec is-skipped && exit 0 - SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" SNAPD_MOUNT_DIR="$SNAP_MOUNT_DIR/$SNAPD_SRC" diff --git a/tests/main/snapd-snap-transition-auto-install/task.yaml b/tests/main/snapd-snap-transition-auto-install/task.yaml index 5c14a5ece7a..16bb9c619b4 100644 --- a/tests/main/snapd-snap-transition-auto-install/task.yaml +++ b/tests/main/snapd-snap-transition-auto-install/task.yaml @@ -14,11 +14,11 @@ environment: SNAPD_SRC/deb: "deb" SNAPD_SRC/core: "core" -prepare: | - if tests.info is-snapd-from-archive; then - tests.exec skip-test "This test needs snapd deb built from local" && exit 0 - fi +skip: + - reason: This test needs snapd deb built from local + if: tests.info is-snapd-from-archive +prepare: | # Expect system preparation stage installed built snapd and core snaps. # Check this and remove all snaps to remove snapd. snap list core @@ -49,8 +49,6 @@ prepare: | not snap list snapd execute: | - tests.exec is-skipped && exit 0 - # check re-exec disabled, exec from snapd deb or re-exec from core snap snap_mount_dir="$(os.paths snap-mount-dir)" expect="" diff --git a/tests/main/snapd-snap/task.yaml b/tests/main/snapd-snap/task.yaml index b652941d5ac..1095429db39 100644 --- a/tests/main/snapd-snap/task.yaml +++ b/tests/main/snapd-snap/task.yaml @@ -44,11 +44,13 @@ environment: # workaround for running on openstack backend no_proxy: ppa.launchpad.net -prepare: | - if [ "${SNAPD_USE_PROXY:-}" = true ]; then - tests.exec skip-test "Snapcraft fails to snap snapd when the proxy is set" && exit 0 - fi +skip: + - reason: Snapcraft fails to snap snapd when the proxy is set + if: | + [ "${SNAPD_USE_PROXY:-}" = true ] + +prepare: | # shellcheck source=tests/lib/systems.sh . "$TESTSLIB/systems.sh" @@ -132,8 +134,6 @@ prepare: | fi debug: | - tests.exec is-skipped && exit 0 - # get the snapd sandbox features snap debug sandbox-features @@ -142,8 +142,6 @@ debug: | "$TESTSTOOLS"/journal-state get-log execute: | - tests.exec is-skipped && exit 0 - # shellcheck source=tests/lib/systems.sh . "$TESTSLIB/systems.sh" diff --git a/tests/main/try/task.yaml b/tests/main/try/task.yaml index 725714d0dee..5a982020a94 100644 --- a/tests/main/try/task.yaml +++ b/tests/main/try/task.yaml @@ -15,21 +15,15 @@ environment: SERVICE_NAME: "test-service" prepare: | - tests.exec is-skipped && exit 0 - # shellcheck source=tests/lib/network.sh . "$TESTSLIB"/network.sh make_network_service "$SERVICE_NAME" "$PORT" restore: | - tests.exec is-skipped && exit 0 - systemctl stop "$SERVICE_NAME" rm -f "$READABLE_FILE" execute: | - tests.exec is-skipped && exit 0 - echo "Given a buildable snap in a known directory" echo "When try is executed on that directory" snap try "$TESTSLIB"/snaps/test-snapd-tools diff --git a/tests/main/upgrade-from-release/task.yaml b/tests/main/upgrade-from-release/task.yaml index 2d61f05e917..d68ab69adb9 100644 --- a/tests/main/upgrade-from-release/task.yaml +++ b/tests/main/upgrade-from-release/task.yaml @@ -6,27 +6,21 @@ details: | systems: [ubuntu-1*-64, ubuntu-2*-64] -prepare: | - if os.query is-arm; then - tests.exec skip-test "there is no content for arm64 in repo http://archive.ubuntu.com/ubuntu (just amd64)" && exit 0 - elif os.query is-ubuntu 25.10; then - tests.exec skip-test "there is no updates content for daily images in repo http://archive.ubuntu.com/ubuntu" && exit 0 - fi +skip: + - reason: there is no content for arm64 in repo http://archive.ubuntu.com/ubuntu (just amd64) + if: os.query is-arm +prepare: | #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" distro_purge_package snapd restore: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" distro_install_build_snapd execute: | - tests.exec is-skipped && exit 0 - . /etc/os-release # trusty has no UBUNTU_CODENAME in /etc/os-release and we need to cheat # because snapd was not part of the original 14.04 release so we get @@ -49,7 +43,7 @@ execute: | declare -A EXPECTED_SNAPD_VERSIONS=( ["26.04"]='2.73\+ubuntu26.04' - ["25.04"]='2.67.1\+25.04' + ["25.10"]='2.73\+ubuntu25.10' ["24.04"]='2.62\+24.04' ["22.04"]='2.55.3\+22.04' ["20.04"]='2.44.3\+20.04' diff --git a/tests/main/writable-areas/task.yaml b/tests/main/writable-areas/task.yaml index 119a1b7d94e..e5c54ac9098 100644 --- a/tests/main/writable-areas/task.yaml +++ b/tests/main/writable-areas/task.yaml @@ -12,10 +12,12 @@ environment: SNAP_REEXEC/reexec0: 0 SNAP_REEXEC/reexec1: 1 +skip: + - reason: No need to test when the snapd pkg is from the repository and reexec is disabled + if: | + [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive + prepare: | - if [ "$SNAP_REEXEC" = "0" ] && tests.info is-snapd-from-archive; then - tests.exec skip-test "No need to test when the snapd pkg is from the repository and reexec is disabled" && exit 0 - fi snap pack data-writer SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" if [ "$SNAP_REEXEC" = "1" ] && [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then @@ -26,8 +28,6 @@ prepare: | fi execute: | - tests.exec is-skipped && exit 0 - snap install --dangerous data-writer_1.0_all.snap echo "Apps can write to writable areas" diff --git a/tests/nested/manual/core22-basic/task.yaml b/tests/nested/manual/core22-basic/task.yaml index dfa87ec1548..3b0e19fdcd4 100644 --- a/tests/nested/manual/core22-basic/task.yaml +++ b/tests/nested/manual/core22-basic/task.yaml @@ -11,10 +11,12 @@ environment: EXPECT_TOKENS/tokens: true EXPECT_TOKENS/files: false +skip: + - reason: Tokens require UC 24.04 + if: | + os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ] + prepare: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - tests.exec skip-test "Tokens require UC 24.04" && exit 0 - fi tests.nested build-image core tests.nested create-vm core @@ -24,8 +26,6 @@ debug: | fi execute: | - tests.exec is-skipped && exit 0 - echo "Wait for the system to be seeded first" remote.exec "sudo snap wait system seed.loaded" diff --git a/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml b/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml index 0562e592020..77ed27b1681 100644 --- a/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml +++ b/tests/nested/manual/hybrid-fde-recovery-keys/task.yaml @@ -22,11 +22,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # TODO: this setup for hybrid tests is repeated in other tests # check if it can be made into helper or extend setup_nested_hybrid_system.sh diff --git a/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml b/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml index c736987eaf5..c6d65ac72f9 100644 --- a/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml +++ b/tests/nested/manual/hybrid-xkb-kcmdline/task.yaml @@ -24,11 +24,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" && exit 0 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # TODO: this setup for hybrid tests is repeated in other tests # check if it can be made into helper or extend setup_nested_hybrid_system.sh diff --git a/tests/nested/manual/seeding-failure/task.yaml b/tests/nested/manual/seeding-failure/task.yaml index 94d4618c5a9..f3a94770761 100644 --- a/tests/nested/manual/seeding-failure/task.yaml +++ b/tests/nested/manual/seeding-failure/task.yaml @@ -30,12 +30,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - tests.exec skip-test "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "${TRUST_TEST_KEYS}" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge @@ -79,13 +79,10 @@ prepare: | tests.nested build-image core restore: | - tests.exec is-skipped && exit 0 systemctl stop fakedevicesvc || true "${TESTSTOOLS}/store-state" teardown-fake-store "${NESTED_FAKESTORE_BLOB_DIR}" execute: | - tests.exec is-skipped && exit 0 - # this setup is required since "create-vm core" can't fully complete, due to # seeding failing on the first try export NESTED_EXPECT_SHUTDOWN=1 diff --git a/tests/smoke/find-info/task.yaml b/tests/smoke/find-info/task.yaml index 98181a0f3db..b9a55420d2e 100644 --- a/tests/smoke/find-info/task.yaml +++ b/tests/smoke/find-info/task.yaml @@ -6,8 +6,6 @@ details: | display detailed information about it by using the "snap info" command. execute: | - tests.exec is-skipped && exit 0 - echo "Ensure 'snap find' works" snap find test-snapd-tools | MATCH ^test-snapd-tools diff --git a/tests/smoke/install/task.yaml b/tests/smoke/install/task.yaml index e2f24f0a834..ea11da28ff2 100644 --- a/tests/smoke/install/task.yaml +++ b/tests/smoke/install/task.yaml @@ -10,8 +10,6 @@ details: | snaps: core, core18, core20 and core22. restore: | - tests.exec is-skipped && exit 0 - rm -f /home/test/stderr.log rm -f /home/test/stdout.log # required! in autopkgtest no suite restore is run at all @@ -21,16 +19,12 @@ restore: | done debug: | - tests.exec is-skipped && exit 0 - if test -e stderr.log; then echo "content of stderr.log" cat stderr.log fi execute: | - tests.exec is-skipped && exit 0 - #shellcheck source=tests/lib/systems.sh . "$TESTSLIB"/systems.sh diff --git a/tests/smoke/remove/task.yaml b/tests/smoke/remove/task.yaml index 9498fa38c5e..af870c607d5 100644 --- a/tests/smoke/remove/task.yaml +++ b/tests/smoke/remove/task.yaml @@ -7,8 +7,6 @@ details: | removal no leftovers remain in the mounting area. execute: | - tests.exec is-skipped && exit 0 - "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" diff --git a/tests/smoke/sandbox/task.yaml b/tests/smoke/sandbox/task.yaml index dc6110b6dcb..1b6840669e4 100644 --- a/tests/smoke/sandbox/task.yaml +++ b/tests/smoke/sandbox/task.yaml @@ -15,16 +15,12 @@ prepare: | fi restore: | - tests.exec is-skipped && exit 0 - rm -f /home/test/foo # required! in autopkgtest no suite restore is run at all snap remove --purge test-snapd-sandbox snap remove --purge test-snapd-hello-multi-arch execute: | - tests.exec is-skipped && exit 0 - if [ "$(snap debug confinement)" != "strict" ]; then if os.query is-ubuntu; then echo "all ubuntu systems must have strict confinement" From 19125887c4636c98efb27946a0f52c86f192f7c9 Mon Sep 17 00:00:00 2001 From: Maciej Borzecki Date: Wed, 28 Jan 2026 07:34:29 +0100 Subject: [PATCH 10/41] tests/main/layout-content-refresh-connect-hooks: verify mount namespace content visibility (#16497) * tests/main/layout-content-refresh-connect-hoks: verify mount namespace content visibility Verify the content of a mount namespace observed by plug side connect hooks during a refresh of a content provider snap. Signed-off-by: Maciej Borzecki * fixup! tests/main/layout-content-refresh-connect-hoks: verify mount namespace content visibility --------- Signed-off-by: Maciej Borzecki --- .../task.yaml | 75 +++++++++++++++++++ .../test-snapd-content-consumer/bin/app | 3 + .../hooks/connect-plug-special-content-basic | 10 +++ .../hooks/connect-plug-special-content-extra | 9 +++ .../disconnect-plug-special-content-basic | 8 ++ .../meta/snap.yaml | 25 +++++++ .../basic/basic-content | 1 + .../hooks/connect-slot-special-content-basic | 6 ++ .../disconnect-slot-special-content-basic | 6 ++ .../meta/snap.yaml | 9 +++ .../basic/basic-content | 1 + .../extra/extra-content | 1 + .../hooks/connect-slot-special-content-basic | 6 ++ .../hooks/connect-slot-special-content-extra | 6 ++ .../disconnect-slot-special-content-basic | 6 ++ .../disconnect-slot-special-content-extra | 6 ++ .../meta/snap.yaml | 14 ++++ 17 files changed, 192 insertions(+) create mode 100644 tests/main/layout-content-refresh-connect-hooks/task.yaml create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic create mode 100755 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra create mode 100644 tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml diff --git a/tests/main/layout-content-refresh-connect-hooks/task.yaml b/tests/main/layout-content-refresh-connect-hooks/task.yaml new file mode 100644 index 00000000000..dd456c31cd3 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/task.yaml @@ -0,0 +1,75 @@ +summary: Verify consumer provided content to be visible when content plug connection hook executes + +details: | + Verify that the content provided by the content slot snap is visible to a + plug connect hook during its execution. + +environment: + STORE_DIR: $(pwd)/fake-store-blobdir + STORE_ADDR: localhost:11028 + +skip: + - reason: "Test keys need to be trusted" + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + +prepare: | + snap install core24 + + "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" + tests.cleanup defer "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" + + snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" + snap ack "$TESTSLIB/assertions/developer1.account" + snap ack "$TESTSLIB/assertions/developer1.account-key" + + cp "$TESTSLIB"/assertions/testrootorg-store.account-key "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" + + # provider snaps + snap pack test-snapd-content-provider-v1 + snap pack test-snapd-content-provider-v2 + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider_1*.snap provider-id + + # consumer snap + snap pack test-snapd-content-consumer + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-consumer_1.*.snap consumer-id + +debug: | + cat /var/snap/test-snapd-content-consumer/common/hook.log || true + +execute: | + # install the first version + snap install test-snapd-content-consumer + + # the provider was pulled in and the plug is connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-basic" + # content-extra plug is not connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-consumer:special-content-extra +-" + + test-snapd-content-consumer.app |& tee output.log + MATCH 'hello from app' < output.log + # check logs from connect hook + MATCH "connect content basic" < /var/snap/test-snapd-content-consumer/common/hook.log + NOMATCH "connect content extra" < /var/snap/test-snapd-content-consumer/common/hook.log + + # make v2 now available + "$TESTSTOOLS"/store-state make-snap-installable --revision 2 "$STORE_DIR" \ + test-snapd-content-provider_2*.snap provider-id + + # refresh, a new slot should be auto connected, which is observed by the + # connect plug hook on the content consumer + snap refresh test-snapd-content-provider + + # new provider was pulled in and is connected now + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-basic" + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider:special-content-extra" + + test-snapd-content-consumer.app |& tee output.log + MATCH 'hello from app' < output.log + + MATCH "connect content extra" < /var/snap/test-snapd-content-consumer/common/hook.log diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic new file mode 100755 index 00000000000..dfcf7b70a5d --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-basic @@ -0,0 +1,10 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== connect content basic" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls +echo "should fail, file isn't there yet" +cat "$SNAP/connected-content-extra/extra-content" || true diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra new file mode 100755 index 00000000000..018c8400fc4 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/connect-plug-special-content-extra @@ -0,0 +1,9 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== connect content extra" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls +cat "$SNAP/connected-content-extra/extra-content" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic new file mode 100755 index 00000000000..8c54dd2dcfa --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/hooks/disconnect-plug-special-content-basic @@ -0,0 +1,8 @@ +#!/bin/bash +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +set -x +date +echo "=== disconnect content basic" +find "$SNAP/connected-content-basic" -ls +find "$SNAP/connected-content-extra" -ls diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml new file mode 100644 index 00000000000..bafbac33eaa --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-consumer/meta/snap.yaml @@ -0,0 +1,25 @@ +name: test-snapd-content-consumer +version: 1.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + plugs: + - special-content-basic + - special-content-extra + +plugs: + special-content-basic: + interface: content + target: $SNAP/connected-content-basic + # like a snap using one version of gnome runtime + default-provider: test-snapd-content-provider + + special-content-extra: + interface: content + target: $SNAP/connected-content-extra + # no default provider is listed diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content new file mode 100644 index 00000000000..4395b36a146 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/basic/basic-content @@ -0,0 +1 @@ +basic V1 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic new file mode 100755 index 00000000000..e3ca4b36124 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/connect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic new file mode 100755 index 00000000000..06f6073651a --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/hooks/disconnect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml new file mode 100644 index 00000000000..25178bfa491 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v1/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider +version: 1.0.0 +base: core24 + +slots: + special-content-basic: + interface: content + read: + - /basic diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content new file mode 100644 index 00000000000..f6c5d59b78d --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/basic/basic-content @@ -0,0 +1 @@ +basic V2 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content new file mode 100644 index 00000000000..5d3ffd09118 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/extra/extra-content @@ -0,0 +1 @@ +extra V2 diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic new file mode 100755 index 00000000000..e3ca4b36124 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra new file mode 100755 index 00000000000..69f79037a76 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/connect-slot-special-content-extra @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "connecting slot special-content extra" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic new file mode 100755 index 00000000000..06f6073651a --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-basic @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content basic" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra new file mode 100755 index 00000000000..ee2a39cf5e9 --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/hooks/disconnect-slot-special-content-extra @@ -0,0 +1,6 @@ +#!/bin/sh +exec >> "$SNAP_COMMON/hook.log" 2>&1 + +date +echo "=== provider" +echo "disconnecting slot special-content extra" diff --git a/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml new file mode 100644 index 00000000000..8c93d28e9ef --- /dev/null +++ b/tests/main/layout-content-refresh-connect-hooks/test-snapd-content-provider-v2/meta/snap.yaml @@ -0,0 +1,14 @@ +name: test-snapd-content-provider +version: 2.0.0 +base: core24 + +slots: + special-content-basic: + interface: content + read: + - /basic + + special-content-extra: + interface: content + read: + - /extra From f86c1e4241808f4bf1330b7c90301973ec918eff Mon Sep 17 00:00:00 2001 From: Ernest Lotter Date: Thu, 29 Jan 2026 21:23:04 +0200 Subject: [PATCH 11/41] tests/nested/manual: fix muinstaller (#16483) * tests/nested/manual: enable 26.04 on muinstaller * tests/nested/manual: add prerequisite shim, grub and kernel for preinstall check on 25.10+ --- tests/nested/manual/muinstaller/task.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/nested/manual/muinstaller/task.yaml b/tests/nested/manual/muinstaller/task.yaml index 741df34b5fd..826dde545d9 100644 --- a/tests/nested/manual/muinstaller/task.yaml +++ b/tests/nested/manual/muinstaller/task.yaml @@ -6,7 +6,7 @@ details: | # this is a UC20+ specific test # TODO this currently fails on ubuntu-20.04-64 timing out -systems: [ubuntu-22.04-64, ubuntu-24.04-64] +systems: [ubuntu-22.04-64, ubuntu-24.04-64, ubuntu-26.04-64] environment: # nested test so that we can test encryted installs eventually @@ -108,8 +108,16 @@ execute: | cp -a ./classic-seed/system-seed/ /var/lib/snapd/seed rm -rf classic-seed - # do some light checking that the system is valid + if os.query is_ubuntu_ge 25.10; then + # satisfy preinstall check need for locating boot images + mkdir -p /cdrom/EFI/boot/ + touch /cdrom/EFI/boot/bootx64.efi + touch /cdrom/EFI/boot/grubx64.efi + mkdir -p /cdrom/casper + touch /cdrom/casper/vmlinuz + fi + snap debug api /v2/systems | gojq '.result.systems[0].label' | MATCH "$LABEL" snap debug api "/v2/systems/$LABEL" > system gojq '.result.model.distribution' system | MATCH "ubuntu" From eab5bfb57ca10688ffa59ca0f4896bb8556858c9 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Thu, 29 Jan 2026 17:28:06 -0300 Subject: [PATCH 12/41] tests: fix build-with-kernel-modules-components by updating modules check (#16510) The modules need to be checked in the vm instead. --- .../manual/build-with-kernel-modules-components/task.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/nested/manual/build-with-kernel-modules-components/task.yaml b/tests/nested/manual/build-with-kernel-modules-components/task.yaml index aa137066e59..747439647b2 100644 --- a/tests/nested/manual/build-with-kernel-modules-components/task.yaml +++ b/tests/nested/manual/build-with-kernel-modules-components/task.yaml @@ -59,7 +59,7 @@ execute: | # check component from store has been early-installed check_efi_pstore # Additionally, check that modules loaded by systemd right after switch root could be loaded - lsmod | MATCH ahci + remote.exec lsmod | MATCH ahci # No mounts for unset versions are found mount | not MATCH efi-pstore_unset mount | not MATCH pc-kernel_unset @@ -69,7 +69,7 @@ execute: | remote.exec sudo reboot || true tests.nested wait-for reboot "$boot_id" check_efi_pstore - lsmod | MATCH ahci + remote.exec lsmod | MATCH ahci # remove kernel component remote.exec sudo snap remove pc-kernel+"$KMOD_COMP" From d892b67b7c38907ed77f56a448a1f619c2d807b7 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Fri, 30 Jan 2026 08:46:51 -0300 Subject: [PATCH 13/41] tests: move main tests to new skip format - part 4 (#16514) * tests: move main tests to new skip format - part 4 This is the last part of the migration to the new skip format. In this change the nested tests are migrated. * Update tests/nested/core/core-revert/task.yaml Co-authored-by: Katie May --------- Co-authored-by: Katie May --- tests/nested/core/core-revert/task.yaml | 10 +++++----- tests/nested/manual/cmdline-option/task.yaml | 20 +++++-------------- .../task.yaml | 10 +++++----- .../component-recovery-system/task.yaml | 10 +++++----- .../manual/core20-auto-remove-user/task.yaml | 20 +++++-------------- .../core20-boot-config-update/task.yaml | 15 +++++--------- .../task.yaml | 20 +++++-------------- .../task.yaml | 20 +++++-------------- .../manual/core20-gadget-cloud-conf/task.yaml | 20 +++++-------------- .../task.yaml | 20 +++++-------------- .../task.yaml | 20 +++++-------------- .../task.yaml | 20 +++++-------------- .../task.yaml | 20 +++++-------------- .../manual/core20-validation-sets/task.yaml | 20 +++++-------------- .../fde-auth-support-on-hybrid/task.yaml | 10 +++++----- .../hybrid-fde-all-key-databases/task.yaml | 10 +++++----- .../hybrid-tpm-fde-preinstall-check/task.yaml | 10 +++++----- .../nested/manual/muinstaller-core/task.yaml | 9 ++++----- .../muinstaller-oldbasenewkernel/task.yaml | 9 +++++---- .../nested/manual/muinstaller-real/task.yaml | 9 +++++---- tests/nested/manual/muinstaller/task.yaml | 18 +++++------------ tests/nested/manual/optee-fde/task.yaml | 10 +++++----- .../manual/recovery-system-reboot/task.yaml | 10 +++++----- .../refresh-revert-fundamentals/task.yaml | 20 +++++++------------ .../remodel-to-installed-kernel/task.yaml | 10 +++++----- .../remodel-with-components-offline/task.yaml | 10 +++++----- .../manual/remodel-with-components/task.yaml | 10 +++++----- tests/nested/manual/split-refresh/task.yaml | 18 +++++------------ tests/nested/manual/uc20-fde-hooks/task.yaml | 15 +++++--------- .../manual/uc20-storage-safety/task.yaml | 20 +++++-------------- 30 files changed, 151 insertions(+), 292 deletions(-) diff --git a/tests/nested/core/core-revert/task.yaml b/tests/nested/core/core-revert/task.yaml index 8dcf208b9f0..bb2d86d5f59 100644 --- a/tests/nested/core/core-revert/task.yaml +++ b/tests/nested/core/core-revert/task.yaml @@ -15,6 +15,11 @@ kill-timeout: 30m environment: IMAGE_FILE: $SNAPD_WORK_DIR/images/ubuntu-core-new.img +skip: + - reason: This test needs to start from beta/candidate/stable channel + if: | + [ "$NESTED_BUILD_SNAPD_FROM_CURRENT" = "true" ] || [ "$NESTED_CORE_CHANNEL" = "$NESTED_CORE_REFRESH_CHANNEL" ] + debug: | systemctl stop nested-vm || true if [ -f "$IMAGE_FILE" ]; then @@ -33,11 +38,6 @@ debug: | fi execute: | - if [ "$NESTED_BUILD_SNAPD_FROM_CURRENT" = "true" ] || [ "$NESTED_CORE_CHANNEL" = "$NESTED_CORE_REFRESH_CHANNEL" ]; then - echo "This test need to start from beta/candidate/stable channel" - exit 0 - fi - echo "Refresh the core snap to $NESTED_CORE_REFRESH_CHANNEL channel" remote.exec "snap info core" | MATCH "tracking: +latest/${NESTED_CORE_CHANNEL}" remote.exec "sudo snap refresh --${NESTED_CORE_REFRESH_CHANNEL} core" || true diff --git a/tests/nested/manual/cmdline-option/task.yaml b/tests/nested/manual/cmdline-option/task.yaml index 50d25e4ac90..00c8dd45fa5 100644 --- a/tests/nested/manual/cmdline-option/task.yaml +++ b/tests/nested/manual/cmdline-option/task.yaml @@ -41,12 +41,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -113,11 +113,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -127,11 +122,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Waiting for the system to be seeded" remote.exec "sudo snap wait system seed.loaded" diff --git a/tests/nested/manual/component-recovery-system-offline/task.yaml b/tests/nested/manual/component-recovery-system-offline/task.yaml index 490a84b8fd6..03dc50501b4 100644 --- a/tests/nested/manual/component-recovery-system-offline/task.yaml +++ b/tests/nested/manual/component-recovery-system-offline/task.yaml @@ -25,12 +25,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap install test-snapd-swtpm --edge snap download test-snapd-curl --edge --basename=test-snapd-curl snap download core18 --basename=core18 diff --git a/tests/nested/manual/component-recovery-system/task.yaml b/tests/nested/manual/component-recovery-system/task.yaml index d659422b007..4f4dd0ebcd9 100644 --- a/tests/nested/manual/component-recovery-system/task.yaml +++ b/tests/nested/manual/component-recovery-system/task.yaml @@ -21,12 +21,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap install test-snapd-swtpm --edge "${TESTSTOOLS}/store-state" setup-fake-store "${NESTED_FAKESTORE_BLOB_DIR}" diff --git a/tests/nested/manual/core20-auto-remove-user/task.yaml b/tests/nested/manual/core20-auto-remove-user/task.yaml index 8497279be99..49c4c01fa3f 100644 --- a/tests/nested/manual/core20-auto-remove-user/task.yaml +++ b/tests/nested/manual/core20-auto-remove-user/task.yaml @@ -36,12 +36,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # set the expiration of the assert to 60 minutes, and replace the version # with the version we are testing VERSION="$(tests.nested show version)" @@ -114,21 +114,11 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" diff --git a/tests/nested/manual/core20-boot-config-update/task.yaml b/tests/nested/manual/core20-boot-config-update/task.yaml index 46aedeecb74..21c7ba277e1 100644 --- a/tests/nested/manual/core20-boot-config-update/task.yaml +++ b/tests/nested/manual/core20-boot-config-update/task.yaml @@ -15,12 +15,12 @@ environment: NESTED_ENABLE_TPM: true NESTED_ENABLE_SECURE_BOOT: true -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs a build of snapd with testing features enabled" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh build_snapd_snap . @@ -71,11 +71,6 @@ debug: | cat boot-chains-after.json || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs a build of snapd with testing features enabled" - exit - fi - remote.exec sudo cat /var/lib/snapd/device/fde/boot-chains > boot-chains-before.json SEALED_KEY_MTIME_1="$(remote.exec sudo stat --format="%Y" /run/mnt/ubuntu-boot/device/fde/ubuntu-data.sealed-key)" RESEAL_COUNT_1="$(gojq -r '.["reseal-count"]' < boot-chains-before.json )" diff --git a/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml b/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml index fbafea980eb..387b5f8671c 100644 --- a/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml +++ b/tests/nested/manual/core20-cloud-init-maas-signed-seed-data/task.yaml @@ -51,12 +51,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -145,11 +145,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" @@ -162,11 +157,6 @@ debug: | remote.exec "cloud-init status --long" || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" diff --git a/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml b/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml index 446e3317421..3a78e7faea7 100644 --- a/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml +++ b/tests/nested/manual/core20-factory-reset-install-device-hook/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Setup the fake-store for ubuntu-image to use when creating our core image. # We immediately tear down the staging store, to make sure snapd is not pointed # towards this once we invoke ubuntu-image. @@ -110,22 +110,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 3 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-gadget-cloud-conf/task.yaml b/tests/nested/manual/core20-gadget-cloud-conf/task.yaml index cc9a2b9c667..d41dcb7dc98 100644 --- a/tests/nested/manual/core20-gadget-cloud-conf/task.yaml +++ b/tests/nested/manual/core20-gadget-cloud-conf/task.yaml @@ -49,12 +49,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # setup the fakestore, but don't use it for our snapd here on the host VM, so # tear down the staging_store immediately afterwards so that only the SAS is # running and our snapd is not pointed at it, ubuntu-image is the only thing @@ -108,11 +108,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -122,11 +117,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "The initial cloud-init user was created" remote.exec "cat /var/lib/extrausers/passwd" | MATCH normal-user diff --git a/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml b/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml index 6956db8c591..087d9044f1e 100644 --- a/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml +++ b/tests/nested/manual/core20-grade-signed-above-testkeys-boot/task.yaml @@ -44,12 +44,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -104,11 +104,6 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -118,11 +113,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml b/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml index 3e6b6cfd734..2bd116e3e0b 100644 --- a/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml +++ b/tests/nested/manual/core20-grade-signed-cloud-init-testkeys/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/nested.sh . "$TESTSLIB/nested.sh" @@ -106,11 +106,6 @@ prepare: | tests.nested create-vm core --param-cdrom "-cdrom $(pwd)/seed.iso" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc @@ -120,11 +115,6 @@ debug: | systemctl status fakedevicesvc || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml b/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml index bacf7202e00..6c4589328a3 100644 --- a/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml +++ b/tests/nested/manual/core20-install-device-file-install-ubuntu-save-via-hook/task.yaml @@ -39,12 +39,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Setup the fake-store for ubuntu-image to use when creating our core image. # We immediately tear down the staging store, to make sure snapd is not pointed # towards this once we invoke ubuntu-image. @@ -100,22 +100,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 1 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml b/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml index af58f2b0dce..735ffba34d7 100644 --- a/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml +++ b/tests/nested/manual/core20-install-device-file-install-via-hook-hack/task.yaml @@ -40,12 +40,12 @@ environment: # a model with grade higher than dangerous when building the image NESTED_CORE_CHANNEL: "" -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # setup the fakestore, but don't use it for our snapd here on the host VM, so # tear down the staging_store immediately afterwards so that only the SAS is # running and our snapd is not pointed at it, ubuntu-image is the only thing @@ -112,22 +112,12 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # stop fake device svc systemctl stop fakedevicesvc "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize device task to be done retry -n 200 --wait 3 sh -c "remote.exec snap changes | MATCH 'Done.*Initialize device'" diff --git a/tests/nested/manual/core20-validation-sets/task.yaml b/tests/nested/manual/core20-validation-sets/task.yaml index 7b08c19c141..4887a60de64 100644 --- a/tests/nested/manual/core20-validation-sets/task.yaml +++ b/tests/nested/manual/core20-validation-sets/task.yaml @@ -21,12 +21,12 @@ environment: NESTED_FAKESTORE_BLOB_DIR: $(pwd)/fake-store-blobdir NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$NESTED_FAKESTORE_BLOB_DIR" add_official_snap_to_fakestore() { @@ -85,19 +85,9 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # wait for the initialize system state change to be done, it's the change that # seeds the system, and it must complete correctly. Initialize device will fail due # to the serial assertion missing at this point diff --git a/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml b/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml index 9be93a1cff0..fccfd4cbf54 100644 --- a/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml +++ b/tests/nested/manual/fde-auth-support-on-hybrid/task.yaml @@ -21,12 +21,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" #shellcheck source=tests/lib/nested.sh diff --git a/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml b/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml index 202ad47c48c..1707ad03330 100644 --- a/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml +++ b/tests/nested/manual/hybrid-fde-all-key-databases/task.yaml @@ -21,6 +21,11 @@ environment: KEY_DATABASE/kek: KEK KEY_DATABASE/pk: PK +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" @@ -29,11 +34,6 @@ prepare: | tests.pkgs install efitools - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" echo "Expose the needed assertions through the fakestore" diff --git a/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml b/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml index 26b76729d6b..64081bf3132 100644 --- a/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml +++ b/tests/nested/manual/hybrid-tpm-fde-preinstall-check/task.yaml @@ -26,12 +26,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" #shellcheck source=tests/lib/nested.sh diff --git a/tests/nested/manual/muinstaller-core/task.yaml b/tests/nested/manual/muinstaller-core/task.yaml index d4aa1a60fff..2d3d24e5154 100644 --- a/tests/nested/manual/muinstaller-core/task.yaml +++ b/tests/nested/manual/muinstaller-core/task.yaml @@ -41,11 +41,10 @@ environment: INSTALL_OPTIONAL_ALL/install_optional_all: true INSTALL_OPTIONAL_EXPECT_ALL/install_optional_all: true -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] restore: | rm -rf pc-kernel.* pc.* initrd* linux* kernel* tmp* pc-gadget snap-with-comps.snap snap-with-comps+comp1.comp core-seed fake-disk.img diff --git a/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml b/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml index 66fb7d2b3a2..8549363ce9a 100644 --- a/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml +++ b/tests/nested/manual/muinstaller-oldbasenewkernel/task.yaml @@ -17,11 +17,12 @@ environment: # image IMAGE_MOUNTPOINT: /mnt/cloudimg +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | diff --git a/tests/nested/manual/muinstaller-real/task.yaml b/tests/nested/manual/muinstaller-real/task.yaml index 96f1dada110..534ec1c2696 100644 --- a/tests/nested/manual/muinstaller-real/task.yaml +++ b/tests/nested/manual/muinstaller-real/task.yaml @@ -39,11 +39,12 @@ environment: # image IMAGE_MOUNTPOINT: /mnt/cloudimg +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | diff --git a/tests/nested/manual/muinstaller/task.yaml b/tests/nested/manual/muinstaller/task.yaml index 826dde545d9..6e6140685a4 100644 --- a/tests/nested/manual/muinstaller/task.yaml +++ b/tests/nested/manual/muinstaller/task.yaml @@ -21,11 +21,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Install used snaps" if [ -d /var/lib/snapd/seed ]; then mv /var/lib/snapd/seed /var/lib/snapd/seed.orig @@ -34,10 +35,6 @@ prepare: | restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/seed if [ -d /var/lib/snapd/seed.orig ]; then mv /var/lib/snapd/seed.orig /var/lib/snapd/seed @@ -46,11 +43,6 @@ restore: | rm -rf pc-kernel.* pc.* initrd* linux* kernel* tmp* pc-gadget pc muinstaller classic-seed fake-disk.img fdisk_output execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # XXX: the code in DeviceManager.SystemAndGadgetInfo() will only work on # classic systems with modeenv right now (which is something we may need # to fix to work from the classic installer). diff --git a/tests/nested/manual/optee-fde/task.yaml b/tests/nested/manual/optee-fde/task.yaml index 0eda1421566..fb7aa03b863 100644 --- a/tests/nested/manual/optee-fde/task.yaml +++ b/tests/nested/manual/optee-fde/task.yaml @@ -23,12 +23,12 @@ environment: KEY_PROTECTOR/optee: "optee" KEY_PROTECTOR/hooks: "fde-setup-hook" -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | kernel_name="" kernel_revision="" gadget_name="" diff --git a/tests/nested/manual/recovery-system-reboot/task.yaml b/tests/nested/manual/recovery-system-reboot/task.yaml index 496e6ee326a..1417bb4ed2f 100644 --- a/tests/nested/manual/recovery-system-reboot/task.yaml +++ b/tests/nested/manual/recovery-system-reboot/task.yaml @@ -28,12 +28,12 @@ environment: NESTED_ENABLE_SECURE_BOOT/install: false NESTED_ENABLE_TPM/install: false -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/refresh-revert-fundamentals/task.yaml b/tests/nested/manual/refresh-revert-fundamentals/task.yaml index d4e792941e4..0b591d0f8d0 100644 --- a/tests/nested/manual/refresh-revert-fundamentals/task.yaml +++ b/tests/nested/manual/refresh-revert-fundamentals/task.yaml @@ -26,16 +26,14 @@ environment: SNAP/base: core20 TRACK/base: latest -prepare: | - FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" - TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" - - if [ "$FROM_REV" = "$TO_REV" ]; then - echo "Initial and target revisions are the same, skipping..." - touch skip.test - exit - fi +skip: + - reason: Initial and target revisions are the same + if: | + FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" + TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" + [ "$FROM_REV" = "$TO_REV" ] +prepare: | tests.nested build-image core tests.nested create-vm core @@ -43,10 +41,6 @@ debug: | remote.exec "snap changes" || true execute: | - if [ -f skip.test ]; then - exit - fi - FROM_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_CHANNEL)" TO_REV="$(tests.nested snap-rev "$SNAP" $TRACK/$NESTED_CORE_REFRESH_CHANNEL)" diff --git a/tests/nested/manual/remodel-to-installed-kernel/task.yaml b/tests/nested/manual/remodel-to-installed-kernel/task.yaml index c6eeb121357..f099ab41a4d 100644 --- a/tests/nested/manual/remodel-to-installed-kernel/task.yaml +++ b/tests/nested/manual/remodel-to-installed-kernel/task.yaml @@ -34,12 +34,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/remodel-with-components-offline/task.yaml b/tests/nested/manual/remodel-with-components-offline/task.yaml index 7c050c45a0f..1e0b6c5dc5b 100644 --- a/tests/nested/manual/remodel-with-components-offline/task.yaml +++ b/tests/nested/manual/remodel-with-components-offline/task.yaml @@ -27,12 +27,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/remodel-with-components/task.yaml b/tests/nested/manual/remodel-with-components/task.yaml index 127f6bea5b4..98354d50d3f 100644 --- a/tests/nested/manual/remodel-with-components/task.yaml +++ b/tests/nested/manual/remodel-with-components/task.yaml @@ -25,12 +25,12 @@ environment: NESTED_SIGN_SNAPS_FAKESTORE: true NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 -prepare: | - if [ "${TRUST_TEST_KEYS}" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # although nested_start_core_vm_unit usually installs this, the fake store # will already have been set up, so we need to install it here snap install test-snapd-swtpm --edge diff --git a/tests/nested/manual/split-refresh/task.yaml b/tests/nested/manual/split-refresh/task.yaml index 6dcd44e73ba..f328cc7213b 100644 --- a/tests/nested/manual/split-refresh/task.yaml +++ b/tests/nested/manual/split-refresh/task.yaml @@ -18,21 +18,18 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi if [ -d /var/lib/snapd/seed ]; then mv /var/lib/snapd/seed /var/lib/snapd/seed.orig fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/seed if [ -d /var/lib/snapd/seed.orig ]; then mv /var/lib/snapd/seed.orig /var/lib/snapd/seed @@ -48,11 +45,6 @@ debug: | fi execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/nested/manual/uc20-fde-hooks/task.yaml b/tests/nested/manual/uc20-fde-hooks/task.yaml index a2e2036c20d..7aed30d4e06 100644 --- a/tests/nested/manual/uc20-fde-hooks/task.yaml +++ b/tests/nested/manual/uc20-fde-hooks/task.yaml @@ -17,12 +17,12 @@ environment: EXPECT_TOKENS/tokens: true EXPECT_TOKENS/files: false -prepare: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - # SKIP - exit 0 - fi +skip: + - reason: Tokens are expected but ubuntu is lt 24.04 + if: | + os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ] +prepare: | echo "Build a kernel snap with the fde-setup hook" # shellcheck source=tests/lib/prepare.sh . "$TESTSLIB/prepare.sh" @@ -40,11 +40,6 @@ prepare: | tests.nested create-vm core execute: | - if os.query is-ubuntu-lt 24.04 && [ "${EXPECT_TOKENS}" = true ]; then - # SKIP - exit 0 - fi - echo "Check that we have an encrypted system" remote.exec "find /dev/mapper" | MATCH ubuntu-data-[0-9a-f-]+ diff --git a/tests/nested/manual/uc20-storage-safety/task.yaml b/tests/nested/manual/uc20-storage-safety/task.yaml index 74755f47d4f..c29a1334da2 100644 --- a/tests/nested/manual/uc20-storage-safety/task.yaml +++ b/tests/nested/manual/uc20-storage-safety/task.yaml @@ -17,12 +17,12 @@ environment: NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL: http://localhost:11028 NESTED_FAKESTORE_BLOB_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # setup the fakestore, but don't use it for our snapd here on the # host VM, so tear down the staging_store immediately afterwards # so that only the SAS is running and our snapd is not pointed at @@ -40,19 +40,9 @@ prepare: | tests.nested create-vm core restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$NESTED_FAKESTORE_BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Verify that no fde keys are generated" remote.exec "test ! -d /var/lib/snapd/device/fde" From 638aec8184017dd90ee02f2e743bc4377e053b16 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Fri, 30 Jan 2026 11:05:09 -0300 Subject: [PATCH 14/41] tests: fix sru validation (#16524) * tests: fix sru validation This change removes the download of snap-confine which is not required anymore (see https://github.com/canonical/snapd/pull/16302) Also removes ubuntu 25.04 from the list of required systems * avoid downloading snap-confine just in ubuntu 26.04+ --- spread.yaml | 3 --- tests/lib/prepare-restore.sh | 7 ++++++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/spread.yaml b/spread.yaml index 9b8822ef628..f986daa132e 100644 --- a/spread.yaml +++ b/spread.yaml @@ -609,9 +609,6 @@ backends: - ubuntu-24.04-64: image: snapd-spread/ubuntu-24.04-64 workers: 8 - - ubuntu-25.04-64: - image: snapd-spread/ubuntu-25.04-64 - workers: 8 - ubuntu-25.10-64: image: snapd-spread/ubuntu-25.10-64 workers: 8 diff --git a/tests/lib/prepare-restore.sh b/tests/lib/prepare-restore.sh index 5263976ad96..4b892b9a41f 100755 --- a/tests/lib/prepare-restore.sh +++ b/tests/lib/prepare-restore.sh @@ -582,7 +582,12 @@ prepare_project() { ( cd "${GOHOME}" && apt-get download snapd snap-confine ) ;; *) - ( cd "${GOHOME}" && tests.pkgs download snapd snap-confine) + if os.query is-ubuntu-lt 26.04; then + ( cd "${GOHOME}" && tests.pkgs download snapd snap-confine) + else + # In Ubuntu 26.04+, the snap-confine transitional package was removed. + ( cd "${GOHOME}" && tests.pkgs download snapd) + fi ;; esac elif [ "$USE_PREBUILT_PACKAGES" = "true" ]; then From b758e8db73c443837ce926da664807ac509e0f3b Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Fri, 30 Jan 2026 11:07:31 -0300 Subject: [PATCH 15/41] tests: move main tests to new skip format - part 2 (#16512) * tests: move main tests to new skip format - part 2 This is the second part of the migration to the new skip format. This change is migrating tests in main suite (from tests starting with interfaces-* to the security-*). * minor fixes based on review comments --- tests/main/lxd-mount-units/task.yaml | 6 + tests/main/lxd-no-fuse/task.yaml | 6 + tests/main/lxd-postrm-purge/task.yaml | 10 +- tests/main/lxd-try/task.yaml | 14 +- tests/main/lxd/task.yaml | 15 +- .../google.ubuntu-16.04-64/HOST.expected.txt | 40 ---- .../PER-SNAP-16.expected.txt | 76 ------- .../PER-SNAP-18.expected.txt | 77 ------- .../PER-SNAP-C7.expected.txt | 40 ---- .../PER-USER-16.expected.txt | 76 ------- .../PER-USER-18.expected.txt | 77 ------- .../PER-USER-C7.expected.txt | 40 ---- .../HOST.expected.txt | 120 ---------- .../PER-SNAP-16.expected.txt | 211 ------------------ .../PER-SNAP-18.expected.txt | 198 ---------------- .../PER-USER-16.expected.txt | 211 ------------------ .../PER-USER-18.expected.txt | 198 ---------------- tests/main/mount-ns/task.yaml | 13 -- tests/main/network-retry/task.yaml | 14 +- tests/main/prepare-image-check-arch/task.yaml | 27 +-- tests/main/prepare-image-classic/task.yaml | 27 +-- tests/main/prepare-image-grub/task.yaml | 18 +- .../main/prepare-image-reproducible/task.yaml | 20 +- tests/main/prepare-image-uboot-uc20/task.yaml | 27 +-- .../prepare-image-validation-sets/task.yaml | 20 +- tests/main/preseed-core20/task.yaml | 20 +- tests/main/proxy/task.yaml | 18 +- tests/main/refresh-all-undo/task.yaml | 20 +- tests/main/refresh-all/task.yaml | 19 +- tests/main/refresh-app-awareness/task.yaml | 8 +- tests/main/refresh-devmode/task.yaml | 36 +-- .../refresh-many-transactional-undo/task.yaml | 20 +- .../main/refresh-many-transactional/task.yaml | 20 +- tests/main/refresh/task.yaml | 60 +---- tests/main/revert-devmode/task.yaml | 36 +-- tests/main/revert/task.yaml | 36 +-- tests/main/security-apparmor/task.yaml | 8 +- 37 files changed, 145 insertions(+), 1737 deletions(-) delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt delete mode 100644 tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt diff --git a/tests/main/lxd-mount-units/task.yaml b/tests/main/lxd-mount-units/task.yaml index 7e16ab69e7a..70ea8673d65 100644 --- a/tests/main/lxd-mount-units/task.yaml +++ b/tests/main/lxd-mount-units/task.yaml @@ -7,6 +7,12 @@ details: | # only 20.04+, we want lxd images that come with snaps preinstalled. systems: [ubuntu-2*] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + restore: | lxd.lxc stop ubuntu --force || true lxd.lxc delete ubuntu || true diff --git a/tests/main/lxd-no-fuse/task.yaml b/tests/main/lxd-no-fuse/task.yaml index 9ff65151f78..87183b8b735 100644 --- a/tests/main/lxd-no-fuse/task.yaml +++ b/tests/main/lxd-no-fuse/task.yaml @@ -7,6 +7,12 @@ details: | # we just need a single system to verify this systems: [ubuntu-22.04-64] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + restore: | lxc delete --force my-ubuntu snap remove --purge lxd diff --git a/tests/main/lxd-postrm-purge/task.yaml b/tests/main/lxd-postrm-purge/task.yaml index b4db185d16c..b2094180f2d 100644 --- a/tests/main/lxd-postrm-purge/task.yaml +++ b/tests/main/lxd-postrm-purge/task.yaml @@ -15,6 +15,12 @@ priority: 1000 # lxd downloads can be quite slow kill-timeout: 25m +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | # using apt here is ok because this test only runs on ubuntu echo "Remove any installed debs (some images carry them) to ensure we test the snap" @@ -44,10 +50,6 @@ prepare: | lxd.lxc exec my-ubuntu -- /root/prep-snapd-in-lxd.sh restore: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - exit - fi - lxd.lxc stop my-ubuntu --force || true lxd.lxc delete my-ubuntu || true snap remove --purge lxd diff --git a/tests/main/lxd-try/task.yaml b/tests/main/lxd-try/task.yaml index a0d7aaf2b61..9731bbe26b9 100644 --- a/tests/main/lxd-try/task.yaml +++ b/tests/main/lxd-try/task.yaml @@ -5,19 +5,17 @@ details: | systems: [ubuntu-2*] +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | echo "Install lxd" "$TESTSTOOLS"/lxd-state prepare-snap "$TESTSTOOLS"/lxd-state launch --name ubuntu - echo "Setting up proxy *inside* the container" - if [ -n "${http_proxy:-}" ]; then - lxd.lxc exec ubuntu -- sh -c "echo http_proxy=$http_proxy >> /etc/environment" - fi - if [ -n "${https_proxy:-}" ]; then - lxd.lxc exec ubuntu -- sh -c "echo https_proxy=$https_proxy >> /etc/environment" - fi - # wait for the container to be fully up # the retry is needed because of the error "Failed to connect to bus: No such file or directory" retry --wait 1 -n 10 sh -c 'lxd.lxc exec ubuntu -- systemctl --wait is-system-running | grep -Eq "(running|degraded)"' diff --git a/tests/main/lxd/task.yaml b/tests/main/lxd/task.yaml index aa8a4f86b03..e857ee3f060 100644 --- a/tests/main/lxd/task.yaml +++ b/tests/main/lxd/task.yaml @@ -32,6 +32,12 @@ environment: REFRESH_APP_AWARENESS_OUTER/snapd_cgroup_neither: false REFRESH_APP_AWARENESS_INNER/snapd_cgroup_neither: false +skip: + - reason: Requires snapd .deb files built for testing + if: | + # "$GOHOME"/snapd_*.deb is used in the lxd container + [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]] + prepare: | # using apt here is ok because this test only runs on ubuntu echo "Remove any installed debs (some images carry them) to ensure we test the snap" @@ -44,10 +50,6 @@ prepare: | snap set system experimental.refresh-app-awareness=$REFRESH_APP_AWARENESS_OUTER restore: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - exit - fi - for cont_name in my-nesting-ubuntu my-ubuntu; do lxd.lxc stop $cont_name --force || true lxd.lxc delete $cont_name || true @@ -79,11 +81,6 @@ debug: | "$TESTSTOOLS"/journal-state get-log -u snap.lxd.daemon.service execute: | - if [[ "$(find "$GOHOME" -name 'snapd_*.deb' | wc -l || echo 0)" -eq 0 ]]; then - echo "No run lxd test when there are not .deb files built" - exit - fi - echo "Install lxd" "$TESTSTOOLS"/lxd-state prepare-snap diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/HOST.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt deleted file mode 100644 index 1a5954b25c9..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-16.expected.txt +++ /dev/null @@ -1,76 +0,0 @@ -2:0 / / ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+0 / /dev rw,nosuid,relatime master:-14 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+0 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro --2:+0 /home /home rw,relatime master:-16 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt deleted file mode 100644 index 78b15f5902b..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-18.expected.txt +++ /dev/null @@ -1,77 +0,0 @@ -2:1 / / ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:-1 / /dev rw,nosuid,relatime master:-15 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+1 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+17 - squashfs /dev/loop1 ro --2:-1 /home /home rw,relatime master:-17 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+2:+0 /usr/lib/snapd /usr/lib/snapd ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-33 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:+34 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-SNAP-C7.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt deleted file mode 100644 index 0c5374339cc..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-16.expected.txt +++ /dev/null @@ -1,76 +0,0 @@ -2:0 / / ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+0 / /dev rw,nosuid,relatime master:-14 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+0 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro --2:+0 /home /home rw,relatime master:-16 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt deleted file mode 100644 index a03b1856c74..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-18.expected.txt +++ /dev/null @@ -1,77 +0,0 @@ -2:1 / / ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:-1 / /dev rw,nosuid,relatime master:-15 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-4 /etc /etc rw,relatime master:-6 - ext4 /dev/sda1 rw,data=ordered -+2:+1 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+17 - squashfs /dev/loop1 ro --2:-1 /home /home rw,relatime master:-17 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/firmware /lib/firmware rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /lib/modules /lib/modules rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /media /media rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /mnt /mnt rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+1:+5 / /proc rw,nosuid,nodev,noexec,relatime master:+7 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime master:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 --1:-8 /root /root rw,relatime master:-10 - ext4 /dev/sda1 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+11 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:12 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/rpc_pipefs rw,relatime master:15 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-13 /snap /snap rw,relatime master:-15 - ext4 /dev/sda1 rw,data=ordered -+2:+0 / /snap/core/1 ro,nodev,relatime master:+16 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime master:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw --1:-32 /tmp /tmp rw,relatime master:-39 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /tmp/snap-private-tmp/snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - ext4 /dev/sda1 rw,data=ordered -+2:+0 /usr/lib/snapd /usr/lib/snapd ro,nodev,relatime master:17 - squashfs /dev/loop0 ro --1:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 -+1:-33 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:18 - squashfs /dev/loop1 ro --1:+34 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-35 /usr/src /usr/src rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda1 rw,data=ordered -+0:+0 / /var/lib/snapd/hostfs rw,relatime master:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+8 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+10 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /var/lib/snapd/hostfs/run/rpc_pipefs rw,relatime master:+1 - rpc_pipefs sunrpc rw -+0:-3 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+4 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:16 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+1 - squashfs /dev/loop0 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop1 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime master:+1 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro --2:-4 /var/log /var/log rw,relatime master:-20 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered -+0:+0 /var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda1 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt b/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt deleted file mode 100644 index a28c86c5f8e..00000000000 --- a/tests/main/mount-ns/google.ubuntu-16.04-64/PER-USER-C7.expected.txt +++ /dev/null @@ -1,40 +0,0 @@ -0:0 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,data=ordered -+0:+1 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda15 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:-1 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw,pagesize=2M -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/fs/nfsd rw,relatime shared:+1 - nfsd nfsd rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - binfmt_misc binfmt_misc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=0 -+0:+1 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/rpc_pipefs rw,relatime shared:+1 - rpc_pipefs sunrpc rw -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 -+1:-13 / /snap/core/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop0 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop1 ro -+0:+1 / /snap/test-snapd-mountinfo-classic/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop2 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro --1:+10 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/config rw,relatime shared:+1 - configfs configfs rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt deleted file mode 100644 index 612c5268538..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/HOST.expected.txt +++ /dev/null @@ -1,120 +0,0 @@ -0:0 / / ro,relatime shared:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime shared:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime shared:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime shared:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime shared:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime shared:+1 - mqueue mqueue rw -+0:+1 / /dev/pts rw,nosuid,noexec,relatime shared:+1 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+1 / /dev/shm rw,nosuid,nodev shared:+1 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime shared:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime shared:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime shared:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime shared:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime shared:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime shared:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime shared:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime shared:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:+1 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime shared:+1 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime shared:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime shared:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime shared:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime shared:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:-5 / /run rw,nosuid,noexec,relatime shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+6 / /run/cgmanager/fs rw,relatime shared:+1 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:+1 / /run/user/0 rw,nosuid,nodev,relatime shared:+1 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime shared:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime shared:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime shared:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw shared:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime shared:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime shared:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime shared:+1 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime shared:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime shared:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime shared:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 / /writable rw,relatime shared:+0 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /writable/system-data/snap/core/1 ro,nodev,relatime shared:+47 - squashfs /dev/loop2 ro -+0:+1 / /writable/system-data/snap/core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop3 ro -+0:+1 / /writable/system-data/snap/pc-kernel/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop4 ro -+0:+1 / /writable/system-data/snap/pc/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop5 ro -+0:+1 / /writable/system-data/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop6 ro -+0:+1 / /writable/system-data/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop7 ro -+0:+1 / /writable/system-data/snap/test-snapd-rsync/1 ro,nodev,relatime shared:+1 - squashfs /dev/loop8 ro diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt deleted file mode 100644 index a60be6da7fe..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-16.expected.txt +++ /dev/null @@ -1,211 +0,0 @@ -0:0 / / ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime master:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime master:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - tmpfs tmpfs rw -+0:+3 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-34 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime master:15 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt deleted file mode 100644 index 1078dba890a..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-SNAP-18.expected.txt +++ /dev/null @@ -1,198 +0,0 @@ -0:3 / / ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:-3 / /dev rw,nosuid,relatime master:-60 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --2:-4 /etc /etc ro,relatime master:-6 - squashfs /dev/loop0 ro -+1:+1 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+7 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+38 - squashfs /dev/loop3 ro -+1:-2 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-48 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/ssl /etc/ssl ro,nodev,relatime master:+27 - squashfs /dev/loop3 ro -+1:-2 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:-26 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - tmpfs tmpfs rw --2:-31 /usr/lib/snapd /usr/lib/snapd ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-31 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:+32 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --2:-35 /usr/src /usr/src ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+14 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt deleted file mode 100644 index a60be6da7fe..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-16.expected.txt +++ /dev/null @@ -1,211 +0,0 @@ -0:0 / / ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+0 / /boot/efi rw,relatime master:+1 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+1:+0 / /dev rw,nosuid,relatime master:+1 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --1:-3 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core16/tmp /tmp rw,relatime - tmpfs tmpfs rw -+0:+3 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-34 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+35 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --1:-34 /system-data/var/cache/apparmor /var/cache/apparmor rw,relatime master:15 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt b/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt deleted file mode 100644 index 1078dba890a..00000000000 --- a/tests/main/mount-ns/google.ubuntu-core-16-64/PER-USER-18.expected.txt +++ /dev/null @@ -1,198 +0,0 @@ -0:3 / / ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:-3 / /dev rw,nosuid,relatime master:-60 - devtmpfs udev rw,size=VARIABLE,nr_inodes=0,mode=755 -+0:+1 / /dev/hugepages rw,relatime master:+1 - hugetlbfs hugetlbfs rw -+0:+1 / /dev/mqueue rw,relatime master:+1 - mqueue mqueue rw -+0:+31 /ptmx /dev/ptmx rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-30 / /dev/pts rw,nosuid,noexec,relatime master:6 - devpts devpts rw,gid=5,mode=620,ptmxmode=000 -+0:+30 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -+0:-29 / /dev/shm rw,nosuid,nodev master:7 - tmpfs tmpfs rw --2:-4 /etc /etc ro,relatime master:-6 - squashfs /dev/loop0 ro -+1:+1 /system-data/etc/apparmor.d/cache /etc/apparmor.d/cache rw,relatime master:+7 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/nsswitch.conf /etc/nsswitch.conf ro,nodev,relatime master:+38 - squashfs /dev/loop3 ro -+1:-2 /system-data/root/test-etc/passwd /etc/passwd ro,relatime master:-48 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered --1:+2 /etc/ssl /etc/ssl ro,nodev,relatime master:+27 - squashfs /dev/loop3 ro -+1:-2 /system-data/etc/sudoers.d /etc/sudoers.d rw,relatime master:-26 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /media rw,relatime shared:53 - tmpfs tmpfs rw -+0:+1 / /mnt rw,relatime master:54 - tmpfs tmpfs rw -+0:+1 / /proc rw,nosuid,nodev,noexec,relatime master:+1 - proc proc rw -+0:+1 / /proc/sys/fs/binfmt_misc rw,relatime master:+1 - autofs systemd-1 rw,fd=0,pgrp=1,timeout=0,minproto=5,maxproto=5,direct --1:-8 /system-data/root /root rw,relatime master:-41 - ext4 /dev/sda3 rw,data=ordered -+1:+9 / /run rw,nosuid,noexec,relatime master:+42 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /netns /run/netns rw,nosuid,noexec,relatime shared:57 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+0 /snapd/ns /run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+6 / /sys rw,nosuid,nodev,noexec,relatime master:+1 - sysfs sysfs rw -+0:+1 / /sys/fs/cgroup rw master:+1 - tmpfs tmpfs rw,mode=755 -+0:+1 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,blkio -+0:+1 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpu,cpuacct -+0:+1 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,cpuset,clone_children -+0:+1 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,devices -+0:+1 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,freezer -+0:+1 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb -+0:+1 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,memory -+0:+1 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,net_cls,net_prio -+0:+1 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -+0:+1 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids -+0:+1 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:+1 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -+0:+1 / /sys/fs/fuse/connections rw,relatime master:+1 - fusectl fusectl rw -+0:+1 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:+1 - pstore pstore rw -+0:+1 / /sys/kernel/debug rw,relatime master:+1 - debugfs debugfs rw -+0:+1 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:+1 - securityfs securityfs rw -+0:+1 / /tmp rw,relatime master:+1 - tmpfs tmpfs rw -+0:+0 /snap.test-snapd-mountinfo-core18/tmp /tmp rw,relatime - tmpfs tmpfs rw --2:-31 /usr/lib/snapd /usr/lib/snapd ro,relatime master:1 - squashfs /dev/loop0 ro -+2:+34 / /usr/share/gdb rw,relatime - tmpfs tmpfs rw,mode=755 --2:-31 /usr/share/gdb/auto-load /usr/share/gdb/auto-load ro,nodev,relatime master:63 - squashfs /dev/loop3 ro -+2:+32 / /usr/share/gdb/test rw,relatime - tmpfs tmpfs rw --2:-35 /usr/src /usr/src ro,relatime master:1 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/extrausers /var/lib/extrausers rw,relatime master:+14 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered --1:-1 / /var/lib/snapd/hostfs ro,relatime master:-14 - squashfs /dev/loop0 ro -+1:+1 /system-data/var/lib/snapd/hostfs /var/lib/snapd/hostfs rw,relatime - ext4 /dev/sda3 rw,data=ordered -+0:-1 / /var/lib/snapd/hostfs/boot/efi rw,relatime master:2 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+0 /EFI/ubuntu /var/lib/snapd/hostfs/boot/grub rw,relatime master:+0 - vfat /dev/sda2 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro -+0:+1 /system-data/etc/apparmor.d/cache /var/lib/snapd/hostfs/etc/apparmor.d/cache rw,relatime master:+6 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/cloud /var/lib/snapd/hostfs/etc/cloud rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/dbus-1/system.d /var/lib/snapd/hostfs/etc/dbus-1/system.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/keyboard /var/lib/snapd/hostfs/etc/default/keyboard rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/default/swapfile /var/lib/snapd/hostfs/etc/default/swapfile rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/environment /var/lib/snapd/hostfs/etc/environment rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+1:+4 /image.fstab /var/lib/snapd/hostfs/etc/fstab rw,nosuid,noexec,relatime master:+1 - tmpfs tmpfs rw,mode=755 --1:-4 /system-data/root/test-etc/group /var/lib/snapd/hostfs/etc/group ro,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/gshadow /var/lib/snapd/hostfs/etc/gshadow ro,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/hosts /var/lib/snapd/hostfs/etc/hosts rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init /var/lib/snapd/hostfs/etc/init rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/init.d /var/lib/snapd/hostfs/etc/init.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/iproute2 /var/lib/snapd/hostfs/etc/iproute2 rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/machine-id /var/lib/snapd/hostfs/etc/machine-id rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modprobe.d /var/lib/snapd/hostfs/etc/modprobe.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/modules-load.d /var/lib/snapd/hostfs/etc/modules-load.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/netplan /var/lib/snapd/hostfs/etc/netplan rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/if-up.d /var/lib/snapd/hostfs/etc/network/if-up.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/network/interfaces.d /var/lib/snapd/hostfs/etc/network/interfaces.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/passwd /var/lib/snapd/hostfs/etc/passwd ro,relatime master:-10 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ppp /var/lib/snapd/hostfs/etc/ppp rw,relatime master:+11 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc0.d /var/lib/snapd/hostfs/etc/rc0.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc1.d /var/lib/snapd/hostfs/etc/rc1.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc2.d /var/lib/snapd/hostfs/etc/rc2.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc3.d /var/lib/snapd/hostfs/etc/rc3.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc4.d /var/lib/snapd/hostfs/etc/rc4.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc5.d /var/lib/snapd/hostfs/etc/rc5.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rc6.d /var/lib/snapd/hostfs/etc/rc6.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rcS.d /var/lib/snapd/hostfs/etc/rcS.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/rsyslog.d /var/lib/snapd/hostfs/etc/rsyslog.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/root/test-etc/shadow /var/lib/snapd/hostfs/etc/shadow ro,relatime master:-20 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/ssh /var/lib/snapd/hostfs/etc/ssh rw,relatime master:+21 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sudoers.d /var/lib/snapd/hostfs/etc/sudoers.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/sysctl.d /var/lib/snapd/hostfs/etc/sysctl.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/journald.conf.d /var/lib/snapd/hostfs/etc/systemd/journald.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/logind.conf.d /var/lib/snapd/hostfs/etc/systemd/logind.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/network /var/lib/snapd/hostfs/etc/systemd/network rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system /var/lib/snapd/hostfs/etc/systemd/system rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/system.conf.d /var/lib/snapd/hostfs/etc/systemd/system.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/timesyncd.conf /var/lib/snapd/hostfs/etc/systemd/timesyncd.conf rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user /var/lib/snapd/hostfs/etc/systemd/user rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/systemd/user.conf.d /var/lib/snapd/hostfs/etc/systemd/user.conf.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/udev/rules.d /var/lib/snapd/hostfs/etc/udev/rules.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/update-motd.d /var/lib/snapd/hostfs/etc/update-motd.d rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/etc/writable /var/lib/snapd/hostfs/etc/writable rw,relatime master:+1 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /user-data /var/lib/snapd/hostfs/home rw,relatime master:-35 - ext4 /dev/sda3 rw,data=ordered --1:+0 /firmware /var/lib/snapd/hostfs/lib/firmware ro,relatime master:+36 - squashfs /dev/loop1 ro -+0:+0 /modules /var/lib/snapd/hostfs/lib/modules ro,relatime master:+1 - squashfs /dev/loop1 ro -+2:+5 / /var/lib/snapd/hostfs/media rw,relatime master:+1 - tmpfs tmpfs rw -+0:+1 / /var/lib/snapd/hostfs/mnt rw,relatime master:+1 - tmpfs tmpfs rw --1:-6 /system-data/root /var/lib/snapd/hostfs/root rw,relatime master:-39 - ext4 /dev/sda3 rw,data=ordered -+1:+4 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:+43 - tmpfs tmpfs rw,mode=755 -+0:+5 / /var/lib/snapd/hostfs/run rw,nosuid,noexec,relatime master:-1 - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/cgmanager/fs rw,relatime master:+2 - tmpfs cgmfs rw,size=VARIABLE,mode=755 -+0:+1 / /var/lib/snapd/hostfs/run/lock rw,nosuid,nodev,noexec,relatime master:+1 - tmpfs tmpfs rw,size=VARIABLE -+0:-2 /snapd/ns /var/lib/snapd/hostfs/run/snapd/ns rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=VARIABLE,mode=755 -+0:+3 / /var/lib/snapd/hostfs/run/user/0 rw,nosuid,nodev,relatime master:61 - tmpfs tmpfs rw,size=VARIABLE,mode=700 --1:-12 /system-data/snap /var/lib/snapd/hostfs/snap rw,relatime master:-46 - ext4 /dev/sda3 rw,data=ordered --1:+1 / /var/lib/snapd/hostfs/snap/core/1 ro,nodev,relatime master:+47 - squashfs /dev/loop2 ro -+0:+1 / /var/lib/snapd/hostfs/snap/core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop3 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc-kernel/1 ro,nodev,relatime master:+1 - squashfs /dev/loop4 ro -+0:+1 / /var/lib/snapd/hostfs/snap/pc/1 ro,nodev,relatime master:+1 - squashfs /dev/loop5 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core16/1 ro,nodev,relatime master:+1 - squashfs /dev/loop6 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-mountinfo-core18/1 ro,nodev,relatime master:+1 - squashfs /dev/loop7 ro -+0:+1 / /var/lib/snapd/hostfs/snap/test-snapd-rsync/1 ro,nodev,relatime master:+1 - squashfs /dev/loop8 ro -+2:+23 / /var/lib/snapd/hostfs/tmp rw,relatime master:+18 - tmpfs tmpfs rw --1:-30 /system-data/var/cache/apparmor /var/lib/snapd/hostfs/var/cache/apparmor rw,relatime master:-71 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/cache/snapd /var/lib/snapd/hostfs/var/cache/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/apparmor /var/lib/snapd/hostfs/var/lib/apparmor rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/cloud /var/lib/snapd/hostfs/var/lib/cloud rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/console-conf /var/lib/snapd/hostfs/var/lib/console-conf rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dbus /var/lib/snapd/hostfs/var/lib/dbus rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/dhcp /var/lib/snapd/hostfs/var/lib/dhcp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/extrausers /var/lib/snapd/hostfs/var/lib/extrausers rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/initramfs-tools /var/lib/snapd/hostfs/var/lib/initramfs-tools rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/logrotate /var/lib/snapd/hostfs/var/lib/logrotate rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/misc /var/lib/snapd/hostfs/var/lib/misc rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/snapd /var/lib/snapd/hostfs/var/lib/snapd rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+1:+31 / /var/lib/snapd/hostfs/var/lib/sudo rw,relatime master:+72 - tmpfs tmpfs rw,mode=700 --1:-31 /system-data/var/lib/systemd/random-seed /var/lib/snapd/hostfs/var/lib/systemd/random-seed rw,relatime master:-72 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/systemd/rfkill /var/lib/snapd/hostfs/var/lib/systemd/rfkill rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/lib/waagent /var/lib/snapd/hostfs/var/lib/waagent rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/lib/snapd/hostfs/var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/lib/snapd/hostfs/var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/lib/snapd/hostfs/var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/log /var/log rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/snap /var/snap rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered -+0:+0 /system-data/var/tmp /var/tmp rw,relatime master:+0 - ext4 /dev/sda3 rw,data=ordered diff --git a/tests/main/mount-ns/task.yaml b/tests/main/mount-ns/task.yaml index 3cba00be57e..aa80bdbcfca 100644 --- a/tests/main/mount-ns/task.yaml +++ b/tests/main/mount-ns/task.yaml @@ -85,16 +85,6 @@ prepare: | true ;; reboot) - # TODO: when https://github.com/snapcore/spread/pull/85 is merged - # and released this test can be allowed to run on bash 4.3. Without - # the workaround for a bug in bash REBOOT causes the spread test to - # fail instead of asking spread to reboot the machine. - if "$TESTSTOOLS"/version-compare --strict "$(echo "$BASH_VERSION" | cut -d. -f 1-2)" -eq 4.3; then - echo "SKIP: this test cannot operate on bash 4.3.x" - touch please-skip-this-test - exit 0 - fi - # # The test will reboot once before performing the test. This will # remove any ephemeral state that may be left in the kernel by prior # test cases or by project-wide prepare that is does not persist across @@ -215,9 +205,6 @@ debug: | done execute: | - if [ -e please-skip-this-test ]; then - exit 0 - fi diff -u "$SPREAD_BACKEND.$SPREAD_SYSTEM/HOST.expected.txt" HOST.deterministic.txt # The before and after host files should be identical. diff -u "$SPREAD_BACKEND.$SPREAD_SYSTEM/HOST.expected.txt" HOST-AFTER.deterministic.txt diff --git a/tests/main/network-retry/task.yaml b/tests/main/network-retry/task.yaml index 924a21f9ddd..803f2a24d0e 100644 --- a/tests/main/network-retry/task.yaml +++ b/tests/main/network-retry/task.yaml @@ -10,6 +10,13 @@ environment: # on core systems, the test was seen to misbehave when memory limit is set SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: Cannot run when there is a http proxy set + if: | + # all queries will go through the proxy so breaking DNS will not work + [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || + [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ] + prepare: | echo "Break DNS" if os.query is-core; then @@ -39,13 +46,6 @@ restore: | systemctl stop snapd.service execute: | - if [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || - [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ]; then - # all queries will go through the proxy so breaking DNS will not work - echo "SKIP: cannot run when there is a http proxy set" - exit 0 - fi - echo "Try to install a snap with broken DNS" if snap install test-snapd-sh; then echo "Installing test-snapd-sh with broken DNS should not work" diff --git a/tests/main/prepare-image-check-arch/task.yaml b/tests/main/prepare-image-check-arch/task.yaml index 268dd91e5bf..ec5444c39ea 100644 --- a/tests/main/prepare-image-check-arch/task.yaml +++ b/tests/main/prepare-image-check-arch/task.yaml @@ -19,36 +19,25 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" chown -R test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - # get the model assertion gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-20-dangerous.json > "$ROOT/model.assertion" diff --git a/tests/main/prepare-image-classic/task.yaml b/tests/main/prepare-image-classic/task.yaml index 4d4a649898f..c34c21bd46a 100644 --- a/tests/main/prepare-image-classic/task.yaml +++ b/tests/main/prepare-image-classic/task.yaml @@ -18,36 +18,25 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" chown -R test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - # get the model assertion gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-22-classic-dangerous.json > "$ROOT/model.assertion" diff --git a/tests/main/prepare-image-grub/task.yaml b/tests/main/prepare-image-grub/task.yaml index 1512aa94935..5de427a631f 100644 --- a/tests/main/prepare-image-grub/task.yaml +++ b/tests/main/prepare-image-grub/task.yaml @@ -23,27 +23,19 @@ environment: STORE_ADDR: localhost:11028 UBUNTU_IMAGE_SKIP_COPY_UNVERIFIED_SNAPS: 1 +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/main/prepare-image-reproducible/task.yaml b/tests/main/prepare-image-reproducible/task.yaml index 4dd326b8539..26c8caf7d5d 100644 --- a/tests/main/prepare-image-reproducible/task.yaml +++ b/tests/main/prepare-image-reproducible/task.yaml @@ -28,31 +28,21 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$ROOT" chown test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - install_snap_to_fakestore() { local SNAP_NAME="$1" local SNAP_REVISION="$2" diff --git a/tests/main/prepare-image-uboot-uc20/task.yaml b/tests/main/prepare-image-uboot-uc20/task.yaml index 7ed91aa9a7d..1d99eab3d03 100644 --- a/tests/main/prepare-image-uboot-uc20/task.yaml +++ b/tests/main/prepare-image-uboot-uc20/task.yaml @@ -20,12 +20,15 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Cannot run with staging store + if: | + [ "$REMOTE_STORE" = "staging" ] +prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" mkdir "$ROOT" @@ -35,24 +38,10 @@ prepare: | gendeveloper1 sign-model < "$TESTSLIB"/assertions/developer1-pi-20.model.json > "$ROOT/model.assertion" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ "$REMOTE_STORE" = "staging" ]; then - echo "SKIP: cannot run with staging store yet" - exit 0 - fi - echo Expose the needed assertions through the fakestore cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" diff --git a/tests/main/prepare-image-validation-sets/task.yaml b/tests/main/prepare-image-validation-sets/task.yaml index f5ea7f8799c..ad44ead5520 100644 --- a/tests/main/prepare-image-validation-sets/task.yaml +++ b/tests/main/prepare-image-validation-sets/task.yaml @@ -33,30 +33,20 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | mkdir -p "$ROOT" chown test:test "$ROOT" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" rm -rf "$ROOT" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - install_snap_to_fakestore() { local SNAP_NAME="$1" local SNAP_REVISION="$2" diff --git a/tests/main/preseed-core20/task.yaml b/tests/main/preseed-core20/task.yaml index 594a809a1cf..ecc09484581 100644 --- a/tests/main/preseed-core20/task.yaml +++ b/tests/main/preseed-core20/task.yaml @@ -16,12 +16,12 @@ environment: STORE_ADDR: localhost:11028 STORE_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | #shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh mkdir -p /tmp/tweaked-snapd-snap @@ -42,11 +42,6 @@ prepare: | gendeveloper1 show-key | gpg --homedir=~/.snap/gnupg --import restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - rm -rf /tmp/tweaked-snapd-snap rm -rf "$PREPARE_IMAGE_DIR" "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" @@ -55,11 +50,6 @@ debug: | cat preseed.log || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # have snap use the fakestore for assertions (but nothing else) export SNAPPY_FORCE_SAS_URL=http://$STORE_ADDR diff --git a/tests/main/proxy/task.yaml b/tests/main/proxy/task.yaml index 4f00f9a8db0..a1ff9eb6b1c 100644 --- a/tests/main/proxy/task.yaml +++ b/tests/main/proxy/task.yaml @@ -9,21 +9,19 @@ details: | # ubuntu-14.04 does not have systemd-run systems: [-ubuntu-14.04-*] +skip: + - reason: python3 is not available + if: not command -v python3 + - reason: Cannot run when there is another http proxy + if: | + [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || + [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ] + restore: | snap set core proxy.https= systemctl stop tinyproxy || true execute: | - if ! command -v python3; then - echo "SKIP: need python3" - exit 0 - fi - if [ -n "${http_proxy:-}" ] || [ -n "${https_proxy:-}" ] || - [ -n "${HTTPS_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ]; then - echo "SKIP: cannot run when there is another http proxy" - exit 0 - fi - systemd-run --service-type=notify --unit tinyproxy -- python3 "$TESTSLIB/tinyproxy/tinyproxy.py" tests.systemd wait-for-service -n 30 --state active tinyproxy diff --git a/tests/main/refresh-all-undo/task.yaml b/tests/main/refresh-all-undo/task.yaml index dea0664fdfc..680cf21a6bc 100644 --- a/tests/main/refresh-all-undo/task.yaml +++ b/tests/main/refresh-all-undo/task.yaml @@ -12,12 +12,12 @@ environment: GOOD_SNAP: test-snapd-python-webserver BAD_SNAP: test-snapd-tools -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given two snaps are installed" for snap in $GOOD_SNAP $BAD_SNAP; do snap install "$snap" @@ -27,20 +27,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date" diff --git a/tests/main/refresh-all/task.yaml b/tests/main/refresh-all/task.yaml index 9e4e8673b44..65f2e9d44ac 100644 --- a/tests/main/refresh-all/task.yaml +++ b/tests/main/refresh-all/task.yaml @@ -11,12 +11,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # needed for test-snapd-tools_instance snap set system experimental.parallel-instances=true @@ -29,21 +29,12 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" snap set system experimental.parallel-instances=null execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh --list 2>&1 | MATCH "All snaps up to date." snap refresh 2>&1 | MATCH "All snaps up to date." diff --git a/tests/main/refresh-app-awareness/task.yaml b/tests/main/refresh-app-awareness/task.yaml index 9121d7849b4..83d90d9c6c3 100644 --- a/tests/main/refresh-app-awareness/task.yaml +++ b/tests/main/refresh-app-awareness/task.yaml @@ -10,6 +10,10 @@ environment: CONFINEMENT/classic: classic CONFINEMENT/strict: strict +skip: + - reason: Unsupported confinement variant + if: not snap debug sandbox-features --required "confinement-options:$CONFINEMENT" + prepare: | sed -e "s/@CONFINEMENT@/$CONFINEMENT/g" test-snapd-refresh.v1/meta/snap.yaml sed -e "s/@CONFINEMENT@/$CONFINEMENT/g" test-snapd-refresh.v2/meta/snap.yaml @@ -32,10 +36,6 @@ restore: | tests.session -u test restore execute: | - if ! snap debug sandbox-features --required "confinement-options:$CONFINEMENT"; then - echo "SKIP: unsupported confinement variant" - exit 0 - fi # Install v1 and see that it runs as expected. case "$CONFINEMENT" in classic) diff --git a/tests/main/refresh-devmode/task.yaml b/tests/main/refresh-devmode/task.yaml index 404fb29ece7..0a39895faaf 100644 --- a/tests/main/refresh-devmode/task.yaml +++ b/tests/main/refresh-devmode/task.yaml @@ -19,17 +19,12 @@ environment: STORE_TYPE/fake: fake STORE_TYPE/remote: ${REMOTE_STORE} -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install --devmode test-snapd-tools @@ -41,28 +36,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - # FIXME: currently the --list from channel doesn't work # echo "Then the new version is available for the snap to be refreshed" # expected="$SNAP_NAME +$SNAP_VERSION_PATTERN" diff --git a/tests/main/refresh-many-transactional-undo/task.yaml b/tests/main/refresh-many-transactional-undo/task.yaml index d158da437fc..95c3907ea22 100644 --- a/tests/main/refresh-many-transactional-undo/task.yaml +++ b/tests/main/refresh-many-transactional-undo/task.yaml @@ -13,12 +13,12 @@ environment: GOOD_SNAP: test-snapd-python-webserver BAD_SNAP: test-snapd-tools -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given two snaps are installed" for snap in $GOOD_SNAP $BAD_SNAP; do snap install "$snap" @@ -28,20 +28,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date" diff --git a/tests/main/refresh-many-transactional/task.yaml b/tests/main/refresh-many-transactional/task.yaml index dc6b1081103..5201018c366 100644 --- a/tests/main/refresh-many-transactional/task.yaml +++ b/tests/main/refresh-many-transactional/task.yaml @@ -11,12 +11,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given snaps installed" for snap in test-snapd-tools test-snapd-python-webserver; do snap install $snap @@ -26,20 +26,10 @@ prepare: | "$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -rf "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Precondition check for the fake store" snap refresh 2>&1 | MATCH "All snaps up to date." diff --git a/tests/main/refresh/task.yaml b/tests/main/refresh/task.yaml index 5961eb9bed9..daabc6bcd77 100644 --- a/tests/main/refresh/task.yaml +++ b/tests/main/refresh/task.yaml @@ -21,24 +21,17 @@ environment: STORE_TYPE/parallel_strict_fake,strict_fake,classic_fake: fake STORE_TYPE/parallel_strict_remote,strict_remote,classic_remote: ${REMOTE_STORE} -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && [ "$TRUST_TEST_KEYS" = "false" ] + - reason: Classic snaps are not supported in this system + if: | + [[ "$SNAP_NAME" =~ classic && "$SPREAD_SYSTEM" =~ ^(fedora-|arch-|centos-) ]] +prepare: | flags= if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac flags=--classic fi @@ -57,48 +50,13 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" if [[ "$SPREAD_VARIANT" =~ parallel ]]; then snap set system experimental.parallel-instances=null fi execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - - if [[ "$SNAP_NAME" =~ classic ]]; then - case "$SPREAD_SYSTEM" in - ubuntu-core-*|fedora-*|arch-*|centos-*) - exit - ;; - esac - fi - # FIXME: currently the --list from channel doesn't work # echo "Then the new version is available for the snap to be refreshed" # expected="$SNAP_NAME +$SNAP_VERSION_PATTERN" diff --git a/tests/main/revert-devmode/task.yaml b/tests/main/revert-devmode/task.yaml index fe449c0a1da..645a5bbcc03 100644 --- a/tests/main/revert-devmode/task.yaml +++ b/tests/main/revert-devmode/task.yaml @@ -16,17 +16,12 @@ environment: STORE_TYPE/remote: ${REMOTE_STORE} BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install --devmode test-snapd-tools @@ -38,28 +33,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - echo "When a refresh is made" snap refresh --devmode --edge test-snapd-tools diff --git a/tests/main/revert/task.yaml b/tests/main/revert/task.yaml index da7be20ea68..766006dc9d0 100644 --- a/tests/main/revert/task.yaml +++ b/tests/main/revert/task.yaml @@ -14,17 +14,12 @@ environment: STORE_TYPE/remote: ${REMOTE_STORE} BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi +skip: + - reason: This test needs test keys to be trusted using fakestore + if: | + [ "$STORE_TYPE" = "fake" ] && ( os.query is-core || [ "$TRUST_TEST_KEYS" = "false" ] ) +prepare: | echo "Given a snap is installed" snap install test-snapd-tools @@ -36,28 +31,9 @@ prepare: | fi restore: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" - fi + "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$STORE_TYPE" = "fake" ]; then - if os.query is-core; then - exit - fi - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - fi - echo "Revert without snap name shows error" if snap revert; then echo "Reverting without snap name should fail" diff --git a/tests/main/security-apparmor/task.yaml b/tests/main/security-apparmor/task.yaml index f214db4c4df..446f159866a 100644 --- a/tests/main/security-apparmor/task.yaml +++ b/tests/main/security-apparmor/task.yaml @@ -4,14 +4,16 @@ details: | Check that a strictly confined snap can access paths available to it but accesses to paths out of its confinement are denied. +skip: + - reason: The confinement is partial + if: | + [ "$(snap debug confinement)" = partial ] + prepare: | echo "Given a basic snap is installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-sh execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi echo "Then an unconfined action should succeed" test-snapd-sh.sh -c 'touch /dev/shm/snap.test-snapd-sh.foo' test -f /dev/shm/snap.test-snapd-sh.foo From eff9ca7823f7b96ac3262b005f3fb4a3e249627d Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Fri, 30 Jan 2026 11:11:52 -0300 Subject: [PATCH 16/41] tests: move main tests to new skip format - part 3 (#16513) * tests: move main tests to new skip format - part 3 This is the second part of the migration to the new skip format. This change is migrating tests in main suite (from tests to the end) and also the other missing suites. * Minor improvements based on review comments * update order in task to prevent shellcheck error --- tests/core/config-defaults-once/task.yaml | 18 +++------ tests/core/custom-device-reg-extras/task.yaml | 18 +++------ .../task.yaml | 18 +++------ tests/core/custom-device-reg/task.yaml | 18 +++------ .../core/enable-disable-units-gpio/task.yaml | 31 ++++---------- .../gadget-config-defaults-to-snaps/task.yaml | 35 ++++------------ .../gadget-config-defaults-vitality/task.yaml | 17 +++----- tests/core/gadget-update-pc/task.yaml | 40 ++++--------------- tests/core/generic-device-reg/task.yaml | 22 +++------- tests/core/iio/task.yaml | 19 +++------ tests/core/mem-cgroup-disabled/task.yaml | 13 ++---- tests/core/remove-user/task.yaml | 20 +++------- .../snap-auto-import-asserts-spools/task.yaml | 17 +++----- tests/core/snap-auto-import-asserts/task.yaml | 17 +++----- tests/core/snap-auto-mount/task.yaml | 18 +++------ tests/core/snap-repair/task.yaml | 5 --- .../task.yaml | 10 ++--- .../core/snapd-refresh-vs-services/task.yaml | 20 +++------- tests/core/uboot-unpacked-assets/task.yaml | 9 ++--- tests/core/xdg-open-on-core/task.yaml | 14 ++----- tests/main/security-device-cgroups/task.yaml | 18 +++------ tests/main/security-devpts/task.yaml | 9 +++-- tests/main/security-profiles/task.yaml | 10 +++-- tests/main/security-seccomp/task.yaml | 10 ++--- .../main/services-socket-activation/task.yaml | 19 +++------ tests/main/set-proxy-store/task.yaml | 19 +++------ tests/main/snap-ns-forward-compat/task.yaml | 15 +++---- tests/main/snap-quota-install/task.yaml | 2 +- tests/main/snap-quota/task.yaml | 2 +- .../task.yaml | 9 +++-- tests/main/snapd-apparmor/task.yaml | 9 ++--- tests/main/snapd-slow-startup/task.yaml | 8 +--- tests/main/snapd-snap/task.yaml | 1 - tests/main/snapd-state/task.yaml | 2 +- tests/main/snapd-without-core/task.yaml | 10 ++--- tests/main/snaps-state/task.yaml | 2 +- tests/main/store-state/task.yaml | 15 +++---- .../system-usernames-snap-scoped/task.yaml | 20 +++------- tests/main/systemd-creds/task.yaml | 4 ++ .../uc20-create-partitions-encrypt/task.yaml | 19 ++------- .../task.yaml | 19 ++------- tests/main/uc20-create-partitions/task.yaml | 19 ++------- tests/main/user-session-env/task.yaml | 1 - tests/main/validate-container-happy/task.yaml | 3 -- tests/smoke/sandbox/task.yaml | 7 +++- tests/upgrade/basic/task.yaml | 13 +++--- tests/upgrade/selinux-relabel/task.yaml | 11 ++--- tests/upgrade/snapd-xdg-open/task.yaml | 6 --- .../sudoers-conffile-removal/task.yaml | 9 ++--- 49 files changed, 204 insertions(+), 466 deletions(-) diff --git a/tests/core/config-defaults-once/task.yaml b/tests/core/config-defaults-once/task.yaml index 596a91e60f7..262b8882191 100644 --- a/tests/core/config-defaults-once/task.yaml +++ b/tests/core/config-defaults-once/task.yaml @@ -14,11 +14,12 @@ systems: [ubuntu-core-18-*] environment: GADGET_FILE: gadget-defaults.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -46,10 +47,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -103,11 +100,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # XXX: this should work once it is possible to install snapd on core SNAP=snapd SERVICES="ssh rsyslog" diff --git a/tests/core/custom-device-reg-extras/task.yaml b/tests/core/custom-device-reg-extras/task.yaml index 9a7e6f6141d..32aa89459d5 100644 --- a/tests/core/custom-device-reg-extras/task.yaml +++ b/tests/core/custom-device-reg-extras/task.yaml @@ -9,11 +9,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -47,10 +48,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket fakedevicesvc @@ -73,11 +70,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/custom-device-reg-serial-request/task.yaml b/tests/core/custom-device-reg-serial-request/task.yaml index b3a79ff56f2..cf404ba23fb 100644 --- a/tests/core/custom-device-reg-serial-request/task.yaml +++ b/tests/core/custom-device-reg-serial-request/task.yaml @@ -8,11 +8,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -46,10 +47,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket fakedevicesvc @@ -72,11 +69,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/custom-device-reg/task.yaml b/tests/core/custom-device-reg/task.yaml index 6167a0614b1..bcb02853213 100644 --- a/tests/core/custom-device-reg/task.yaml +++ b/tests/core/custom-device-reg/task.yaml @@ -8,11 +8,12 @@ details: | # which we don't have currently systems: [ubuntu-core-1*] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -45,10 +46,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -72,11 +69,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/enable-disable-units-gpio/task.yaml b/tests/core/enable-disable-units-gpio/task.yaml index 574535bbedb..df6332bd4ee 100644 --- a/tests/core/enable-disable-units-gpio/task.yaml +++ b/tests/core/enable-disable-units-gpio/task.yaml @@ -12,15 +12,14 @@ details: | systems: [ubuntu-core-*-64] -prepare: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi +skip: + - reason: This tests needs a fake 'gpio-pin' interface + if: | + # Core images created using spread have a fake "gpio-pin" interface. + # Official images do not. Only run the test if the interface is present + not snap interfaces | grep -q gpio-pin +prepare: | echo "Create/enable fake gpio" tests.systemd create-and-start-unit fake-gpio "$TESTSLIB/fakegpio/fake-gpio.py" "[Unit]\\nBefore=snap.snapd.interface.gpio-100.service\\n[Service]\\nType=notify" @@ -31,26 +30,10 @@ prepare: | snap connect gpio-consumer:gpio :gpio-pin restore: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi - tests.systemd stop-unit --remove fake-gpio umount /sys/class/gpio || true execute: | - # Core image that were created using spread will have a fake "gpio-pin". - # Other (e.g. official) images will not have that and there we can't use - # this test. - if ! snap interfaces|grep -q gpio-pin; then - echo "SKIP: this tests needs a fake 'gpio-pin' interface" - exit 0 - fi - echo "Then the snap service units concerning the gpio device must be run before and after a reboot" expected="Started|Finished snap.snapd.interface.gpio-100.service" "$TESTSTOOLS"/journal-state match-log -n 60 --wait 1 "$expected" diff --git a/tests/core/gadget-config-defaults-to-snaps/task.yaml b/tests/core/gadget-config-defaults-to-snaps/task.yaml index 7e3219baf30..d294cb1d1d5 100644 --- a/tests/core/gadget-config-defaults-to-snaps/task.yaml +++ b/tests/core/gadget-config-defaults-to-snaps/task.yaml @@ -18,20 +18,18 @@ environment: SERVICE/ssh_oneline: ssh GADGET_FILE/ssh_oneline: gadget-ssh-oneline.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: The service to test does not exist in the core18 system + if: | + [ "$SERVICE" = "rsyslog" ] && os.query is-core18 + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh - if [ "$SERVICE" = "rsyslog" ] && os.query is-core18; then - echo "The service to test does not exist in the core18 system, skipping..." - touch "${SERVICE}.skip" - exit - fi - SUFFIX="$(get_test_snap_suffix)" systemctl stop snapd.service snapd.socket @@ -95,15 +93,6 @@ prepare: | snap install --edge "test-snapd-with-default-configure${SUFFIX}" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if [ -f "${SERVICE}.skip" ]; then - echo "The service to test does not exist in the system, skipping..." - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -157,14 +146,6 @@ restore: | rm -rf "/var/snap/test-snapd-with-configure${SUFFIX}" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - if [ -f "${SERVICE}.skip" ]; then - echo "The service to test does not exist in the system, skipping..." - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/gadget-config-defaults-vitality/task.yaml b/tests/core/gadget-config-defaults-vitality/task.yaml index 3fbde31f0f6..b5cd14827a0 100644 --- a/tests/core/gadget-config-defaults-vitality/task.yaml +++ b/tests/core/gadget-config-defaults-vitality/task.yaml @@ -14,11 +14,12 @@ systems: [ubuntu-core-1*] environment: GADGET_FILE/vitality_hint: gadget-vitality-hint.yaml +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -71,10 +72,6 @@ prepare: | wait_for_first_boot_change restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh @@ -110,10 +107,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/gadget-update-pc/task.yaml b/tests/core/gadget-update-pc/task.yaml index f099a29d2d8..34927a6ff36 100644 --- a/tests/core/gadget-update-pc/task.yaml +++ b/tests/core/gadget-update-pc/task.yaml @@ -11,18 +11,14 @@ environment: PC_SNAP_ID: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH START_REVISION: 1000 -prepare: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + - reason: This test needs a host using 'pc' gadget snap + if: not snap list pc +prepare: | # Set the retain count to 4 to ensure we keep the current gadget snap # intact and can roll back to it. This is easier to get right than to # manually fiddle with re-installing it. @@ -107,17 +103,6 @@ prepare: | fi restore: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" # Restore the state of the gadget snap. @@ -129,17 +114,6 @@ restore: | snap unset core refresh.retain execute: | - # external backends do not enable test keys - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - if not snap list pc; then - echo "This test needs a host using 'pc' gadget snap" - exit 1 - fi - # XXX: the test hardcodes a bunch of locations # - 'BIOS Boot' and 'EFI System' are modified during the update # - 'EFI System' is mounted at /boot/efi diff --git a/tests/core/generic-device-reg/task.yaml b/tests/core/generic-device-reg/task.yaml index 6d9a43a13ca..1de46c9211b 100644 --- a/tests/core/generic-device-reg/task.yaml +++ b/tests/core/generic-device-reg/task.yaml @@ -10,12 +10,12 @@ details: | # which we don't have currently systems: [ubuntu-core-18*] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | systemctl stop snapd.service snapd.socket rm -rf /var/lib/snapd/assertions/* rm -rf /var/lib/snapd/device @@ -31,12 +31,7 @@ prepare: | systemctl start snapd.service snapd.socket restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - - #shellcheck source=tests/lib/core-config.sh + #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh systemctl stop snapd.service snapd.socket @@ -55,11 +50,6 @@ restore: | wait_for_first_boot_change execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - #shellcheck source=tests/lib/core-config.sh . "$TESTSLIB"/core-config.sh diff --git a/tests/core/iio/task.yaml b/tests/core/iio/task.yaml index d6e1d19a4a2..ae06aefbfec 100644 --- a/tests/core/iio/task.yaml +++ b/tests/core/iio/task.yaml @@ -11,12 +11,12 @@ details: | systems: [ubuntu-core-*-64] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Mock IIO device node and give it some content we can verify # the test snap can read. echo "iio-0" > /dev/iio:device0 @@ -28,18 +28,9 @@ prepare: | snap connect iio-consumer:iio core:iio0 restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -f /dev/iio:device0 execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Checks the snap can read from the IIO device node" SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" test "$("$SNAP_MOUNT_DIR"/bin/iio-consumer.read)" = "iio-0" diff --git a/tests/core/mem-cgroup-disabled/task.yaml b/tests/core/mem-cgroup-disabled/task.yaml index 4c36b790037..9a28e3be0b9 100644 --- a/tests/core/mem-cgroup-disabled/task.yaml +++ b/tests/core/mem-cgroup-disabled/task.yaml @@ -17,12 +17,11 @@ systems: [ubuntu-core-2*] environment: SVC_UNIT: /etc/systemd/system/snap.test-snapd-simple-service.test-snapd-simple-service.service -prepare: | - if not os.query is-pc-amd64; then - echo "Skipping non-grub device test" - exit 0 - fi +skip: + - reason: This is a non-grub device + if: not os.query is-pc-amd64 +prepare: | echo "Create copy of gadget snap with cgroup_disable=memory set in cmdline.extra" PC_REV=$(snap list pc | tail -n +2 | awk '{print $3}') sudo cp "/var/lib/snapd/snaps/pc_$PC_REV.snap" pc-gadget.snap @@ -54,10 +53,6 @@ restore: | systemctl restart snapd execute: | - if not os.query is-pc-amd64; then - echo "Skipping non-grub device test" - exit 0 - fi case "$SPREAD_REBOOT" in 0) # ensure memory cgroups is enabled to start diff --git a/tests/core/remove-user/task.yaml b/tests/core/remove-user/task.yaml index 8a0aced2317..d5b84f89eeb 100644 --- a/tests/core/remove-user/task.yaml +++ b/tests/core/remove-user/task.yaml @@ -13,28 +13,20 @@ environment: USER_EMAIL: mvo@ubuntu.com USER_NAME: mvo -prepare: | - # Note: make this test work with the user already created in the device - if [ "$(snap managed)" = "true" ]; then - # Leave a file indicating the device was initially managed - touch managed.device +skip: + - reason: This device is initially managed + if: | + # Note: make this test work with the user already created in the device + [ "$(snap managed)" = "true" ] - exit 0 - fi +prepare: | snap create-user --sudoer "$USER_EMAIL" restore: | - if [ -e managed.device ]; then - exit 0 - fi userdel --extrausers -r "$USER_NAME" || true rm -rf "/etc/sudoers.d/create-user-$USER_NAME" execute: | - if [ -e managed.device ]; then - exit 0 - fi - echo "precondition check: user in passwd" id "$USER_NAME" echo "precondition check: has sudoer file" diff --git a/tests/core/snap-auto-import-asserts-spools/task.yaml b/tests/core/snap-auto-import-asserts-spools/task.yaml index c6177640b88..938467c4d19 100644 --- a/tests/core/snap-auto-import-asserts-spools/task.yaml +++ b/tests/core/snap-auto-import-asserts-spools/task.yaml @@ -14,11 +14,12 @@ details: | systems: [ubuntu-core-*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Ensure the testrootorg-store.account-key is not already added" output=$(snap known account-key | grep -c "name: test-store" || true) if [ "$output" != "0" ]; then @@ -35,17 +36,9 @@ prepare: | sync restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi rm -rf /var/lib/snapd/auto-import/* execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Simulate a not running snapd (happens on e.g. early boot)" systemctl stop snapd.service snapd.socket diff --git a/tests/core/snap-auto-import-asserts/task.yaml b/tests/core/snap-auto-import-asserts/task.yaml index 1ea187ce2c0..496db5aaefd 100644 --- a/tests/core/snap-auto-import-asserts/task.yaml +++ b/tests/core/snap-auto-import-asserts/task.yaml @@ -14,11 +14,12 @@ details: | systems: [ubuntu-core-*-64] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "Ensure the testrootorg-store.account-key is not already added" output=$(snap known account-key | grep -c "name: test-store" || true) if [ "$output" != "0" ]; then @@ -35,17 +36,9 @@ prepare: | sync restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi umount /mnt execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "$(snap auto-import) imports assertions from the mounted ramdisk" snap auto-import snap known account-key | MATCH "name: test-store" diff --git a/tests/core/snap-auto-mount/task.yaml b/tests/core/snap-auto-mount/task.yaml index dc61a3843fa..eb0e68b93e7 100644 --- a/tests/core/snap-auto-mount/task.yaml +++ b/tests/core/snap-auto-mount/task.yaml @@ -26,12 +26,12 @@ systems: # qemu instead of trying to fake it with a dm device. # - ubuntu-core-24-64 -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Install dmsetup" snap install --devmode --edge dmsetup @@ -73,19 +73,11 @@ prepare: | udevadm settle restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi dmsetup -v --noudevsync --noudevrules remove dm-ram0 debug: | "$TESTSTOOLS"/journal-state get-log -b | tail -100 execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi echo "The auto-mount magic has given us the assertion" retry -n 5 sh -c 'snap known account-key | MATCH "name: test-store"' diff --git a/tests/core/snap-repair/task.yaml b/tests/core/snap-repair/task.yaml index 5f768dc35fa..a29156ca060 100644 --- a/tests/core/snap-repair/task.yaml +++ b/tests/core/snap-repair/task.yaml @@ -9,11 +9,6 @@ environment: STORE_ADDR: localhost:11028 restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | diff --git a/tests/core/snapd-refresh-vs-services-reboots/task.yaml b/tests/core/snapd-refresh-vs-services-reboots/task.yaml index 85e4d5e2c5d..8a1aa8d5867 100644 --- a/tests/core/snapd-refresh-vs-services-reboots/task.yaml +++ b/tests/core/snapd-refresh-vs-services-reboots/task.yaml @@ -26,6 +26,11 @@ environment: SNAPD_2_49_2_ARM64: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11584.snap SNAPD_2_49_2_ARMHF: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11586.snap +skip: + - reason: Test designed for amd64 and arm architectures + if: | + ! os.query is-pc-amd64 && ! os.query is-arm + prepare: | # save the version of snapd from the PR to refresh to later INITIAL_REV=$(snap list snapd | tail -n +2 | awk '{print $3}') @@ -47,11 +52,6 @@ prepare: | snap version | MATCH 2.49.2 execute: | - if ! os.query is-pc-amd64 && ! os.query is-arm; then - echo "architecture not supported for this variant" - exit 0 - fi - if [ "$SPREAD_REBOOT" = "0" ]; then # install the special service snap which will fail to startup every other time # it is started diff --git a/tests/core/snapd-refresh-vs-services/task.yaml b/tests/core/snapd-refresh-vs-services/task.yaml index 65ca1396eb6..dc338951744 100644 --- a/tests/core/snapd-refresh-vs-services/task.yaml +++ b/tests/core/snapd-refresh-vs-services/task.yaml @@ -41,6 +41,11 @@ environment: SNAPD_2_49_2_ARM64: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11584.snap SNAPD_2_49_2_ARMHF: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.2_11586.snap +skip: + - reason: Test designed for amd64 and arm architectures + if: | + ! os.query is-pc-amd64 && ! os.query is-arm + prepare: | # save the current version of snapd for later INITIAL_REV=$(snap list snapd | tail -n +2 | awk '{print $3}') @@ -55,21 +60,6 @@ prepare: | tests.cleanup defer snap unset system refresh.retain execute: | - # check if snapd 2.49.2 is the current latest/stable release as it simplifies - # some of the logic below - if snap info snapd | gojq --yaml-input -r '.channels."latest/stable"' | grep -q -Po '2.49.2\s+'; then - # skip the stable variant of the test - if [ "${SNAPD_VERSION_UNDER_TEST}" = "stable" ]; then - echo "Skipping duplicated test case" - exit 0 - fi - fi - - if ! os.query is-pc-amd64 && ! os.query is-arm; then - echo "architecture not supported for this variant" - exit 0 - fi - echo "Ensure that the system is fully seeded" snap changes | MATCH "Done.*Initialize system state" diff --git a/tests/core/uboot-unpacked-assets/task.yaml b/tests/core/uboot-unpacked-assets/task.yaml index 996d2eddc3e..6391537f5ba 100644 --- a/tests/core/uboot-unpacked-assets/task.yaml +++ b/tests/core/uboot-unpacked-assets/task.yaml @@ -14,12 +14,11 @@ environment: NAME/initrdimg: initrd.img NAME/kernelimg: kernel.img -execute: | - if snap list pc; then - echo "Neither kernel.img not initrd.img in images with pc gadget installed" - exit - fi +skip: + - reason: Neither kernel.img not initrd.img in images with pc gadget installed + if: snap list pc +execute: | if os.query is-core-ge 20; then echo "Check that on UC20+, the kernel snap is extracted onto ubuntu-seed, not on ubuntu-boot" output=$(find /run/mnt/ubuntu-seed/systems/*/kernel/ -name "$NAME" ) diff --git a/tests/core/xdg-open-on-core/task.yaml b/tests/core/xdg-open-on-core/task.yaml index 7af0e78d3a8..2807a75a9d5 100644 --- a/tests/core/xdg-open-on-core/task.yaml +++ b/tests/core/xdg-open-on-core/task.yaml @@ -8,24 +8,18 @@ details: | The test verifies that the 'xdg-open' program is not supported in Ubuntu Core systems +skip: + - reason: The system has not systemd or dbus session + if: not tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore rm -f output.txt execute: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - # /usr/bin/xdg-open is a proxy that talks to snap userd not tests.session -u test exec /usr/bin/xdg-open https://snapcraft.io 2> output.txt MATCH "not supported on Ubuntu Core" < output.txt diff --git a/tests/main/security-device-cgroups/task.yaml b/tests/main/security-device-cgroups/task.yaml index 77880b43c34..2fca5bdc6fb 100644 --- a/tests/main/security-device-cgroups/task.yaml +++ b/tests/main/security-device-cgroups/task.yaml @@ -25,13 +25,13 @@ environment: OTHER_UDEVADM_PATH/uinput: /sys/devices/virtual/mem/kmsg OTHER_DEVICE_ID/uinput: "c 1:11 rwm" +skip: + - reason: No uinput support, cannot run test + if: | + # some systems (like s390x) do not have support for this + [ ! -e /sys/devices/virtual/misc/uinput ] && ! modprobe uinput + prepare: | - if [ ! -e /sys/devices/virtual/misc/uinput ]; then - if ! modprobe uinput; then - echo "no uinput support, cannot run test" - exit 0 - fi - fi # create nvidia devices if they don't exist if [ ! -e /dev/nvidia0 ]; then mknod /dev/nvidia0 c 195 0 @@ -80,12 +80,6 @@ restore: | fi execute: | - # some systems (like s390x) do not have support for this - if [ ! -e /sys/devices/virtual/misc/uinput ]; then - echo "no uinput support, cannot run test" - exit 0 - fi - tags_are_sticky=0 systemd_ver="$(systemctl --version | awk '/systemd [0-9]+/ { print $2 }' | cut -f1 -d"~")" if [ "$systemd_ver" -ge 247 ]; then diff --git a/tests/main/security-devpts/task.yaml b/tests/main/security-devpts/task.yaml index 573eae06a9b..a3d6c9630f9 100644 --- a/tests/main/security-devpts/task.yaml +++ b/tests/main/security-devpts/task.yaml @@ -5,11 +5,12 @@ details: | can read /dev/pts, can openpty, and can access the PTY via /dev/ptmx, both with and without the physical-memory-observe interface connected. -execute: | - if [ "$(snap debug confinement)" = none ] ; then - exit 0 - fi +skip: + - reason: The systems has "none" debug confinement + if: | + [ "$(snap debug confinement)" = none ] +execute: | echo "Given a basic snap is installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-devpts diff --git a/tests/main/security-profiles/task.yaml b/tests/main/security-profiles/task.yaml index 7f03fd79665..5bce79af880 100644 --- a/tests/main/security-profiles/task.yaml +++ b/tests/main/security-profiles/task.yaml @@ -4,14 +4,16 @@ details: | This test verifies that profiles are properly generated and loaded for a set of apps and hooks. +skip: + - reason: The system has "partial" debug confinement + if: | + [ "$(snap debug confinement)" = partial ] + + prepare: | snap pack "$TESTSLIB"/snaps/basic-hooks execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi - seccomp_profile_directory="/var/lib/snapd/seccomp/bpf" echo "Security profiles are generated and loaded for apps" diff --git a/tests/main/security-seccomp/task.yaml b/tests/main/security-seccomp/task.yaml index 2ef31fee51b..f243cf15be6 100644 --- a/tests/main/security-seccomp/task.yaml +++ b/tests/main/security-seccomp/task.yaml @@ -28,6 +28,10 @@ environment: BIN: /var/lib/snapd/seccomp/bpf/snap.test-snapd-setpriority.test-snapd-setpriority.bin2 AAP: /var/lib/snapd/apparmor/profiles/snap.test-snapd-setpriority.test-snapd-setpriority +skip: + - reason: seccomp doesn't support BPF argument filtering in this system + if: not snap debug sandbox-features --required seccomp:bpf-argument-filtering + prepare: | echo "Install a helper snap with default confinement" snap install test-snapd-setpriority @@ -63,12 +67,6 @@ restore: | fi execute: | - # other tests ensure seccomp is available so we can skip any systems that - # don't have it - if ! snap debug sandbox-features --required seccomp:bpf-argument-filtering ; then - exit 0 - fi - echo "Remove any setpriority rules from the filter" sed 's/^\(setpriority.*\)/#SPREAD: \1/g' "$SRC".orig > "$SRC" snapd.tool exec snap-seccomp compile "$SRC" "$BIN" diff --git a/tests/main/services-socket-activation/task.yaml b/tests/main/services-socket-activation/task.yaml index 29891eebf3d..799d3324d18 100644 --- a/tests/main/services-socket-activation/task.yaml +++ b/tests/main/services-socket-activation/task.yaml @@ -8,14 +8,16 @@ environment: CONFINEMENT/strict: strict CONFINEMENT/classic: classic +skip: + - reason: Cannot install classic snaps on core + if: | + [ "$CONFINEMENT" = classic ] && os.query is-core + prepare: | case "$CONFINEMENT" in classic) SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)" - if os.query is-core; then - # cannot install classic snaps on core - exit 0 - elif [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then + if [ "$SNAP_MOUNT_DIR" != "/snap" ] && [ ! -L /snap ]; then # although classic snaps do not work out of the box on fedora, # we still want to verify if the basics do work if the user # symlinks /snap to $SNAP_MOUNT_DIR themselves @@ -33,15 +35,6 @@ restore: | systemctl daemon-reload execute: | - case "$CONFINEMENT" in - classic) - if os.query is-core; then - # cannot install classic snaps on core - exit 0 - fi - ;; - esac - [ -f /etc/systemd/system/snap.socket-activation.sleep-daemon.sock.socket ] [ -S /var/snap/socket-activation/common/socket ] diff --git a/tests/main/set-proxy-store/task.yaml b/tests/main/set-proxy-store/task.yaml index 980379b331f..56479428a37 100644 --- a/tests/main/set-proxy-store/task.yaml +++ b/tests/main/set-proxy-store/task.yaml @@ -13,12 +13,12 @@ environment: SNAP_VERSION_PATTERN: \d+\.\d+\+fake1 BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | echo "Given a snap is installed" snap install "$SNAP_NAME" @@ -44,10 +44,6 @@ prepare: | "$TESTSTOOLS"/store-state init-fake-refreshes "$BLOB_DIR" "$SNAP_NAME" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi systemctl start snapd.socket snap set core proxy.store= @@ -55,11 +51,6 @@ restore: | "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Configure to use the fakestore through store assertion and proxy.store" snap set core proxy.store=fake diff --git a/tests/main/snap-ns-forward-compat/task.yaml b/tests/main/snap-ns-forward-compat/task.yaml index b71beb4be8d..a02955b2334 100644 --- a/tests/main/snap-ns-forward-compat/task.yaml +++ b/tests/main/snap-ns-forward-compat/task.yaml @@ -9,21 +9,18 @@ details: | # Skip debian-sid as pivot_root binary is not anymore within util-linux systems: [-*-32, -debian-sid-*] +skip: + - reason: Unshare command doesn't support saving the namespace + if: | + # Check if `unshare --mount=` is supported + unshare --mount=/something true 2>&1 | grep "option '--mount' doesn't allow an argument" + prepare: | echo "Install test snap" mkdir testsnap/import "$TESTSTOOLS"/snaps-state install-local testsnap execute: | - echo "Checking if the unshare command supports saving the namespace" - unshare --mount=/something true 2> error.log || true - tests.cleanup defer rm error.log - if grep "option '--mount' doesn't allow an argument" error.log; then - echo "unshare --mount= is not supported, skipping test" - exit 0 - fi - - echo "Creating a mount namespace whose root is a tmpfs" mkdir -p /run/snapd/ns/ mount -o bind --make-private /run/snapd/ns/ /run/snapd/ns/ diff --git a/tests/main/snap-quota-install/task.yaml b/tests/main/snap-quota-install/task.yaml index 9cbcc6a7e5a..359731f312b 100644 --- a/tests/main/snap-quota-install/task.yaml +++ b/tests/main/snap-quota-install/task.yaml @@ -15,7 +15,7 @@ restore: | snap remove-quota foobar || true execute: | - if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-centos 7 || os.query is-xenial || os.query is-core16; then + if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-xenial || os.query is-core16; then # just check that we can't do anything with quota groups on systems with # old systemd versions, we need at least 230 to avoid buggy slice usage # reporting diff --git a/tests/main/snap-quota/task.yaml b/tests/main/snap-quota/task.yaml index 7b805083a0a..0a7ac62d6a5 100644 --- a/tests/main/snap-quota/task.yaml +++ b/tests/main/snap-quota/task.yaml @@ -27,7 +27,7 @@ debug: | find /sys/fs/cgroup/ -name 'snap.group*' -ls || true execute: | - if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-centos 7 || os.query is-xenial || os.query is-core16; then + if os.query is-trusty || os.query is-amazon-linux 2 || os.query is-xenial || os.query is-core16; then # just check that we can't do anything with quota groups on systems with # old systemd versions, we need at least 230 to avoid buggy slice usage # reporting diff --git a/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml b/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml index 66da4078934..ddd2f926c3a 100644 --- a/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml +++ b/tests/main/snap-session-agent-unavailable-to-snaps/task.yaml @@ -11,6 +11,11 @@ systems: # Systemd on Amazon Linux 2 does not have the user@uid unit - -amazon-linux-2-* +skip: + - reason: Debug confinement is not strict on the system + if: | + [ "$(snap debug confinement)" != strict ] + prepare: | # Ensure that snapd.session-agent.socket is enabled. This may not # be the case on distributions where presets have been used to @@ -33,10 +38,6 @@ restore: | fi execute: | - if [ "$(snap debug confinement)" != strict ]; then - exit 0 - fi - echo "The snap session agent REST API socket exists" test -S "/run/user/12345/snapd-session-agent.socket" diff --git a/tests/main/snapd-apparmor/task.yaml b/tests/main/snapd-apparmor/task.yaml index c2f50918c11..6862f699957 100644 --- a/tests/main/snapd-apparmor/task.yaml +++ b/tests/main/snapd-apparmor/task.yaml @@ -8,15 +8,14 @@ details: | environment: CONSUMER_SNAP: test-snapd-policy-app-consumer +skip: + - reason: The snapd.apparmor.service is not active in the system + if: not systemctl is-active snapd.apparmor.service + debug: | "$TESTSTOOLS"/journal-state get-log -u snap.apparmor.service execute: | - if ! systemctl is-active snapd.apparmor.service; then - echo "Skipping test since snapd.apparmor.service is not active" - exit 0 - fi - echo "Ensure snapd.apparmor is enabled" systemctl is-enabled snapd.apparmor.service diff --git a/tests/main/snapd-slow-startup/task.yaml b/tests/main/snapd-slow-startup/task.yaml index c153a7c4a6a..cc4a1a3988a 100644 --- a/tests/main/snapd-slow-startup/task.yaml +++ b/tests/main/snapd-slow-startup/task.yaml @@ -8,7 +8,7 @@ details: | Internally, snapd will calculate the expected startup time based on the number of snaps and adjust systemd's timeout to match it. -systems: [ubuntu-18.04-64] +systems: [ubuntu-2*] restore: | # extra cleanup in case something in this test went wrong @@ -20,12 +20,6 @@ debug: | cat /etc/systemd/system/snapd.service.d/* || true execute: | - systemd_ver="$(systemctl --version|head -1|cut -d ' ' -f2)" - if [ "${systemd_ver}" -lt 236 ]; then - echo "systemd ${systemd_ver} too old, no EXTEND_TIMEOUT_USEC support" - exit 0 - fi - # have 6 extra snaps installed, makes 8 with core and snapd snap snap pack "$TESTSLIB"/snaps/basic snap set system experimental.parallel-instances=true diff --git a/tests/main/snapd-snap/task.yaml b/tests/main/snapd-snap/task.yaml index 1095429db39..a8053a7fa61 100644 --- a/tests/main/snapd-snap/task.yaml +++ b/tests/main/snapd-snap/task.yaml @@ -48,7 +48,6 @@ skip: - reason: Snapcraft fails to snap snapd when the proxy is set if: | [ "${SNAPD_USE_PROXY:-}" = true ] - prepare: | # shellcheck source=tests/lib/systems.sh diff --git a/tests/main/snapd-state/task.yaml b/tests/main/snapd-state/task.yaml index 93f41bea98e..709bbdbfc9c 100644 --- a/tests/main/snapd-state/task.yaml +++ b/tests/main/snapd-state/task.yaml @@ -6,7 +6,7 @@ details: | This test verifies the different functionalities provided by such tool. -backends: [google, qemu] +backends: [google, qemu, openstack] prepare: | snap install test-snapd-tools diff --git a/tests/main/snapd-without-core/task.yaml b/tests/main/snapd-without-core/task.yaml index 2926a5a7e3e..fa5b6df19aa 100644 --- a/tests/main/snapd-without-core/task.yaml +++ b/tests/main/snapd-without-core/task.yaml @@ -13,15 +13,15 @@ environment: # uploading large snap triggers OOM SNAPD_NO_MEMORY_LIMIT: 1 +skip: + - reason: SNAP_REEXEC is disabled in the system + if: | + [ "${SNAP_REEXEC:-}" = "0" ] + restore: | rm -f /tmp/snapd_*.snap execute: | - if [ "${SNAP_REEXEC:-}" = "0" ]; then - echo "skipping test when SNAP_REEXEC is disabled" - exit 0 - fi - echo "Create modified snapd snap" #shellcheck source=tests/lib/prepare.sh . "$TESTSLIB"/prepare.sh diff --git a/tests/main/snaps-state/task.yaml b/tests/main/snaps-state/task.yaml index e032ddbf114..35e03b89f34 100644 --- a/tests/main/snaps-state/task.yaml +++ b/tests/main/snaps-state/task.yaml @@ -6,7 +6,7 @@ details: | and otherwise it tries from $TESTSLIB. Finally verifies that the confinement for the current system can be checked -backends: [google, qemu] +backends: [google, qemu, openstack] prepare: | snap set system experimental.parallel-instances=true diff --git a/tests/main/store-state/task.yaml b/tests/main/store-state/task.yaml index c5fc08d86c4..dc9f78210d1 100644 --- a/tests/main/store-state/task.yaml +++ b/tests/main/store-state/task.yaml @@ -11,21 +11,16 @@ backends: [-external] # ubuntu-14.04: systemd-run not supported systems: [-ubuntu-14.04-64] -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # acquire session macaroon snap find core execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - # Check help "$TESTSTOOLS"/store-state | MATCH "usage: store-state setup-fake-store " "$TESTSTOOLS"/store-state -h | MATCH "usage: store-state setup-fake-store " diff --git a/tests/main/system-usernames-snap-scoped/task.yaml b/tests/main/system-usernames-snap-scoped/task.yaml index cc3e46bf33d..e1d230939ef 100644 --- a/tests/main/system-usernames-snap-scoped/task.yaml +++ b/tests/main/system-usernames-snap-scoped/task.yaml @@ -28,12 +28,12 @@ environment: APPROVED_SNAP_NAME/azuredeviceupdate: deviceupdate-agent TESTED_USERS/azuredeviceupdate: snap_aziotdu -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false # install test snap dependencies before switching to fake store @@ -71,11 +71,6 @@ prepare: | "$TESTSTOOLS"/store-state make-snap-installable "$STORE_DIR" "${snap_path}" "$APPROVED_SNAP_ID" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - for user in $TESTED_USERS do userdel -f "$user" || userdel -f --extrausers "$user" || true @@ -87,11 +82,6 @@ restore: | "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Try to install a snap which is not entitled to use the user(s) under test" OUT=$(snap install "$UNAPPROVED_SNAP_NAME" 2>&1 || true) echo "$OUT" | MATCH "snap \"$UNAPPROVED_SNAP_NAME\" is not allowed to use the system user \"(${TESTED_USERS// /|})\"" diff --git a/tests/main/systemd-creds/task.yaml b/tests/main/systemd-creds/task.yaml index 42d79f96067..dfe6f9e8da3 100644 --- a/tests/main/systemd-creds/task.yaml +++ b/tests/main/systemd-creds/task.yaml @@ -1,4 +1,5 @@ summary: verify access to systemd credentials + details: | Systemd has introduced a feature where services can be provisioned with credentials that are stored in manner safer than typical default and where said @@ -10,9 +11,11 @@ details: | This test shows how such credentials are provisioned and how they can be accessed. Note that credentials are only available to systemd services. + systems: - ubuntu-core-24-64 - ubuntu-24.04-64 + prepare: | mkdir /etc/systemd/system/snap.test-snapd-credentials.daemon.service.d tests.cleanup defer rm -rf /etc/systemd/system/snap.test-snapd-credentials.daemon.service.d @@ -22,6 +25,7 @@ prepare: | __CONF__ "$TESTSTOOLS"/snaps-state install-local test-snapd-credentials + execute: | MATCH '^CREDENTIALS_DIRECTORY=/run/credentials/snap.test-snapd-credentials.daemon.service$' Date: Fri, 30 Jan 2026 17:48:19 +0200 Subject: [PATCH 17/41] secboot: update to rev e638825ef829 (#16521) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2584637e30c..7c1b6120de8 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/mvo5/libseccomp-golang v0.9.1-0.20180308152521-f4de83b52afb // old trusty builds only github.com/seccomp/libseccomp-golang v0.9.2-0.20220502024300-f57e1d55ea18 github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785 - github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340 + github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829 golang.org/x/crypto v0.23.0 golang.org/x/net v0.21.0 // indirect golang.org/x/sys v0.21.0 diff --git a/go.sum b/go.sum index 054f468e6e3..8151fc6c083 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785 h1:PaunR+BhraK github.com/snapcore/go-gettext v0.0.0-20191107141714-82bbea49e785/go.mod h1:D3SsWAXK7wCCBZu+Vk5hc1EuKj/L3XN1puEMXTU4LrQ= github.com/snapcore/maze.io-x-crypto v0.0.0-20190131090603-9b94c9afe066 h1:InG0EmriMOiI4YgtQNOo+6fNxzLCYioo3Q3BCVLdMCE= github.com/snapcore/maze.io-x-crypto v0.0.0-20190131090603-9b94c9afe066/go.mod h1:VuAdaITF1MrGzxPU+8GxagM1HW2vg7QhEFEeGHbmEMU= -github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340 h1:Djqa+9z3rnJE+cBdiWKCIa/pfc/VaroesvfP+EH9Ncs= -github.com/snapcore/secboot v0.0.0-20260116095945-507475da2340/go.mod h1:BeEYaTJC4cqXVgpjjxajO31p2kVDvXwXJJx3YD7nCaE= +github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829 h1:9qeADnUPs/YhO0tty+j2zxi9dUI2Bn96y9Nc9XOKTOk= +github.com/snapcore/secboot v0.0.0-20260129175210-e638825ef829/go.mod h1:BeEYaTJC4cqXVgpjjxajO31p2kVDvXwXJJx3YD7nCaE= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= From 60ee8369b81713c62ad13f521fea8a61c18cd07f Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Fri, 30 Jan 2026 14:57:04 -0300 Subject: [PATCH 18/41] tests: move main tests to new skip format - part 1 (#16511) * tests: move main tests to new skip formar - part 1 * Minor fixes based con review comments * add if because debian 12 fails 2026-01-29 21:34:37 Error executing openstack:debian-12-64:tests/main/debug-execution (jan292130-206473) : ----- + snap debug execution snap + SNAP_REEXEC=0 + snap debug execution snap error: unknown command "execution", see 'snap help debug'. ----- * Update dbus-activation-session test --- tests/main/base-policy/task.yaml | 11 +++++----- tests/main/broken-seeding/task.yaml | 20 +++++-------------- tests/main/confdb/task.yaml | 10 +++++----- .../dbus-activation-name-conflict/task.yaml | 10 +++++----- .../dbus-activation-session-legacy/task.yaml | 8 +++----- tests/main/dbus-activation-session/task.yaml | 16 +++++---------- tests/main/dbus-activation-system/task.yaml | 10 +++++----- tests/main/debug-execution/task.yaml | 11 +++++----- .../main/desktop-portal-filechooser/task.yaml | 9 ++++----- tests/main/desktop-portal-open-file/task.yaml | 9 ++++----- tests/main/desktop-portal-open-uri/task.yaml | 9 ++++----- .../main/desktop-portal-screenshot/task.yaml | 9 ++++----- tests/main/fakestore-install/task.yaml | 14 +++++-------- .../task.yaml | 9 +++++---- .../interfaces-contacts-service/task.yaml | 9 +-------- .../task.yaml | 14 +++++-------- .../task.yaml | 19 +++++------------- .../task.yaml | 19 +++++------------- .../main/interfaces-desktop-launch/task.yaml | 15 +++++--------- .../interfaces-gpio-memory-control/task.yaml | 10 +++++----- .../task.yaml | 10 +++++----- tests/main/interfaces-libvirt/task.yaml | 19 ++++-------------- tests/main/interfaces-polkit/task.yaml | 16 ++++----------- .../task.yaml | 19 +++++------------- tests/main/interfaces-userns/task.yaml | 10 ++++------ 25 files changed, 113 insertions(+), 202 deletions(-) diff --git a/tests/main/base-policy/task.yaml b/tests/main/base-policy/task.yaml index 92d4aefb790..81a16da9b80 100644 --- a/tests/main/base-policy/task.yaml +++ b/tests/main/base-policy/task.yaml @@ -14,6 +14,11 @@ details: | policy. Until we have a core-only rule that can be tested here, we'll rely on unit tests to ensure that base snaps don't have core-only rules). +skip: + - reason: The system does not have strict confinement + if: | + [ "$(snap debug confinement)" != strict ] + prepare: | echo "Given basic snaps are installed" "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core @@ -31,12 +36,6 @@ prepare: | fi execute: | - # technically only apparmor file mediation is needed but strict is what - # guarantees it is in use - if [ "$(snap debug confinement)" != strict ]; then - exit 0 - fi - # 'grep' is allowed explicitly in core rules and via glob rule in base # rules echo "Then 'grep --version' is allowed by core" diff --git a/tests/main/broken-seeding/task.yaml b/tests/main/broken-seeding/task.yaml index bb31276ed90..0bb2e683ebb 100644 --- a/tests/main/broken-seeding/task.yaml +++ b/tests/main/broken-seeding/task.yaml @@ -12,12 +12,12 @@ systems: [-ubuntu-core-*, -ubuntu-14.04-*] environment: SEED_DIR: /var/lib/snapd/seed -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap pack "$TESTSLIB/snaps/basic18" snap download "--$CORE_CHANNEL" core @@ -48,20 +48,10 @@ prepare: | cp ./basic18_1.0_all.snap "$SEED_DIR/snaps/basic.snap" restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - rm -rf "$SEED_DIR" systemctl start snapd.socket snapd.service execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Start the daemon with an empty state" systemctl start snapd.service diff --git a/tests/main/confdb/task.yaml b/tests/main/confdb/task.yaml index 8f69b8038bb..2f12da3a2d5 100644 --- a/tests/main/confdb/task.yaml +++ b/tests/main/confdb/task.yaml @@ -7,6 +7,11 @@ details: | # the test snaps have a core24 base systems: [ -ubuntu-16.04 ] +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + prepare: | snap set system experimental.confdb=true snap set system experimental.parallel-instances=true @@ -16,11 +21,6 @@ restore: | snap unset system experimental.parallel-instances execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap ack "$TESTSLIB/assertions/developer1-network.confdb" "$TESTSTOOLS"/snaps-state install-local test-custodian-snap snap connect test-custodian-snap:manage-wifi diff --git a/tests/main/dbus-activation-name-conflict/task.yaml b/tests/main/dbus-activation-name-conflict/task.yaml index eec15896948..7a2793000d6 100644 --- a/tests/main/dbus-activation-name-conflict/task.yaml +++ b/tests/main/dbus-activation-name-conflict/task.yaml @@ -11,6 +11,11 @@ systems: # TODO: dbus issue - -ubuntu-core-22-* +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-system-systemd-and-dbus + prepare: | snap set system experimental.user-daemons=true @@ -18,11 +23,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-system-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus system bus" - exit 0 - fi - echo "Install a snap that provides the io.snapcraft.SnapDbusService session service" snap install --edge test-snapd-dbus-service test -f /var/lib/snapd/dbus-1/services/io.snapcraft.SnapDbusService.service diff --git a/tests/main/dbus-activation-session-legacy/task.yaml b/tests/main/dbus-activation-session-legacy/task.yaml index 0c90db85c8e..0f20ef927b8 100644 --- a/tests/main/dbus-activation-session-legacy/task.yaml +++ b/tests/main/dbus-activation-session-legacy/task.yaml @@ -7,6 +7,9 @@ details: | snap that provides an activatable D-Bus service, and verifying that the service is activated when a method call is made. +# ubuntu-core: systemd-run is not available +systems: [-ubuntu-core-*] + prepare: | snap set system experimental.user-daemons=true @@ -16,11 +19,6 @@ restore: | snap unset system experimental.user-daemons execute: | - # This filters out Ubuntu 14.04 and Ubuntu Core respectively - if [ "$(command -v systemd-run)" == "" ]; then - exit 0 - fi - cat << EOF > run-session-bus.sh #!/bin/sh cd $(pwd) diff --git a/tests/main/dbus-activation-session/task.yaml b/tests/main/dbus-activation-session/task.yaml index 59935ef32fd..4bb4c1b9158 100644 --- a/tests/main/dbus-activation-session/task.yaml +++ b/tests/main/dbus-activation-session/task.yaml @@ -6,10 +6,12 @@ details: | session, installing a snap that provides an activatable D-Bus service, and verifying that the service is activated when a method call is made. +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi # Ensure that snapd.session-agent.socket is enabled. This may not # be the case on distributions where presets have been used to # disable it. @@ -23,9 +25,6 @@ prepare: | tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore if [ -f agent-was-enabled ]; then systemctl --user --global disable snapd.session-agent.socket @@ -33,11 +32,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-session-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus session bus" - exit 0 - fi - echo "Install a snap containing an activatable D-Bus session service" snap install --edge test-snapd-dbus-service diff --git a/tests/main/dbus-activation-system/task.yaml b/tests/main/dbus-activation-system/task.yaml index df892d9dd33..c7fc0f5ef2d 100644 --- a/tests/main/dbus-activation-system/task.yaml +++ b/tests/main/dbus-activation-system/task.yaml @@ -5,6 +5,11 @@ details: | when a method call is made to them and that they are stopped when the snap is removed. +skip: + - reason: System does not have a systemd managed D-Bus system bus + if: | + ! tests.session has-system-systemd-and-dbus + prepare: | snap set system experimental.user-daemons=true @@ -12,11 +17,6 @@ restore: | snap unset system experimental.user-daemons execute: | - if ! tests.session has-system-systemd-and-dbus; then - echo "System does not have a systemd managed D-Bus system bus" - exit 0 - fi - echo "Install a snap containing an activatable D-Bus system service" snap install --edge test-snapd-dbus-service diff --git a/tests/main/debug-execution/task.yaml b/tests/main/debug-execution/task.yaml index d2f7a581e93..da949024c04 100644 --- a/tests/main/debug-execution/task.yaml +++ b/tests/main/debug-execution/task.yaml @@ -4,15 +4,16 @@ details: | This test checks that the command `snap debug execution` shows right outputs, but also verifies their correctness on the target systems +skip: + - reason: Snapd is from the archive and `debug execution`command could not be supported + if: | + # TODO: remove this check once snapd 2.65 is released (debian-12 missing) + tests.info is-snapd-from-archive + debug: | grep -n '' snap-*.out || true execute: | - # TODO: remove this check once snapd 2.65 is released - if tests.info is-snapd-from-archive; then - exit 0 - fi - snap debug execution snap > snap-default.out SNAP_REEXEC=0 snap debug execution snap > snap-no-reexec.out SNAP_REEXEC=1 snap debug execution snap > snap-yes-reexec.out diff --git a/tests/main/desktop-portal-filechooser/task.yaml b/tests/main/desktop-portal-filechooser/task.yaml index eb4fb43424d..e9a7e8b10e7 100644 --- a/tests/main/desktop-portal-filechooser/task.yaml +++ b/tests/main/desktop-portal-filechooser/task.yaml @@ -19,6 +19,10 @@ details: | # ubuntu-18.04-*: Ships xdg-desktop-portal 0.11 systems: [ubuntu-18.04-64, ubuntu-2*] +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -42,11 +46,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-open-file/task.yaml b/tests/main/desktop-portal-open-file/task.yaml index 1c9859f6afe..ec5b93144fd 100644 --- a/tests/main/desktop-portal-open-file/task.yaml +++ b/tests/main/desktop-portal-open-file/task.yaml @@ -15,6 +15,10 @@ systems: [ubuntu-18.04-64, ubuntu-2*] environment: EDITOR_HISTORY: /tmp/editor-history.txt +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -57,11 +61,6 @@ debug: | execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-open-uri/task.yaml b/tests/main/desktop-portal-open-uri/task.yaml index 60c75a8f665..3abf9c22962 100644 --- a/tests/main/desktop-portal-open-uri/task.yaml +++ b/tests/main/desktop-portal-open-uri/task.yaml @@ -12,6 +12,10 @@ systems: [ubuntu-18.04-64, ubuntu-2*] environment: BROWSER_HISTORY: /tmp/browser-history.txt +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -53,11 +57,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/desktop-portal-screenshot/task.yaml b/tests/main/desktop-portal-screenshot/task.yaml index 11313e5d9e8..9d1f6177fa1 100644 --- a/tests/main/desktop-portal-screenshot/task.yaml +++ b/tests/main/desktop-portal-screenshot/task.yaml @@ -23,6 +23,10 @@ details: | # Expand as needed. systems: [ubuntu-18.04-64, ubuntu-2*] +skip: + - reason: The snap test-snapd-portal-client is just available for amd64 + if: not os.query is-pc-amd64 + prepare: | #shellcheck source=tests/lib/desktop-portal.sh . "$TESTSLIB"/desktop-portal.sh @@ -45,11 +49,6 @@ debug: | ps -ef | grep xdg || true execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-portal-client is just available for amd64" - exit - fi - echo "Install the portals test client" snap install --edge test-snapd-portal-client diff --git a/tests/main/fakestore-install/task.yaml b/tests/main/fakestore-install/task.yaml index 7434d59aa8f..4a73d54f07e 100644 --- a/tests/main/fakestore-install/task.yaml +++ b/tests/main/fakestore-install/task.yaml @@ -10,19 +10,15 @@ systems: [-ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" # Ensure that "core" is installed as it is a pre-requisite of the base but diff --git a/tests/main/interface-static-attrs-update-on-refresh/task.yaml b/tests/main/interface-static-attrs-update-on-refresh/task.yaml index d3ea2adaa17..5ba1e8f57d1 100644 --- a/tests/main/interface-static-attrs-update-on-refresh/task.yaml +++ b/tests/main/interface-static-attrs-update-on-refresh/task.yaml @@ -8,6 +8,11 @@ details: | # changes to the base profile or contents of the core snap will never break the test systems: [-ubuntu-core-*] +skip: + - reason: Snap confinement is partial + if: | + [ "$(snap debug confinement)" = partial ] + prepare: | "$TESTSTOOLS"/snaps-state install-local test-snap-a-v1 "$TESTSTOOLS"/snaps-state install-local test-snap-b @@ -18,10 +23,6 @@ prepare: | tests.cleanup defer rm -rf /etc/foo /etc/bar execute: | - if [ "$(snap debug confinement)" = partial ] ; then - exit 0 - fi - snap info test-snap-a | MATCH "^installed: +version1" echo "test-snap-a reading /etc/foo, /etc/bar should fail." diff --git a/tests/main/interfaces-contacts-service/task.yaml b/tests/main/interfaces-contacts-service/task.yaml index 9d82bd12276..036749b18bd 100644 --- a/tests/main/interfaces-contacts-service/task.yaml +++ b/tests/main/interfaces-contacts-service/task.yaml @@ -35,14 +35,7 @@ restore: | tests.session -u test restore execute: | - if ! snap install --edge test-snapd-eds ; then - if [ "$SPREAD_SYSTEM" = ubuntu-16.04-64 ]; then - echo "The test-snapd-eds must be available on ubuntu-16.04-64" - exit 1 - fi - echo "SKIP: test-snapd-eds not available" - exit 0 - fi + snap install --edge test-snapd-eds echo "The interface is initially disconnected" snap interfaces -i contacts-service | MATCH -- '- +test-snapd-eds:contacts-service' diff --git a/tests/main/interfaces-content-compatibility/task.yaml b/tests/main/interfaces-content-compatibility/task.yaml index b70b93e90d5..07bfea77ff2 100644 --- a/tests/main/interfaces-content-compatibility/task.yaml +++ b/tests/main/interfaces-content-compatibility/task.yaml @@ -8,19 +8,15 @@ environment: STORE_DIR: $(pwd)/fake-store-blobdir STORE_ADDR: localhost:11028 +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap set system experimental.content-compatibility-label=true snap install core24 diff --git a/tests/main/interfaces-cups-control-autoconnect/task.yaml b/tests/main/interfaces-cups-control-autoconnect/task.yaml index 39ce1062bc7..c53edd38d3c 100644 --- a/tests/main/interfaces-cups-control-autoconnect/task.yaml +++ b/tests/main/interfaces-cups-control-autoconnect/task.yaml @@ -17,12 +17,12 @@ systems: environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" @@ -56,10 +56,6 @@ prepare: | fi restore: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" rm -f /etc/cups/cupsd.conf @@ -68,11 +64,6 @@ restore: | fi execute: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Install the cups-provider snap" "$TESTSTOOLS"/snaps-state install-local cups-provider diff --git a/tests/main/interfaces-custom-device-app-slot/task.yaml b/tests/main/interfaces-custom-device-app-slot/task.yaml index c7a8b243ef3..e994ce8dd18 100644 --- a/tests/main/interfaces-custom-device-app-slot/task.yaml +++ b/tests/main/interfaces-custom-device-app-slot/task.yaml @@ -14,12 +14,12 @@ systems: environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | # Install core snap to avoid installing it using the fake store if not snap list core; then snap install core @@ -76,18 +76,9 @@ prepare: | snap ack "${BLOB_DIR}"/asserts/*.snap-declaration restore: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" execute: | - if [ "$TRUST_TEST_KEYS" = false ]; then - echo "This test needs test keys to be trusted" - exit - fi - echo "Install the device-app snap" snap install device-app diff --git a/tests/main/interfaces-desktop-launch/task.yaml b/tests/main/interfaces-desktop-launch/task.yaml index d600e7ade1a..11928e63e5b 100644 --- a/tests/main/interfaces-desktop-launch/task.yaml +++ b/tests/main/interfaces-desktop-launch/task.yaml @@ -6,27 +6,22 @@ details: | systems: [-ubuntu-core-*] +skip: + - reason: This test needs systemd and dbus sessions to run + if: | + ! tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi snap remove --purge api-client || true tests.session -u test prepare tests.session -u test exec systemctl --user \ set-environment XDG_DATA_DIRS=/usr/share:/var/lib/snapd/desktop restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test restore rm -f ~test/snap/test-app/current/launch-data.txt execute: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - "$TESTSTOOLS"/snaps-state install-local api-client tests.cleanup defer snap remove --purge api-client diff --git a/tests/main/interfaces-gpio-memory-control/task.yaml b/tests/main/interfaces-gpio-memory-control/task.yaml index 36792f3b50b..553e26848e1 100644 --- a/tests/main/interfaces-gpio-memory-control/task.yaml +++ b/tests/main/interfaces-gpio-memory-control/task.yaml @@ -5,16 +5,16 @@ details: | systems: [ubuntu-core-18-arm-32*] +skip: + - reason: The /dev/gpiomem device does not exist in current system + if: | + ! [ -c /dev/gpiomem ] + prepare: | echo "Given the test-snapd-gpio-memory-control snap is installed" snap install test-snapd-gpio-memory-control execute: | - if ! [ -c /dev/gpiomem ]; then - echo "The /dev/gpiomem device does not exist in current system" - exit 0 - fi - echo "The interface is not connected by default" #shellcheck disable=SC1117 snap interfaces -i gpio-memory-control | MATCH '^- +test-snapd-gpio-memory-control:gpio-memory-control' diff --git a/tests/main/interfaces-kernel-module-control/task.yaml b/tests/main/interfaces-kernel-module-control/task.yaml index d1c29a82f61..4419c1717cc 100644 --- a/tests/main/interfaces-kernel-module-control/task.yaml +++ b/tests/main/interfaces-kernel-module-control/task.yaml @@ -24,6 +24,11 @@ environment: MODULE: minix MODULE_PATH: /lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko +skip: + - reason: minix module not available in the system + if: | + ! [ -f "/lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko" ] + prepare: | echo "Given a snap declaring a plug on the kernel-module-control interface is installed" snap install --edge test-snapd-kernel-module-consumer @@ -49,11 +54,6 @@ debug: | ls -R /lib/modules/"$(uname -r)"/kernel/fs execute: | - if ! [ -f "/lib/modules/$(uname -r)/kernel/fs/$MODULE/$MODULE.ko" ]; then - echo "$MODULE module not available in the system" - exit 0 - fi - echo "The plug is disconnected by default" snap interfaces -i kernel-module-control | MATCH '^- +test-snapd-kernel-module-consumer:kernel-module-control' diff --git a/tests/main/interfaces-libvirt/task.yaml b/tests/main/interfaces-libvirt/task.yaml index 22fb8a45164..245f8a5de34 100644 --- a/tests/main/interfaces-libvirt/task.yaml +++ b/tests/main/interfaces-libvirt/task.yaml @@ -15,12 +15,11 @@ details: | systems: [ubuntu-2*] -prepare: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi +skip: + - reason: The snap test-snapd-libvirt-consumer is just available for amd64 + if: not os.query is-pc-amd64 +prepare: | # Given test user is added to the libvirt group adduser test libvirt @@ -47,11 +46,6 @@ prepare: | tests.session -u test prepare restore: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi - ip link delete tap100 # remove test user from the libvirt group @@ -60,11 +54,6 @@ restore: | tests.session -u test restore execute: | - if not os.query is-pc-amd64; then - echo "The snap test-snapd-libvirt-consumer is just available for amd64" - exit - fi - echo "The interface is not connected by default" snap interfaces -i libvirt | MATCH '^- +test-snapd-libvirt-consumer:libvirt' diff --git a/tests/main/interfaces-polkit/task.yaml b/tests/main/interfaces-polkit/task.yaml index a25432c03c4..c560bfb31e6 100644 --- a/tests/main/interfaces-polkit/task.yaml +++ b/tests/main/interfaces-polkit/task.yaml @@ -19,26 +19,18 @@ systems: - -amazon-linux-2023-64 - -ubuntu-*-arm* +skip: + - reason: D-Bus session bus is not supported in the system + if: not tests.session has-session-systemd-and-dbus + prepare: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi tests.session -u test prepare restore: | - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi rm -f /home/test/sleep.stamp tests.session -u test restore execute: | - # We don't actually need a D-Bus session bus, but this is a good - # guard for support for a user session. - if ! tests.session has-session-systemd-and-dbus; then - exit 0 - fi - echo "Install the test snap" snap install --edge test-snapd-polkit diff --git a/tests/main/interfaces-snapd-control-with-manage/task.yaml b/tests/main/interfaces-snapd-control-with-manage/task.yaml index ed0318c5e22..8d425e4388d 100644 --- a/tests/main/interfaces-snapd-control-with-manage/task.yaml +++ b/tests/main/interfaces-snapd-control-with-manage/task.yaml @@ -21,12 +21,12 @@ systems: [-ubuntu-14.04*] environment: BLOB_DIR: $(pwd)/fake-store-blobdir -prepare: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi +skip: + - reason: This test needs test keys to be trusted + if: | + [ "$TRUST_TEST_KEYS" = "false" ] +prepare: | snap debug can-manage-refreshes | MATCH false # Install test snap dependencies before switching to fake store @@ -58,21 +58,12 @@ prepare: | snap ack "${BLOB_DIR}"/asserts/*.snap-declaration restore: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi "$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR" debug: | gojq .data.auth.device /var/lib/snapd/state.json || true execute: | - if [ "$TRUST_TEST_KEYS" = "false" ]; then - echo "This test needs test keys to be trusted" - exit - fi - snap install test-snapd-control-consumer echo "The interface is connected by default" diff --git a/tests/main/interfaces-userns/task.yaml b/tests/main/interfaces-userns/task.yaml index 8b304614c78..f5b02fef193 100644 --- a/tests/main/interfaces-userns/task.yaml +++ b/tests/main/interfaces-userns/task.yaml @@ -14,6 +14,10 @@ environment: # This is used to abbreviate some of the paths below. P: /var/snap/test-snapd-userns/common +skip: + - reason: system either doesn't support unprivileged userns or it is disabled + if: not sysctl kernel.unprivileged_userns_clone + prepare: | echo "Install a helper snap (for confinement testing)" "$TESTSTOOLS"/snaps-state install-local test-snapd-userns @@ -31,12 +35,6 @@ restore: | tests.session -u test restore execute: | - # ensure that the system supports unprivileged userns and it is enabled - if ! sysctl kernel.unprivileged_userns_clone; then - echo "Skipping testing of unprivileged userns since it is not supported by the kernel" - exit 0 - fi - echo "Enable the use of unprivileged user namespaces by default" orig_userns_clone=$(sysctl -n kernel.unprivileged_userns_clone) sysctl -w kernel.unprivileged_userns_clone=1 From 0b15be1fd5013ed94682c22703e41d397c96a1a7 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Mon, 2 Feb 2026 03:18:33 -0500 Subject: [PATCH 19/41] tests: enable some nested tests by setting up proper kernel declarations on UC26 (#16452) * t/l/t/build_kernel_with_comps.sh: work around bug in current pc-kernel on 26/edge * tests: enable some nested tests by setting up proper kernel declaration on uc26 * tests: always add extra driver lib decls when repacking kernel * t/l/prepare.sh: change destination of systemd dropins for core26 --- .../pc-kernel-snap-decl-extras.json | 26 +++++++++++++++++++ tests/lib/nested.sh | 12 ++++++++- tests/lib/prepare.sh | 20 ++++++++++---- tests/lib/tools/build_kernel_with_comps.sh | 17 +++++++----- .../kernel-modules-components/task.yaml | 2 -- .../remodel-with-components-offline/task.yaml | 10 +++++-- .../manual/remodel-with-components/task.yaml | 10 ++++++- 7 files changed, 79 insertions(+), 18 deletions(-) create mode 100644 tests/lib/assertions/pc-kernel-snap-decl-extras.json diff --git a/tests/lib/assertions/pc-kernel-snap-decl-extras.json b/tests/lib/assertions/pc-kernel-snap-decl-extras.json new file mode 100644 index 00000000000..775ab3ef230 --- /dev/null +++ b/tests/lib/assertions/pc-kernel-snap-decl-extras.json @@ -0,0 +1,26 @@ +{ + "format": "5", + "slots": { + "cuda-driver-libs": { + "allow-installation": "true" + }, + "egl-driver-libs": { + "allow-installation": "true" + }, + "gbm-driver-libs": { + "allow-installation": "true" + }, + "opengl-driver-libs": { + "allow-installation": "true" + }, + "opengles-driver-libs": { + "allow-installation": "true" + }, + "vulkan-driver-libs": { + "allow-installation": "true" + }, + "nvidia-video-driver-libs": { + "allow-installation": "true" + } + } +} diff --git a/tests/lib/nested.sh b/tests/lib/nested.sh index 8be7bb98c4e..f85a2248b24 100755 --- a/tests/lib/nested.sh +++ b/tests/lib/nested.sh @@ -17,6 +17,7 @@ : "${NESTED_SIGN_SNAPS_FAKESTORE:=false}" : "${NESTED_REPACK_FOR_FAKESTORE:=false}" : "${NESTED_FAKESTORE_SNAP_DECL_PC_GADGET:=}" +: "${NESTED_FAKESTORE_SNAP_DECL_PC_KERNEL:=}" : "${NESTED_UBUNTU_IMAGE_SNAPPY_FORCE_SAS_URL:=}" : "${NESTED_UBUNTU_IMAGE_PRESEED_KEY:=}" : "${NESTED_UBUNTU_SEED_SIZE:=}" @@ -754,7 +755,16 @@ nested_prepare_kernel() { # sign the pc-kernel snap with fakestore if requested if [ "$NESTED_SIGN_SNAPS_FAKESTORE" = "true" ]; then - "$TESTSTOOLS"/store-state make-snap-installable --noack "$NESTED_FAKESTORE_BLOB_DIR" "$(nested_get_extra_snaps_path)/$output_name" "$snap_id" + local extra_decl_args="" + local kernel_decl="$NESTED_FAKESTORE_SNAP_DECL_PC_KERNEL" + if [ -z "$kernel_decl" ] ; then + kernel_decl="$TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + if [ -n "$kernel_decl" ]; then + extra_decl_args="--extra-decl-json $kernel_decl" + fi + # shellcheck disable=SC2086 + "$TESTSTOOLS"/store-state make-snap-installable --noack $extra_decl_args "$NESTED_FAKESTORE_BLOB_DIR" "$(nested_get_extra_snaps_path)/$output_name" "$snap_id" fi fi } diff --git a/tests/lib/prepare.sh b/tests/lib/prepare.sh index e7b3121c9de..4e96429cfcc 100755 --- a/tests/lib/prepare.sh +++ b/tests/lib/prepare.sh @@ -854,15 +854,25 @@ repack_core_snap_with_tweaks() { UNPACK_DIR="$(mktemp -d /tmp/core-unpack.XXXXXXXX)" unsquashfs -no-progress -f -d "$UNPACK_DIR" "$CORESNAP" - mkdir -p "$UNPACK_DIR"/etc/systemd/journald.conf.d - cat < "$UNPACK_DIR"/etc/systemd/journald.conf.d/to-console.conf + # determine destination directory for systemd configuration files + # core26+ uses /usr/share/factory/writable/system-data/etc/ + # core24 and earlier use /etc/ + local DEST_ETC + if [ -e "$UNPACK_DIR/usr/share/factory/writable" ]; then + DEST_ETC="$UNPACK_DIR/usr/share/factory/writable/system-data/etc" + else + DEST_ETC="$UNPACK_DIR/etc" + fi + + mkdir -p "$DEST_ETC"/systemd/journald.conf.d + cat < "$DEST_ETC"/systemd/journald.conf.d/to-console.conf [Journal] ForwardToConsole=yes TTYPath=/dev/ttyS0 MaxLevelConsole=debug EOF - mkdir -p "$UNPACK_DIR"/etc/systemd/system/snapd.service.d -cat < "$UNPACK_DIR"/etc/systemd/system/snapd.service.d/logging.conf + mkdir -p "$DEST_ETC"/systemd/system/snapd.service.d +cat < "$DEST_ETC"/systemd/system/snapd.service.d/logging.conf [Service] Environment=SNAPD_DEBUG_HTTP=7 SNAPD_DEBUG=1 SNAPPY_TESTING=1 SNAPD_CONFIGURE_HOOK_TIMEOUT=30s StandardOutput=journal+console @@ -870,7 +880,7 @@ StandardError=journal+console EOF if [ "${NESTED_REPACK_FOR_FAKESTORE-}" = "true" ]; then - cat < "$UNPACK_DIR"/etc/systemd/system/snapd.service.d/store.conf + cat < "$DEST_ETC"/systemd/system/snapd.service.d/store.conf [Service] Environment=SNAPPY_FORCE_API_URL=http://10.0.2.2:11028 EOF diff --git a/tests/lib/tools/build_kernel_with_comps.sh b/tests/lib/tools/build_kernel_with_comps.sh index d952d7bf97e..7eabdf90ea7 100755 --- a/tests/lib/tools/build_kernel_with_comps.sh +++ b/tests/lib/tools/build_kernel_with_comps.sh @@ -39,16 +39,19 @@ description: kernel component for testing purposes EOF # Replace _ or - with [_-], as it can be any of these glob_mod_name=$(printf '%s' "$mod_name" | sed -r 's/[-_]/[-_]/g') - module_path=$(find kernel -name "${glob_mod_name}.ko*") - mapfile -t module_path <<< "$module_path" - cp --update=none "${module_path[@]}" "$comp_ko_dir" + # TODO: search only in kernel/modules to avoid duplicates (pc-kernel in + # 26/edge has both modules/ and lib/modules/). remove this hack once + # the kernel snap is fixed + module_path=$(find kernel/modules -name "${glob_mod_name}.ko*") + cp "$module_path" "$comp_ko_dir" snap pack --filename="${kernel_name}+${comp_name}".comp "$comp_name" # Create kernel without the kernel module - rm "${module_path[@]}" - # depmod wants a lib subdir - mkdir -p kernel/lib - ln -s ../modules kernel/lib/modules + rm "$module_path" + if [ ! -e kernel/lib/modules ]; then + mkdir -p kernel/lib + ln -s ../modules kernel/lib/modules + fi depmod -b kernel/ "$kern_ver" rm "${kernel_snap_file}" # append component meta-information diff --git a/tests/nested/manual/kernel-modules-components/task.yaml b/tests/nested/manual/kernel-modules-components/task.yaml index 5f2d9a51152..a7ffcf79465 100644 --- a/tests/nested/manual/kernel-modules-components/task.yaml +++ b/tests/nested/manual/kernel-modules-components/task.yaml @@ -7,8 +7,6 @@ systems: - -ubuntu-1* - -ubuntu-20* - -ubuntu-22* - # FIXME - - -ubuntu-26* environment: # Test both encrypted and unencrypted cases diff --git a/tests/nested/manual/remodel-with-components-offline/task.yaml b/tests/nested/manual/remodel-with-components-offline/task.yaml index 1e0b6c5dc5b..cd531988983 100644 --- a/tests/nested/manual/remodel-with-components-offline/task.yaml +++ b/tests/nested/manual/remodel-with-components-offline/task.yaml @@ -10,8 +10,6 @@ systems: - -ubuntu-1* - -ubuntu-20* - -ubuntu-22* - # FIXME - - -ubuntu-26* environment: INITIAL_MODEL_JSON: $TESTSLIB/assertions/test-snapd-component-remodel-initial-pc-VERSION.json @@ -86,9 +84,17 @@ execute: | kernel_id='pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza' + # include declaration extras for driver slots + extra_decl_args="" + if [ "$(tests.nested show version)" -ge 26 ]; then + extra_decl_args="--extra-decl-json $TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + # bump the available kernel version in the fake store + #shellcheck disable=SC2086 "${TESTSTOOLS}"/store-state make-snap-installable --noack \ --revision 2 \ + $extra_decl_args \ "${NESTED_FAKESTORE_BLOB_DIR}" \ ./pc-kernel-with-comps.snap \ "${kernel_id}" diff --git a/tests/nested/manual/remodel-with-components/task.yaml b/tests/nested/manual/remodel-with-components/task.yaml index 98354d50d3f..0f8739d6876 100644 --- a/tests/nested/manual/remodel-with-components/task.yaml +++ b/tests/nested/manual/remodel-with-components/task.yaml @@ -8,8 +8,8 @@ details: | validates that the newly created system can be rebooted into. systems: - # FIXME: make it work on 26 - ubuntu-24* + - ubuntu-26* environment: INITIAL_MODEL_JSON: $TESTSLIB/assertions/test-snapd-component-remodel-initial-pc-VERSION.json @@ -84,9 +84,17 @@ execute: | kernel_id='pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza' + # include declaration extras for driver slots + extra_decl_args="" + if [ "$(tests.nested show version)" -ge 26 ]; then + extra_decl_args="--extra-decl-json $TESTSLIB/assertions/pc-kernel-snap-decl-extras.json" + fi + # bump the available kernel version in the fake store + #shellcheck disable=SC2086 "${TESTSTOOLS}"/store-state make-snap-installable --noack \ --revision 2 \ + $extra_decl_args \ "${NESTED_FAKESTORE_BLOB_DIR}" \ ./pc-kernel-with-comps.snap \ "${kernel_id}" From 27b9da7b913a19103e819e5f070d53eace5cedd3 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Mon, 2 Feb 2026 09:54:14 -0300 Subject: [PATCH 20/41] tests: fix interfaces-block-devices when fde is used (#16523) * tests: fix interfaces-block-devices when fde is used This fix allows to run interfaces-block-devices test when ubuntu-data partition is encripted. * Update tests/main/interfaces-block-devices/task.yaml Co-authored-by: Maciej Borzecki * Update tests/main/interfaces-block-devices/task.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update tests/main/interfaces-block-devices/task.yaml Co-authored-by: Maciej Borzecki --------- Co-authored-by: Maciej Borzecki Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- tests/main/interfaces-block-devices/task.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/main/interfaces-block-devices/task.yaml b/tests/main/interfaces-block-devices/task.yaml index 2979d7a7e0d..16a3ad6b7dd 100644 --- a/tests/main/interfaces-block-devices/task.yaml +++ b/tests/main/interfaces-block-devices/task.yaml @@ -8,7 +8,14 @@ prepare: | # identify which disk /var/snap lives on; we could use %Hd:%Ld, but not all # versions of coreutils support that, but it's not always obvious what the # device is if the host is using btrfs, or an alias such as /dev/root - maybe_partition_dev="$(df --output=source /var/snap | tail -n -1)" + if lsblk -f -o label,fstype | MATCH "ubuntu-data.*crypto_LUKS"; then + # This is the case when TPM is enabled and we're using FDE + # Now /var/snap is on an ubuntu-data volume made available through device + # mapper and will show up as disk, so it is required to find the parent partition + maybe_partition_dev=/dev/"$(lsblk -f -o label,fstype,name --raw | awk '/ubuntu-data.*crypto_LUKS/ { print $3 }')" + else + maybe_partition_dev="$(df --output=source /var/snap | tail -n -1)" + fi # we're expecting a partition udevadm info -q property "$maybe_partition_dev" | MATCH 'DEVTYPE=partition' # get the node name under /dev From 6cab672c3b2368cab859fa730e1f7026ad86a360 Mon Sep 17 00:00:00 2001 From: Valentin David Date: Fri, 30 Jan 2026 16:17:26 +0100 Subject: [PATCH 21/41] tests/lib/nested.sh: disable cloud-init check on core26 for now cloud-init-local.services fails, but the machine still works. However the error is set. So for now we should ignore it until it is fixed on cloud-init. --- tests/lib/nested.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/lib/nested.sh b/tests/lib/nested.sh index f85a2248b24..7a7b958b3fc 100755 --- a/tests/lib/nested.sh +++ b/tests/lib/nested.sh @@ -1515,7 +1515,13 @@ nested_start_core_vm_unit() { remote.exec "cloud-init status" || ret=$? if [ "$ret" -ne 0 ] && [ "$ret" -ne 2 ]; then echo "cloud-init finished with error $ret" - exit 1 + # FIXME: remove core26 case. + # See https://github.com/canonical/cloud-init/issues/6699 + if nested_is_core_26_system; then + echo "Ignoring error on core26 for now" + else + exit 1 + fi fi fi fi From 7a2ed6a8a30e0a93f8a7709768e67944614a7913 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Fri, 30 Jan 2026 06:34:24 +0000 Subject: [PATCH 22/41] snap-confine: add CAP_SYS_RESOURCE When snap-confine is used on an kernel older than 5.11 then it will notice the memory lock limit is too low and attempt to raise it. This requires CAP_SYS_RESOURCE that was not granted before. This issue was masked by the interplay of sudo/su/pam/logind also interacting with the limit in ways we did not fully trace. Fixes: https://bugs.launchpad.net/snapd/+bug/2139300 Jira: https://warthogs.atlassian.net/browse/SNAPDENG-36355 --- cmd/snap-confine/snap-confine.c | 3 +++ cmd/snap-confine/snap-confine.caps | 2 +- cmd/snap-confine/snap-confine.v2-only.caps | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/snap-confine/snap-confine.c b/cmd/snap-confine/snap-confine.c index 2743336952b..4c2ef524dfc 100644 --- a/cmd/snap-confine/snap-confine.c +++ b/cmd/snap-confine/snap-confine.c @@ -371,6 +371,9 @@ int main(int argc, char **argv) { CAP_CHOWN, // file ownership CAP_FOWNER, // to create tmp dir with sticky bit CAP_SYS_PTRACE, // to inspect the mount namespace of PID1 + // TODO: when removing the manual adjustment to memlock limit, remove this capability as well. + // The capability is to support the logic needed for 5.11 kernels. + CAP_SYS_RESOURCE, // to raise memlock limit before setting up device eBPF program. }; /* We may be invoking tools such as snap-update-ns or snap-discard which are diff --git a/cmd/snap-confine/snap-confine.caps b/cmd/snap-confine/snap-confine.caps index d73457f1034..20f74001df2 100644 --- a/cmd/snap-confine/snap-confine.caps +++ b/cmd/snap-confine/snap-confine.caps @@ -1 +1 @@ -cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setgid,cap_setuid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setgid,cap_setuid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p diff --git a/cmd/snap-confine/snap-confine.v2-only.caps b/cmd/snap-confine/snap-confine.v2-only.caps index 5bac99b1e0b..e06bbc1fda5 100644 --- a/cmd/snap-confine/snap-confine.v2-only.caps +++ b/cmd/snap-confine/snap-confine.v2-only.caps @@ -1 +1 @@ -cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p From 43feea12326b352e76606af82fcad092d4664cfc Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Fri, 30 Jan 2026 07:20:32 +0000 Subject: [PATCH 23/41] packaging/fedora: add cap_sys_resource Signed-off-by: Zygmunt Krynicki --- packaging/fedora/snapd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/fedora/snapd.spec b/packaging/fedora/snapd.spec index ff016cbf0a6..41ec86dfa66 100644 --- a/packaging/fedora/snapd.spec +++ b/packaging/fedora/snapd.spec @@ -72,10 +72,10 @@ # only required to use snapd in user namespaces when the host system uses # cgroup-v1 hierarchy. Since no actively supported Fedora release uses cgroup # v1, those capabilities are omitted. -%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p %if 0%{?amzn2} == 1 # However on AMZN2 we still have cgroup-v1, so setgid and setuid are needed. -%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setuid,cap_setgid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p +%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_setuid,cap_setgid,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=p %endif # Until we have a way to add more extldflags to gobuild macro... From d21bb785a8e1161888c9d7cb68deb31261200568 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Fri, 30 Jan 2026 12:21:32 +0100 Subject: [PATCH 24/41] tests: verify that snap-confine can raise RLIMIT_MEMLOCK The test runs a snap application with artificially lowered RLIMIT_MEMLOCK to observe that it really works. Signed-off-by: Zygmunt Krynicki --- tests/main/security-device-cgroups/task.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/main/security-device-cgroups/task.yaml b/tests/main/security-device-cgroups/task.yaml index 2fca5bdc6fb..11d8d12a94c 100644 --- a/tests/main/security-device-cgroups/task.yaml +++ b/tests/main/security-device-cgroups/task.yaml @@ -155,3 +155,15 @@ execute: | else udevadm info "$UDEVADM_PATH" | NOMATCH "E: TAGS=.*snap_test-snapd-sh_sh" fi + + # In the unlikely case of low value of RLIMIT_MEMLOCK, snap-confine can + # increase the value automatically. Here we explicitly pass a small value + # to observe that we can construct everything from scratch just fine. Note + # that this requires us to have at least one device tagged to the snap, + # otherwise snap-confine will not run the relevant logic. + "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 + rm -f /sys/fs/bpf/snap/snap_test-snapd-sh-core24_sh + prlimit --memlock=65536 env SNAP_CONFINE_DEBUG=1 test-snapd-sh-core24.sh -c 'true' + # Remove observable state of the previous command. + rm -f /sys/fs/bpf/snap/snap_test-snapd-core24-sh_sh + snapd.tool exec snap-discard-ns test-snapd-sh-core24 From 7639e3fea5c0e7d4afcd91e862044ad839d67a96 Mon Sep 17 00:00:00 2001 From: Sergio Cazzolato Date: Mon, 2 Feb 2026 13:05:07 -0300 Subject: [PATCH 25/41] tests: increase the timeout used for arm64 servers in openstack-ext (#16263) * tests: increase the timeout used for arm64 servers in openstack-ext As in arm64 environments it is not supported the hardware acceleration, this is required to have longer timeouts compared to amd64 to deal with long executions. This change is done to avoid kill timeouts building snapd in armhf. * run also in faster machines * update wait-for ssh line --- spread.yaml | 4 ++-- tests/utils/cross-build/suite/build-snapd-armhf/task.yaml | 4 ++-- tests/utils/cross-build/suite/build-snapd/task.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spread.yaml b/spread.yaml index f986daa132e..55167e3d30e 100644 --- a/spread.yaml +++ b/spread.yaml @@ -555,8 +555,8 @@ backends: openstack-arm-ext: type: openstack key: '$(HOST: echo "$OS_CREDENTIALS_ARM64_PS7")' - plan: shared.medium.arm64 - halt-timeout: 2h + plan: shared.large.arm64 + halt-timeout: 3h wait-timeout: 10m groups: [default] proxy: ingress-haproxy.ps7.canonical.com diff --git a/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml b/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml index cf069f25757..358ac688db3 100644 --- a/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml +++ b/tests/utils/cross-build/suite/build-snapd-armhf/task.yaml @@ -5,7 +5,7 @@ details: | using the desired image, kernel and initrd, and then run the build-spread task which builds snapd snap on the target system. -kill-timeout: 120m +kill-timeout: 180m environment: VERSION/jammy: 22.04 @@ -86,7 +86,7 @@ prepare: | tests.systemd wait-for-service -n 15 --wait 2 --state active "$SERVICE_NAME" # Wait until the nested vm is accessible through ssh (50 retries with 10 sec wait) - tests.nested wait-for ssh 50 10 + tests.nested wait-for ssh 100 10 restore: | systemctl stop "$SERVICE_NAME" || true diff --git a/tests/utils/cross-build/suite/build-snapd/task.yaml b/tests/utils/cross-build/suite/build-snapd/task.yaml index 5dcc17f0d84..e13abcb2b61 100644 --- a/tests/utils/cross-build/suite/build-snapd/task.yaml +++ b/tests/utils/cross-build/suite/build-snapd/task.yaml @@ -5,7 +5,7 @@ details: | systems: [ubuntu-*] -kill-timeout: 100m +kill-timeout: 150m prepare: | # make sure snapd snap is refreshed From 06978c283a52f570ce3837f7fb8cd4801ec1872c Mon Sep 17 00:00:00 2001 From: ernestl Date: Tue, 3 Feb 2026 08:49:28 +0200 Subject: [PATCH 26/41] interfaces: camera: add locking permission for /dev/video devices (#16517) Signed-off-by: Lorenzo Medici --- interfaces/builtin/camera.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/builtin/camera.go b/interfaces/builtin/camera.go index b531a3a2386..ce811332c5d 100644 --- a/interfaces/builtin/camera.go +++ b/interfaces/builtin/camera.go @@ -35,7 +35,7 @@ const cameraBaseDeclarationSlots = ` const cameraConnectedPlugAppArmor = ` # Until we have proper device assignment, allow access to all cameras -###PROMPT### /dev/video[0-9]* rw, +###PROMPT### /dev/video[0-9]* rwk, # VideoCore cameras (shared device with VideoCore/EGL) ###PROMPT### /dev/vchiq rw, From 9952d6a187e3ecaff9ad13cf1bc9385035740e7d Mon Sep 17 00:00:00 2001 From: Maciej Borzecki Date: Thu, 29 Jan 2026 08:11:30 +0100 Subject: [PATCH 27/41] cmd/libsnap-confine-private/device-cgroup-support: bump devices BPF map key count to 1000 (#16505) Bump the max element count of the BPF map used to store IDs of allowed/matched devices to 1000. According to LP#2139099 the current limit can be exhausted with ~80VMs with ~500 microceph rbd devices. The snippet below shows memory use of a map allocated with the previous default value (id 14, size 500), and the new default (id 23, size 1000): 14: hash name s_fwupd_refresh flags 0x0 key 9B value 1B max_entries 500 memlock 47712B 23: hash name s_test_snapd_sh flags 0x0 key 9B value 1B max_entries 1000 memlock 91904B Fixes: LP#2139099 Signed-off-by: Maciej Borzecki --- cmd/libsnap-confine-private/device-cgroup-support.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cmd/libsnap-confine-private/device-cgroup-support.c b/cmd/libsnap-confine-private/device-cgroup-support.c index 2e005cc4853..a1f73d82711 100644 --- a/cmd/libsnap-confine-private/device-cgroup-support.c +++ b/cmd/libsnap-confine-private/device-cgroup-support.c @@ -390,8 +390,14 @@ static int _sc_cgroup_v2_init_bpf(sc_device_cgroup *self, int flags) { int devmap_fd = bpf_get_by_path(path); /* keep a copy of errno in case it gets clobbered */ int get_by_path_errno = errno; - /* XXX: this should be more than enough keys */ - const size_t max_entries = 500; + /* This used to be 500 (using ~47kB of kernel mem), but got bumped to 1000 + (~89kB of kernel mem) due to LP#2139099. Should be more than enough keys + now. */ + /* TODO: make this configurable or proportional to number of + interfaces/potentially matching devices, system memory size or see + whether we can maybe use a 2 stage combination of + BPF_MAP_TYPE_BLOOM_FILTER & BPF_MAP_TYPE_HASH */ + const size_t max_entries = 1000; if (devmap_fd < 0) { if (get_by_path_errno != ENOENT) { die("cannot get existing device map"); From e04cb270e3f4be99fb43922fe7cec13cabf93ffe Mon Sep 17 00:00:00 2001 From: Maciej Borzecki Date: Wed, 21 Jan 2026 13:21:30 +0100 Subject: [PATCH 28/41] tests/main/layout-content-provider-change, fakestore: add a test mixing content, layouts and snap refreshes (#16442) * tests/main/layout-content-provider-change: add a test mixing content, layouts and snap refreshes Add a test which should mimic a scenario where a content provider is changed during snap refresh. This should hopefully be close to the scenario occurring for snaps like 'chromium' or 'firefox', where the GNOME runtime may be changed across revisions, and said snaps mix both content and layouts to set up the execution environment. Related: SNAPDENG-36193 Signed-off-by: Maciej Borzecki * tests/lib/fakestore: include snap.yaml in action responses Include contents of snap.yaml of the target snap in action endpoint responses. Signed-off-by: Maciej Borzecki * fixup! tests/main/layout-content-provider-change: add a test mixing content, layouts and snap refreshes * tests/main/system-usernames-snap-scoped: update the test Since fakestore now includes the entirety of snap.yaml the error occurs in an early pre-installation check, rather than in prepare-snap handler. Signed-off-by: Maciej Borzecki --------- Signed-off-by: Maciej Borzecki --- tests/lib/fakestore/store/store.go | 15 ++++ tests/lib/fakestore/store/store_test.go | 11 +++ .../layout-content-provider-change/task.yaml | 73 +++++++++++++++++++ .../test-snapd-content-consumer-v1/bin/app | 3 + .../meta/snap.yaml | 21 ++++++ .../snap/command-chain/launch | 7 ++ .../test-snapd-content-consumer-v2/bin/app | 3 + .../meta/snap.yaml | 22 ++++++ .../snap/command-chain/launch | 7 ++ .../command-chain/desktop-launch | 5 ++ .../meta/snap.yaml | 9 +++ .../command-chain/desktop-launch | 5 ++ .../meta/snap.yaml | 9 +++ .../system-usernames-snap-scoped/task.yaml | 2 +- 14 files changed, 191 insertions(+), 1 deletion(-) create mode 100644 tests/main/layout-content-provider-change/task.yaml create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app create mode 100644 tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app create mode 100644 tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch create mode 100644 tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml create mode 100755 tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch create mode 100644 tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml diff --git a/tests/lib/fakestore/store/store.go b/tests/lib/fakestore/store/store.go index b59753f4a00..8d4cc707cdf 100644 --- a/tests/lib/fakestore/store/store.go +++ b/tests/lib/fakestore/store/store.go @@ -813,6 +813,7 @@ type detailsResultV2 struct { Confinement string `json:"confinement"` Type string `json:"type"` Resources []snapResourceResult `json:"resources,omitempty"` + SnapYAML string `json:"snap-yaml"` } type downloadInfo struct { @@ -937,6 +938,19 @@ func (s *Store) snapActionEndpoint(w http.ResponseWriter, req *http.Request) { return } + // include snap.yaml + f, err := snapfile.Open(sn.path) + if err != nil { + http.Error(w, fmt.Sprintf("cannot open snap container: %v", err.Error()), 500) + return + } + + snapYaml, err := f.ReadFile("meta/snap.yaml") + if err != nil { + http.Error(w, fmt.Sprintf("cannot read snap.yaml: %v", err.Error()), 500) + return + } + resources := make([]snapResourceResult, 0, len(sn.components)) for compName, comp := range sn.components { f, err := snapfile.Open(path.Join(comp.path)) @@ -979,6 +993,7 @@ func (s *Store) snapActionEndpoint(w http.ResponseWriter, req *http.Request) { Confinement: essInfo.Confinement, Type: essInfo.Type, Base: essInfo.Base, + SnapYAML: string(snapYaml), } if len(resources) > 0 { details.Resources = resources diff --git a/tests/lib/fakestore/store/store_test.go b/tests/lib/fakestore/store/store_test.go index 264b290767f..3534ba7bdda 100644 --- a/tests/lib/fakestore/store/store_test.go +++ b/tests/lib/fakestore/store/store_test.go @@ -749,6 +749,7 @@ func (s *storeTestSuite) TestSnapActionEndpoint(c *C) { "revision": float64(424242), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -796,6 +797,7 @@ func (s *storeTestSuite) TestSnapActionEndpointUsesLatest(c *C) { "revision": float64(2), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 2", }, }) } @@ -845,6 +847,7 @@ func (s *storeTestSuite) TestSnapActionEndpointChannel(c *C) { "revision": float64(1), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -894,6 +897,7 @@ func (s *storeTestSuite) TestSnapActionEndpointChannelRefreshAll(c *C) { "revision": float64(1), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -944,6 +948,7 @@ func (s *storeTestSuite) TestSnapActionEndpointAssertedWithRevision(c *C) { "revision": float64(rev.N), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: " + version, }, }) } @@ -1013,6 +1018,7 @@ func (s *storeTestSuite) TestSnapActionEndpointAssertedWithComponents(c *C) { "revision": float64(rev.N), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: " + version, }, } @@ -1090,6 +1096,7 @@ func (s *storeTestSuite) TestSnapActionEndpointWithAssertions(c *C) { "revision": float64(99), "confinement": "strict", "type": "app", + "snap-yaml": "name: foo\nversion: 10", }, }) } @@ -1133,6 +1140,7 @@ func (s *storeTestSuite) TestSnapActionEndpointRefreshAll(c *C) { "revision": float64(424242), "confinement": "strict", "type": "app", + "snap-yaml": "name: test-snapd-tools\nversion: 1", }, }) } @@ -1177,6 +1185,7 @@ func (s *storeTestSuite) TestSnapActionEndpointWithAssertionsInstall(c *C) { "revision": float64(99), "confinement": "strict", "type": "app", + "snap-yaml": "name: foo\nversion: 10", }, }) } @@ -1221,6 +1230,7 @@ func (s *storeTestSuite) TestSnapActionEndpointSnapWithBase(c *C) { "confinement": "strict", "type": "app", "base": "core20", + "snap-yaml": "name: test-snapd-tools\nversion: 1\nbase: core20", }, }) } @@ -1289,6 +1299,7 @@ func (s *storeTestSuite) TestSnapActionEndpointUnknownSnapAutoRefresh(c *C) { "confinement": "strict", "type": "app", "base": "core20", + "snap-yaml": "name: test-snapd-tools\nversion: 1\nbase: core20", }, }) } diff --git a/tests/main/layout-content-provider-change/task.yaml b/tests/main/layout-content-provider-change/task.yaml new file mode 100644 index 00000000000..e62bf7b516e --- /dev/null +++ b/tests/main/layout-content-provider-change/task.yaml @@ -0,0 +1,73 @@ +summary: Verify scenario in which the content provider of a snap is changed + +details: | + Verify a scenario like + https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2072395 where there's a + snap with a content consumer plug, which uses layouts to move around the + data coming from the content provider snap. The snap is refreshed, changing + to a different content provider along the way. + +environment: + STORE_DIR: $(pwd)/fake-store-blobdir + STORE_ADDR: localhost:11028 + +skip: + - reason: "Test keys need to be trusted" + if: | + [ "$TRUST_TEST_KEYS" = "false" ] + +prepare: | + snap install core24 + + "$TESTSTOOLS"/store-state setup-fake-store "$STORE_DIR" + tests.cleanup defer "$TESTSTOOLS"/store-state teardown-fake-store "$STORE_DIR" + + snap ack "$TESTSLIB/assertions/testrootorg-store.account-key" + snap ack "$TESTSLIB/assertions/developer1.account" + snap ack "$TESTSLIB/assertions/developer1.account-key" + + cp "$TESTSLIB"/assertions/testrootorg-store.account-key "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account "$STORE_DIR/asserts" + cp "$TESTSLIB"/assertions/developer1.account-key "$STORE_DIR/asserts" + + snap pack test-snapd-content-provider-v1 + snap pack test-snapd-content-provider-v2 + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider-v1_*.snap provider-v1-id + + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-provider-v2_*.snap provider-v2-id + + snap pack test-snapd-content-consumer-v1 + snap pack test-snapd-content-consumer-v2 + +execute: | + # make consumer 1.0.0 available in the store + "$TESTSTOOLS"/store-state make-snap-installable --revision 1 "$STORE_DIR" \ + test-snapd-content-consumer_1.*.snap consumer-id + + # install the first version + snap install test-snapd-content-consumer + + # the provider was pulled in and the plug is connected + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider-v1:special-content" + + test-snapd-content-consumer.app |& tee output-v1.log + MATCH 'hello from app' < output-v1.log + MATCH 'hello from content provider V1' < output-v1.log + + # now simulate what a snap like firefox may do, by switching the version of + # gnome runtime + "$TESTSTOOLS"/store-state make-snap-installable --revision 2 "$STORE_DIR" \ + test-snapd-content-consumer_2.*.snap consumer-id + + snap refresh test-snapd-content-consumer + + # new provider was pulled in and is connected now + snap connections test-snapd-content-consumer | NOMATCH "test-snapd-content-provider-v1" + snap connections test-snapd-content-consumer | MATCH "test-snapd-content-provider-v2:special-content" + + test-snapd-content-consumer.app |& tee output-v2.log + MATCH 'hello from app' < output-v2.log + MATCH 'hello from content provider V2' < output-v2.log diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml new file mode 100644 index 00000000000..429d0d5c1b2 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/meta/snap.yaml @@ -0,0 +1,21 @@ +name: test-snapd-content-consumer +version: 1.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + command-chain: + - snap/command-chain/launch + plugs: + - special-content-v1 + +plugs: + special-content-v1: + interface: content + target: $SNAP/connected-content + # like a snap using one version of gnome runtime + default-provider: test-snapd-content-provider-v1 diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch new file mode 100755 index 00000000000..8a2e4b5db9b --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v1/snap/command-chain/launch @@ -0,0 +1,7 @@ +#!/bin/bash + +# run through wrapper provided by content snap +# prepends desktop-launch to $@ +set -- "${SNAP}/connected-content/command-chain/desktop-launch" "$@" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app new file mode 100755 index 00000000000..1366fc27eed --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/bin/app @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "hello from app" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml new file mode 100644 index 00000000000..e0f4548de13 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/meta/snap.yaml @@ -0,0 +1,22 @@ +name: test-snapd-content-consumer +version: 2.0.0 +base: core24 + +assumes: + - command-chain + +apps: + app: + command: bin/app + command-chain: + - snap/command-chain/launch + plugs: + - special-content-v2 + +plugs: + special-content-v2: + interface: content + target: $SNAP/connected-content + # in v2, we switch to a different content provider, but with a similar mount + # namespace setup + default-provider: test-snapd-content-provider-v2 diff --git a/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch new file mode 100755 index 00000000000..8a2e4b5db9b --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-consumer-v2/snap/command-chain/launch @@ -0,0 +1,7 @@ +#!/bin/bash + +# run through wrapper provided by content snap +# prepends desktop-launch to $@ +set -- "${SNAP}/connected-content/command-chain/desktop-launch" "$@" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch new file mode 100755 index 00000000000..4f922a98028 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/command-chain/desktop-launch @@ -0,0 +1,5 @@ +#!/bin/bash + +echo "hello from content provider V1" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml new file mode 100644 index 00000000000..bd3d37a311d --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v1/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider-v1 +version: 1.0.0 +base: core24 + +slots: + special-content-v1: + interface: content + read: + - / diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch new file mode 100755 index 00000000000..9396c96bfe0 --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/command-chain/desktop-launch @@ -0,0 +1,5 @@ +#!/bin/bash + +echo "hello from content provider V2" + +exec "$@" diff --git a/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml new file mode 100644 index 00000000000..b1f96f19deb --- /dev/null +++ b/tests/main/layout-content-provider-change/test-snapd-content-provider-v2/meta/snap.yaml @@ -0,0 +1,9 @@ +name: test-snapd-content-provider-v2 +version: 2.0.0 +base: core24 + +slots: + special-content-v2: + interface: content + read: + - / diff --git a/tests/main/system-usernames-snap-scoped/task.yaml b/tests/main/system-usernames-snap-scoped/task.yaml index e1d230939ef..4d2a673960f 100644 --- a/tests/main/system-usernames-snap-scoped/task.yaml +++ b/tests/main/system-usernames-snap-scoped/task.yaml @@ -84,7 +84,7 @@ restore: | execute: | echo "Try to install a snap which is not entitled to use the user(s) under test" OUT=$(snap install "$UNAPPROVED_SNAP_NAME" 2>&1 || true) - echo "$OUT" | MATCH "snap \"$UNAPPROVED_SNAP_NAME\" is not allowed to use the system user \"(${TESTED_USERS// /|})\"" + echo "$OUT" | tr '\n' ' ' | tr -s ' ' | MATCH "snap \"$UNAPPROVED_SNAP_NAME\" is not allowed to use the system user \"(${TESTED_USERS// /|})\"" # Make sure no user(s) nor group(s) under test are created for user in $TESTED_USERS From c3a9a080a67f0cb2d8fd71ab81590b8d4ce5cee1 Mon Sep 17 00:00:00 2001 From: Valentin David Date: Tue, 3 Feb 2026 16:09:52 +0100 Subject: [PATCH 29/41] daemon/api_system_secureboot.go: allow multiple payloads in db update --- daemon/api_system_secureboot.go | 37 ++++++++++-- daemon/api_system_secureboot_test.go | 6 +- daemon/export_api_system_secureboot_test.go | 2 +- overlord/fdestate/backend/reseal.go | 34 +++++------ overlord/fdestate/backend/reseal_test.go | 4 +- overlord/fdestate/export_test.go | 2 +- overlord/fdestate/fdemgr_test.go | 2 +- overlord/fdestate/secure_boot_update.go | 22 +++---- overlord/fdestate/secure_boot_update_test.go | 62 ++++++++++---------- secboot/secboot.go | 2 +- secboot/secboot_sb_test.go | 23 ++++---- secboot/secboot_tpm.go | 16 ++--- 12 files changed, 119 insertions(+), 93 deletions(-) diff --git a/daemon/api_system_secureboot.go b/daemon/api_system_secureboot.go index 07c054e1a09..8a2dfee3c43 100644 --- a/daemon/api_system_secureboot.go +++ b/daemon/api_system_secureboot.go @@ -67,6 +67,11 @@ type securebootRequest struct { // blob is in the range from few kB to tens of kBs Payload string `json:"payload,omitempty"` + // Payloads is the same as Payload, but as a list of multiple + // ordered payloads to be applied. It is not valid to have both + // Payload and Payloads defined at the same time. + Payloads []string `json:"payloads,omitempty"` + // KeyDatabase is used with efi-secureboot-db-prepare action, and indicates the // secureboot keys database which is a target of the action, possible values are // PK, KEK, DB, DBX @@ -110,8 +115,11 @@ func (r *securebootRequest) Validate() error { return fmt.Errorf("invalid key database %q", r.KeyDatabase) } - if len(r.Payload) == 0 { - return errors.New("update payload not provided") + if len(r.Payload) == 0 && len(r.Payloads) == 0 { + return errors.New("payload not provided") + } + if len(r.Payload) != 0 && len(r.Payloads) != 0 { + return errors.New("both single payload and multiple payloads provided") } default: return fmt.Errorf("unsupported EFI secure boot action %q", r.Action) @@ -151,9 +159,26 @@ func postSystemSecurebootActionJSON(c *Command, r *http.Request) Response { var fdestateEFISecurebootDBUpdatePrepare = fdestate.EFISecurebootDBUpdatePrepare func postSystemActionEFISecurebootUpdateDBPrepare(c *Command, req *securebootRequest) Response { - payload, err := base64.StdEncoding.DecodeString(req.Payload) - if err != nil { - return BadRequest("cannot decode payload: %v", err) + var payloads [][]byte + switch { + case len(req.Payload) != 0 && len(req.Payloads) != 0: + return BadRequest("cannot use both single payload and multiple payloads were provided") + case len(req.Payload) != 0: + payload, err := base64.StdEncoding.DecodeString(req.Payload) + if err != nil { + return BadRequest("cannot decode payload: %v", err) + } + payloads = append(payloads, payload) + case len(req.Payloads) != 0: + for _, rawPayload := range req.Payloads { + payload, err := base64.StdEncoding.DecodeString(rawPayload) + if err != nil { + return BadRequest("cannot decode payload: %v", err) + } + payloads = append(payloads, payload) + } + default: + return BadRequest("cannot find payload") } keyDatabase, err := keyDatabaseFromString(req.KeyDatabase) @@ -163,7 +188,7 @@ func postSystemActionEFISecurebootUpdateDBPrepare(c *Command, req *securebootReq err = fdestateEFISecurebootDBUpdatePrepare(c.d.state, keyDatabase, - payload) + payloads) if err != nil { return BadRequest("cannot notify of update prepare: %v", err) } diff --git a/daemon/api_system_secureboot_test.go b/daemon/api_system_secureboot_test.go index 2cf52a2535d..318ee3b6fcf 100644 --- a/daemon/api_system_secureboot_test.go +++ b/daemon/api_system_secureboot_test.go @@ -48,7 +48,7 @@ func (s *systemSecurebootSuite) SetUpTest(c *C) { Interfaces: []string{"fwupd"}, }) - s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error { + s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error { panic("unexpected call") })) s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdateCleanup(func(st *state.State) error { @@ -219,9 +219,9 @@ func (s *systemSecurebootSuite) testEFISecurebootUpdateDBPrepareHappyForKind( s.daemon(c) updatePrepareCalls := 0 - s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error { + s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error { c.Check(db, Equals, kind) - c.Check(payload, DeepEquals, []byte("payload")) + c.Check(payloads, DeepEquals, [][]byte{[]byte("payload")}) updatePrepareCalls++ return nil })) diff --git a/daemon/export_api_system_secureboot_test.go b/daemon/export_api_system_secureboot_test.go index bca83e348c7..dd32a70b161 100644 --- a/daemon/export_api_system_secureboot_test.go +++ b/daemon/export_api_system_secureboot_test.go @@ -28,7 +28,7 @@ import ( type SecurebootRequest = securebootRequest func MockFdestateEFISecurebootDBUpdatePrepare( - f func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payload []byte) error, + f func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error, ) (restore func()) { restore = testutil.Backup(&fdestateEFISecurebootDBUpdatePrepare) fdestateEFISecurebootDBUpdatePrepare = f diff --git a/overlord/fdestate/backend/reseal.go b/overlord/fdestate/backend/reseal.go index 6539736f8f2..0d43f4c2a02 100644 --- a/overlord/fdestate/backend/reseal.go +++ b/overlord/fdestate/backend/reseal.go @@ -447,7 +447,7 @@ func recalculateParamatersTPM(parameters *updatedParameters, rootdir string, inp pbcJSON, _ := json.Marshal(pbc) logger.Debugf("resealing (%d) to boot chains: %s", nextCount, pbcJSON) - err := updateRunProtectionProfile(parameters, runOnlyPbc, pbc, inputs.signatureDBUpdate, params.RoleToBlName, checkResult) + err := updateRunProtectionProfile(parameters, runOnlyPbc, pbc, inputs.signatureDBUpdates, params.RoleToBlName, checkResult) if err != nil { return err } @@ -474,7 +474,7 @@ func recalculateParamatersTPM(parameters *updatedParameters, rootdir string, inp rpbcJSON, _ := json.Marshal(rpbc) logger.Debugf("resealing (%d) to recovery boot chains: %s", nextFallbackCount, rpbcJSON) - err := updateFallbackProtectionProfile(parameters, rpbc, inputs.signatureDBUpdate, params.RoleToBlName, checkResult) + err := updateFallbackProtectionProfile(parameters, rpbc, inputs.signatureDBUpdates, params.RoleToBlName, checkResult) if err != nil { return err } @@ -504,7 +504,7 @@ func anyClassicModel(params ...*secboot.SealKeyModelParams) bool { func updateRunProtectionProfile( parameters *updatedParameters, pbcRunOnly, pbcWithRecovery boot.PredictableBootChains, - sigDbxUpdate []byte, + sigDbxUpdates [][]byte, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -525,10 +525,10 @@ func updateRunProtectionProfile( return fmt.Errorf("at least one set of model-specific parameters is required") } - if len(sigDbxUpdate) > 0 { + if len(sigDbxUpdates) > 0 { logger.Debug("attaching DB update payload") - attachSignatureDbxUpdate(modelParams, sigDbxUpdate) - attachSignatureDbxUpdate(modelParamsRunOnly, sigDbxUpdate) + attachSignatureDbxUpdate(modelParams, sigDbxUpdates) + attachSignatureDbxUpdate(modelParamsRunOnly, sigDbxUpdates) } var pcrProfile []byte @@ -573,7 +573,7 @@ func updateRunProtectionProfile( func updateFallbackProtectionProfile( parameters *updatedParameters, pbc boot.PredictableBootChains, - sigDbxUpdate []byte, + sigDbxUpdates [][]byte, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -588,9 +588,9 @@ func updateFallbackProtectionProfile( return fmt.Errorf("at least one set of model-specific parameters is required") } - if len(sigDbxUpdate) > 0 { + if len(sigDbxUpdates) > 0 { logger.Debug("attaching DB update payload for fallback keys") - attachSignatureDbxUpdate(modelParams, sigDbxUpdate) + attachSignatureDbxUpdate(modelParams, sigDbxUpdates) } hasClassicModel := anyClassicModel(modelParams...) @@ -643,12 +643,12 @@ func ResealKeyForBootChains(manager FDEStateManager, method device.SealingMethod // boot chains and an optional signature DB update func ResealKeysForSignaturesDBUpdate( manager FDEStateManager, method device.SealingMethod, rootdir string, - params *boot.ResealKeyForBootChainsParams, dbUpdate []byte, + params *boot.ResealKeyForBootChainsParams, dbUpdate [][]byte, ) error { return resealKeys(manager, method, rootdir, resealInputs{ - bootChains: params.BootChains, - signatureDBUpdate: dbUpdate, + bootChains: params.BootChains, + signatureDBUpdates: dbUpdate, }, resealOptions{ ExpectReseal: true, @@ -664,8 +664,8 @@ func ResealKeysForSignaturesDBUpdate( } type resealInputs struct { - bootChains boot.BootChains - signatureDBUpdate []byte + bootChains boot.BootChains + signatureDBUpdates [][]byte } type resealOptions struct { @@ -701,12 +701,12 @@ func resealKeys( return doReseal(manager, rootdir, method == device.SealingMethodFDESetupHook, inputs, opts) } -func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, update []byte) { - if len(update) == 0 { +func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, updates [][]byte) { + if len(updates) == 0 { return } for _, p := range params { - p.EFISignatureDbxUpdate = update + p.EFISignatureDbxUpdates = updates } } diff --git a/overlord/fdestate/backend/reseal_test.go b/overlord/fdestate/backend/reseal_test.go index 46072f2aa02..b992453e275 100644 --- a/overlord/fdestate/backend/reseal_test.go +++ b/overlord/fdestate/backend/reseal_test.go @@ -2548,7 +2548,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { c.Assert(modelParams, HasLen, 1) // same DBX update paylad is included for both run and recovery keys - c.Assert(modelParams[0].EFISignatureDbxUpdate, DeepEquals, []byte("dbx-payload")) + c.Assert(modelParams[0].EFISignatureDbxUpdates, DeepEquals, [][]byte{[]byte("dbx-payload")}) return []byte(`"serialized-pcr-profile-with-dbx"`), nil }) @@ -2591,7 +2591,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { } err = backend.ResealKeysForSignaturesDBUpdate(myState, device.SealingMethodTPM, dirs.GlobalRootDir, - &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, []byte("dbx-payload")) + &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, [][]byte{[]byte("dbx-payload")}) c.Assert(err, IsNil) // reseal was called diff --git a/overlord/fdestate/export_test.go b/overlord/fdestate/export_test.go index 44e43f92297..2de93732501 100644 --- a/overlord/fdestate/export_test.go +++ b/overlord/fdestate/export_test.go @@ -63,7 +63,7 @@ func MockBackendResealKeyForBootChains(f func(manager backend.FDEStateManager, m return restore } -func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payload []byte) error) (restore func()) { +func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payloads [][]byte) error) (restore func()) { restore = testutil.Backup(&backendResealKeysForSignaturesDBUpdate) backendResealKeysForSignaturesDBUpdate = f return restore diff --git a/overlord/fdestate/fdemgr_test.go b/overlord/fdestate/fdemgr_test.go index f1f56ecfd28..7d4ec7826eb 100644 --- a/overlord/fdestate/fdemgr_test.go +++ b/overlord/fdestate/fdemgr_test.go @@ -118,7 +118,7 @@ func (s *fdeMgrSuite) SetUpTest(c *C) { panic("VerifyPrimaryKeyDigest is not mocked") })) s.AddCleanup(fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { panic("BackendResealKeysForSignaturesDBUpdate not mocked") })) s.AddCleanup(fdestate.MockSecbootGetPCRHandle(func(devicePath, keySlot, keyFile string, hintExpectFDEHook bool) (uint32, error) { diff --git a/overlord/fdestate/secure_boot_update.go b/overlord/fdestate/secure_boot_update.go index bdb0d720cb4..85868ac201d 100644 --- a/overlord/fdestate/secure_boot_update.go +++ b/overlord/fdestate/secure_boot_update.go @@ -67,7 +67,7 @@ func (db EFISecurebootKeyDatabase) String() string { // EFISecurebootDBUpdatePrepare notifies that the local EFI key // database manager is about to update the database. -func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, payload []byte) error { +func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, payloads [][]byte) error { method, err := device.SealedKeysMethod(dirs.GlobalRootDir) if err != nil { if err == device.ErrNoSealedKeys { @@ -87,7 +87,7 @@ func EFISecurebootDBUpdatePrepare(st *state.State, db EFISecurebootKeyDatabase, return err } - op, err := addEFISecurebootDBUpdateChange(st, method, db, payload) + op, err := addEFISecurebootDBUpdateChange(st, method, db, payloads) if err != nil { return err } @@ -234,9 +234,9 @@ func EFISecurebootDBManagerStartup(st *state.State) error { } type securebootUpdateContext struct { - Payload []byte `json:"payload"` - Method device.SealingMethod `json:"sealing-method"` - DB EFISecurebootKeyDatabase `json:"db"` + Payloads [][]byte `json:"payloads"` + Method device.SealingMethod `json:"sealing-method"` + DB EFISecurebootKeyDatabase `json:"db"` } // addEFISecurebootDBUpdateChange adds a state change related to the Secureboot @@ -245,7 +245,7 @@ func addEFISecurebootDBUpdateChange( st *state.State, method device.SealingMethod, db EFISecurebootKeyDatabase, - payload []byte, + payloads [][]byte, ) (*externalOperation, error) { // add a change carrying 2 tasks: // - efi-secureboot-db-update-prepare: with a noop do, but the undo handler @@ -269,9 +269,9 @@ func addEFISecurebootDBUpdateChange( chg.AddAll(ts) data, err := json.Marshal(securebootUpdateContext{ - Payload: payload, - Method: method, - DB: db, + Payloads: payloads, + Method: method, + DB: db, }) if err != nil { return nil, err @@ -368,7 +368,7 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To // TODO: are we logging too much? logger.Debugf("attempting reseal for Secureboot Key Database") logger.Debugf("boot chains: %v\n", bc) - logger.Debugf("Secureboot Key Database payload: %x", updateData.Payload) + logger.Debugf("Secureboot Key Database payload: %v", updateData.Payloads) params := &boot.ResealKeyForBootChainsParams{ BootChains: bc, @@ -379,7 +379,7 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To FDEManager: mgr, unlocker: st.Unlocker(), }, - updateData.Method, dirs.GlobalRootDir, params, updateData.Payload, + updateData.Method, dirs.GlobalRootDir, params, updateData.Payloads, ) }, updateData.Method) }() diff --git a/overlord/fdestate/secure_boot_update_test.go b/overlord/fdestate/secure_boot_update_test.go index 65775b871dc..0e511776c1d 100644 --- a/overlord/fdestate/secure_boot_update_test.go +++ b/overlord/fdestate/secure_boot_update_test.go @@ -56,7 +56,7 @@ func (s *fdeMgrSuite) testEFISecurebootNoSealedKeysForKind( // make sure the state is true c.Assert(err, Equals, device.ErrNoSealedKeys) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { panic("unexpected call") })() @@ -74,7 +74,7 @@ func (s *fdeMgrSuite) testEFISecurebootNoSealedKeysForKind( err = fdestate.EFISecurebootDBManagerStartup(st) c.Assert(err, IsNil) - err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) err = fdestate.EFISecurebootDBUpdateCleanup(st) @@ -105,7 +105,7 @@ func (s *fdeMgrSuite) TestEFISecurebootStartupClean(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { panic("unexpected call") })() @@ -140,12 +140,12 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealCalls++ c.Check(mgr, NotNil) c.Check(params.Options.RevokeOldKeys, Equals, false) c.Check(params.RunModeBootChains, HasLen, 1) - c.Check(update, DeepEquals, []byte("payload")) + c.Check(updates, DeepEquals, [][]byte{[]byte("payload")}) // normally executed by the backend code c.Check(mgr.Update("run", "default", &backend.SealingParameters{ @@ -160,7 +160,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -176,7 +176,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( Kind: "fde-efi-secureboot-db-update", ChangeID: "1", Context: []byte( - fmt.Sprintf(`{"payload":"cGF5bG9hZA==","sealing-method":"tpm","db":%d}`, kind)), + fmt.Sprintf(`{"payloads":["cGF5bG9hZA=="],"sealing-method":"tpm","db":%d}`, kind)), Status: fdestate.DoingStatus, }) c.Check(fdeSt.KeyslotRoles, DeepEquals, map[string]fdestate.KeyslotRoleInfo{ @@ -255,7 +255,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -265,7 +265,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -282,7 +282,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( err = func() error { st.Unlock() defer st.Lock() - return fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + return fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) }() c.Assert(err, DeepEquals, &snapstate.ChangeConflictError{ ChangeKind: "fde-efi-secureboot-db-update", @@ -323,7 +323,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictFDEChangeForKind( chg.AddTask(tsk) st.Unlock() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, ErrorMatches, "FDE change in progress, no other FDE changes allowed until this is done") } @@ -360,7 +360,7 @@ func (s *fdeMgrSuite) TestEFISecurebootPrepareConflictOperationNotInDoingYet(c * s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -430,14 +430,14 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSnapChangesForKind( c.Assert(rmTasks, NotNil) chg.AddAll(rmTasks) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { c.Fatalf("unexpected call") return fmt.Errorf("unexpected call") })() st.Unlock() defer st.Lock() - err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err = fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, DeepEquals, &snapstate.ChangeConflictError{ ChangeKind: "kernel-snap-remove", Snap: "pc-kernel", @@ -478,7 +478,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndCleanupRunningActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -507,7 +507,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndCleanupRunningActionForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -625,7 +625,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndUnexpectedStartupActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -654,7 +654,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndUnexpectedStartupActionForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -813,7 +813,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAbortForKind( resealForDBUpdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUpdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -831,7 +831,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAbortForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -947,7 +947,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateResealFailedAbortsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return fmt.Errorf("mock error") @@ -963,7 +963,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateResealFailedAbortsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, ErrorMatches, "(?sm).*cannot perform initial reseal of keys for Secureboot Key Database update: mock error.*") st.Lock() @@ -1035,7 +1035,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdatePostUpdateResealFailedForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1051,7 +1051,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdatePostUpdateResealFailedForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -1163,7 +1163,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateUndoResealFailsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1180,7 +1180,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateUndoResealFailsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() @@ -1276,7 +1276,7 @@ func (s *fdeMgrSuite) TestEFISecurebootCleanupNoChange(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { panic("unexpected call") })() @@ -1441,7 +1441,7 @@ func (s *fdeMgrSuite) testEFISecurebootOperationAddWaitForKind( st, device.SealingMethodTPM, kind, - []byte("payload 1"), + [][]byte{[]byte("payload 1")}, ) c.Assert(err, IsNil) @@ -1449,7 +1449,7 @@ func (s *fdeMgrSuite) testEFISecurebootOperationAddWaitForKind( st, device.SealingMethodTPM, kind, - []byte("payload 2"), + [][]byte{[]byte("payload 2")}, ) c.Assert(err, IsNil) @@ -1543,7 +1543,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictingSnapsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, update []byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1564,7 +1564,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictingSnapsForKind( s.o.Loop() defer s.o.Stop() - err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, []byte("payload")) + err := fdestate.EFISecurebootDBUpdatePrepare(st, kind, [][]byte{[]byte("payload")}) c.Assert(err, IsNil) st.Lock() diff --git a/secboot/secboot.go b/secboot/secboot.go index 8b6139f6ea6..b2f304c096c 100644 --- a/secboot/secboot.go +++ b/secboot/secboot.go @@ -113,7 +113,7 @@ type SealKeyModelParams struct { KernelCmdlines []string // TODO:FDEM: move this somewhere else? // The content of an update to EFI DBX - EFISignatureDbxUpdate []byte + EFISignatureDbxUpdates [][]byte } type TPMProvisionMode int diff --git a/secboot/secboot_sb_test.go b/secboot/secboot_sb_test.go index 8540cfe9f65..336bc457a1c 100644 --- a/secboot/secboot_sb_test.go +++ b/secboot/secboot_sb_test.go @@ -1477,7 +1477,7 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { expectedErr string oldKeyFiles bool buildProfileErr string - dbxUpdate []byte + dbxUpdates [][]byte revoke bool noDmaProtection bool // Preinstall check was used to determine for encryption availability at install time @@ -1490,11 +1490,11 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { // happy case with check result available on disk and AllowInsufficientDmaProtection true {tpmEnabled: true, resealCalls: 1, noDmaProtection: true, hasCheckResult: true}, // happy case with check result available on disk and DBX update - {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdate: []byte("dbx-update")}, + {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdates: [][]byte{[]byte("dbx-update")}}, // happy case with key files {tpmEnabled: true, keyDataInFile: true, usePrimaryKeyFile: true, resealCalls: 1}, // happy case with DBX update - {tpmEnabled: true, resealCalls: 1, dbxUpdate: []byte("dbx-update")}, + {tpmEnabled: true, resealCalls: 1, dbxUpdates: [][]byte{[]byte("dbx-update")}}, // happy case, old keys {tpmEnabled: true, resealCalls: 1, revokeCalls: 1, oldKeyFiles: true}, // happy case, revoke (new keys) @@ -1540,10 +1540,10 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { modelParams := []*secboot.SealKeyModelParams{ { - EFILoadChains: []*secboot.LoadChain{secboot.NewLoadChain(mockEFI)}, - KernelCmdlines: []string{"cmdline"}, - Model: &asserts.Model{}, - EFISignatureDbxUpdate: tc.dbxUpdate, + EFILoadChains: []*secboot.LoadChain{secboot.NewLoadChain(mockEFI)}, + KernelCmdlines: []string{"cmdline"}, + Model: &asserts.Model{}, + EFISignatureDbxUpdates: tc.dbxUpdates, }, } @@ -1589,12 +1589,11 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { ) } - var dbUpdateOption sb_efi.PCRProfileOption = sb_efi.WithSignatureDBUpdates() - if len(tc.dbxUpdate) > 0 { - dbUpdateOption = sb_efi.WithSignatureDBUpdates([]*sb_efi.SignatureDBUpdate{ - {Name: sb_efi.Dbx, Data: tc.dbxUpdate}, - }...) + var dbxUpdates []*sb_efi.SignatureDBUpdate + for _, u := range tc.dbxUpdates { + dbxUpdates = append(dbxUpdates, &sb_efi.SignatureDBUpdate{Name: sb_efi.Dbx, Data: u}) } + var dbUpdateOption sb_efi.PCRProfileOption = sb_efi.WithSignatureDBUpdates(dbxUpdates...) // add dbUpdateOption (applicable to both preinstall check based and legacy PCR configuration) expectedOptions = append( diff --git a/secboot/secboot_tpm.go b/secboot/secboot_tpm.go index 61265a5adf2..62094ce2a54 100644 --- a/secboot/secboot_tpm.go +++ b/secboot/secboot_tpm.go @@ -815,11 +815,13 @@ func buildPCRProtectionProfile(modelParams []*SealKeyModelParams, checkResult *P // all models have the same dbx data, get it from the first one var dbUpdates []*sb_efi.SignatureDBUpdate - if len(modelParams) > 0 && len(modelParams[0].EFISignatureDbxUpdate) > 0 { - dbUpdates = append(dbUpdates, &sb_efi.SignatureDBUpdate{ - Name: sb_efi.Dbx, - Data: modelParams[0].EFISignatureDbxUpdate, - }) + if len(modelParams) > 0 { + for _, update := range modelParams[0].EFISignatureDbxUpdates { + dbUpdates = append(dbUpdates, &sb_efi.SignatureDBUpdate{ + Name: sb_efi.Dbx, + Data: update, + }) + } } // build PCR protection policy @@ -884,10 +886,10 @@ func buildPCRProtectionProfileLegacy(modelParams []*SealKeyModelParams, allowIns for _, mp := range modelParams { var updateDB []*sb_efi.SignatureDBUpdate - if len(mp.EFISignatureDbxUpdate) > 0 { + for _, update := range mp.EFISignatureDbxUpdates { updateDB = append(updateDB, &sb_efi.SignatureDBUpdate{ Name: sb_efi.Dbx, - Data: mp.EFISignatureDbxUpdate, + Data: update, }) } From 13bc3bb8864a0d209fec7146e74f897325930a17 Mon Sep 17 00:00:00 2001 From: Valentin David Date: Wed, 4 Feb 2026 13:04:06 +0100 Subject: [PATCH 30/41] overlord/fdestate/secure_boot_update.go: forward correct key database to secboot --- daemon/api_system_secureboot.go | 4 +- daemon/api_system_secureboot_test.go | 50 ++++++++++++++++---- overlord/fdestate/backend/reseal.go | 10 ++-- overlord/fdestate/backend/reseal_test.go | 4 +- overlord/fdestate/export_test.go | 2 +- overlord/fdestate/fdemgr_test.go | 2 +- overlord/fdestate/secure_boot_update.go | 22 ++++++++- overlord/fdestate/secure_boot_update_test.go | 41 ++++++++++------ secboot/secboot.go | 16 ++++++- secboot/secboot_sb_test.go | 20 ++++++-- secboot/secboot_tpm.go | 31 ++++++++++-- 11 files changed, 158 insertions(+), 44 deletions(-) diff --git a/daemon/api_system_secureboot.go b/daemon/api_system_secureboot.go index 8a2dfee3c43..6cb08111caa 100644 --- a/daemon/api_system_secureboot.go +++ b/daemon/api_system_secureboot.go @@ -116,7 +116,7 @@ func (r *securebootRequest) Validate() error { } if len(r.Payload) == 0 && len(r.Payloads) == 0 { - return errors.New("payload not provided") + return errors.New("update payload not provided") } if len(r.Payload) != 0 && len(r.Payloads) != 0 { return errors.New("both single payload and multiple payloads provided") @@ -162,7 +162,7 @@ func postSystemActionEFISecurebootUpdateDBPrepare(c *Command, req *securebootReq var payloads [][]byte switch { case len(req.Payload) != 0 && len(req.Payloads) != 0: - return BadRequest("cannot use both single payload and multiple payloads were provided") + return BadRequest("cannot use both single payload and multiple payloads") case len(req.Payload) != 0: payload, err := base64.StdEncoding.DecodeString(req.Payload) if err != nil { diff --git a/daemon/api_system_secureboot_test.go b/daemon/api_system_secureboot_test.go index 318ee3b6fcf..13e17fe1c6a 100644 --- a/daemon/api_system_secureboot_test.go +++ b/daemon/api_system_secureboot_test.go @@ -215,23 +215,37 @@ func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareBadPayloadDBX(c func (s *systemSecurebootSuite) testEFISecurebootUpdateDBPrepareHappyForKind( c *C, kind fdestate.EFISecurebootKeyDatabase, + multiplePayloads bool, ) { s.daemon(c) updatePrepareCalls := 0 s.AddCleanup(daemon.MockFdestateEFISecurebootDBUpdatePrepare(func(st *state.State, db fdestate.EFISecurebootKeyDatabase, payloads [][]byte) error { c.Check(db, Equals, kind) - c.Check(payloads, DeepEquals, [][]byte{[]byte("payload")}) + if multiplePayloads { + c.Check(payloads, DeepEquals, [][]byte{[]byte("payload2"), []byte("payload3")}) + } else { + c.Check(payloads, DeepEquals, [][]byte{[]byte("payload")}) + } updatePrepareCalls++ return nil })) updateKindStr := kind.String() - body, err := json.Marshal(map[string]any{ + bodyRaw := map[string]any{ "action": "efi-secureboot-update-db-prepare", "key-database": updateKindStr, - "payload": base64.StdEncoding.EncodeToString([]byte("payload")), - }) + } + if multiplePayloads { + bodyRaw["payloads"] = []string{ + base64.StdEncoding.EncodeToString([]byte("payload2")), + base64.StdEncoding.EncodeToString([]byte("payload3")), + } + } else { + bodyRaw["payload"] = base64.StdEncoding.EncodeToString([]byte("payload")) + } + + body, err := json.Marshal(bodyRaw) c.Assert(err, IsNil) req, err := http.NewRequest("POST", "/v2/system-secureboot", bytes.NewReader(body)) c.Assert(err, IsNil) @@ -245,16 +259,28 @@ func (s *systemSecurebootSuite) testEFISecurebootUpdateDBPrepareHappyForKind( } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyPK(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyPKMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootPK, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyKEK(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyKEKMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootKEK, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDB(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDB, true) } func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBX(c *C) { - s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX) + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX, false) +} +func (s *systemSecurebootSuite) TestEFISecurebootUpdateDBPrepareHappyDBXMultiple(c *C) { + s.testEFISecurebootUpdateDBPrepareHappyForKind(c, fdestate.EFISecurebootDBX, true) } func (s *systemSecurebootSuite) TestSecurebootRequestValidate(c *C) { @@ -287,6 +313,14 @@ func (s *systemSecurebootSuite) TestSecurebootRequestValidate(c *C) { } c.Check(r.Validate(), ErrorMatches, `update payload not provided`) + r = daemon.SecurebootRequest{ + Action: "efi-secureboot-update-db-prepare", + Payload: "MAo=", + Payloads: []string{"MQo=", "Mgo="}, + KeyDatabase: "DBX", + } + c.Check(r.Validate(), ErrorMatches, `both single payload and multiple payloads provided`) + // valid for _, r := range []daemon.SecurebootRequest{{ Action: "efi-secureboot-update-db-prepare", diff --git a/overlord/fdestate/backend/reseal.go b/overlord/fdestate/backend/reseal.go index 0d43f4c2a02..5ad6e1f2114 100644 --- a/overlord/fdestate/backend/reseal.go +++ b/overlord/fdestate/backend/reseal.go @@ -504,7 +504,7 @@ func anyClassicModel(params ...*secboot.SealKeyModelParams) bool { func updateRunProtectionProfile( parameters *updatedParameters, pbcRunOnly, pbcWithRecovery boot.PredictableBootChains, - sigDbxUpdates [][]byte, + sigDbxUpdates []secboot.DbUpdate, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -573,7 +573,7 @@ func updateRunProtectionProfile( func updateFallbackProtectionProfile( parameters *updatedParameters, pbc boot.PredictableBootChains, - sigDbxUpdates [][]byte, + sigDbxUpdates []secboot.DbUpdate, roleToBlName map[bootloader.Role]string, checkResult *secboot.PreinstallCheckResult, ) error { @@ -643,7 +643,7 @@ func ResealKeyForBootChains(manager FDEStateManager, method device.SealingMethod // boot chains and an optional signature DB update func ResealKeysForSignaturesDBUpdate( manager FDEStateManager, method device.SealingMethod, rootdir string, - params *boot.ResealKeyForBootChainsParams, dbUpdate [][]byte, + params *boot.ResealKeyForBootChainsParams, dbUpdate []secboot.DbUpdate, ) error { return resealKeys(manager, method, rootdir, resealInputs{ @@ -665,7 +665,7 @@ func ResealKeysForSignaturesDBUpdate( type resealInputs struct { bootChains boot.BootChains - signatureDBUpdates [][]byte + signatureDBUpdates []secboot.DbUpdate } type resealOptions struct { @@ -701,7 +701,7 @@ func resealKeys( return doReseal(manager, rootdir, method == device.SealingMethodFDESetupHook, inputs, opts) } -func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, updates [][]byte) { +func attachSignatureDbxUpdate(params []*secboot.SealKeyModelParams, updates []secboot.DbUpdate) { if len(updates) == 0 { return } diff --git a/overlord/fdestate/backend/reseal_test.go b/overlord/fdestate/backend/reseal_test.go index b992453e275..434905b5540 100644 --- a/overlord/fdestate/backend/reseal_test.go +++ b/overlord/fdestate/backend/reseal_test.go @@ -2548,7 +2548,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { c.Assert(modelParams, HasLen, 1) // same DBX update paylad is included for both run and recovery keys - c.Assert(modelParams[0].EFISignatureDbxUpdates, DeepEquals, [][]byte{[]byte("dbx-payload")}) + c.Assert(modelParams[0].EFISignatureDbxUpdates, DeepEquals, []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-payload")}}) return []byte(`"serialized-pcr-profile-with-dbx"`), nil }) @@ -2591,7 +2591,7 @@ func (s *resealTestSuite) TestResealKeyForSignatureDBUpdate(c *C) { } err = backend.ResealKeysForSignaturesDBUpdate(myState, device.SealingMethodTPM, dirs.GlobalRootDir, - &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, [][]byte{[]byte("dbx-payload")}) + &boot.ResealKeyForBootChainsParams{BootChains: bootChains}, []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-payload")}}) c.Assert(err, IsNil) // reseal was called diff --git a/overlord/fdestate/export_test.go b/overlord/fdestate/export_test.go index 2de93732501..b77051ce73b 100644 --- a/overlord/fdestate/export_test.go +++ b/overlord/fdestate/export_test.go @@ -63,7 +63,7 @@ func MockBackendResealKeyForBootChains(f func(manager backend.FDEStateManager, m return restore } -func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payloads [][]byte) error) (restore func()) { +func MockBackendResealKeysForSignaturesDBUpdate(f func(updateState backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, payloads []secboot.DbUpdate) error) (restore func()) { restore = testutil.Backup(&backendResealKeysForSignaturesDBUpdate) backendResealKeysForSignaturesDBUpdate = f return restore diff --git a/overlord/fdestate/fdemgr_test.go b/overlord/fdestate/fdemgr_test.go index 7d4ec7826eb..9d872b2dbe3 100644 --- a/overlord/fdestate/fdemgr_test.go +++ b/overlord/fdestate/fdemgr_test.go @@ -118,7 +118,7 @@ func (s *fdeMgrSuite) SetUpTest(c *C) { panic("VerifyPrimaryKeyDigest is not mocked") })) s.AddCleanup(fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("BackendResealKeysForSignaturesDBUpdate not mocked") })) s.AddCleanup(fdestate.MockSecbootGetPCRHandle(func(devicePath, keySlot, keyFile string, hintExpectFDEHook bool) (uint32, error) { diff --git a/overlord/fdestate/secure_boot_update.go b/overlord/fdestate/secure_boot_update.go index 85868ac201d..2233d93b993 100644 --- a/overlord/fdestate/secure_boot_update.go +++ b/overlord/fdestate/secure_boot_update.go @@ -33,6 +33,7 @@ import ( "github.com/snapcore/snapd/overlord/snapstate" "github.com/snapcore/snapd/overlord/state" "github.com/snapcore/snapd/overlord/swfeats" + "github.com/snapcore/snapd/secboot" ) var ( @@ -361,6 +362,25 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To return fmt.Errorf("cannot unmarshal Secureboot Key Database context data: %v", err) } + var database secboot.KeyDatabase + switch updateData.DB { + case EFISecurebootPK: + database = secboot.KeyDatabasePK + case EFISecurebootKEK: + database = secboot.KeyDatabaseKEK + case EFISecurebootDB: + database = secboot.KeyDatabaseDB + case EFISecurebootDBX: + database = secboot.KeyDatabaseDBX + default: + return fmt.Errorf("unknown key database %v", updateData.DB) + } + + var updates []secboot.DbUpdate + for _, payload := range updateData.Payloads { + updates = append(updates, secboot.DbUpdate{Database: database, Payload: payload}) + } + err = func() error { mgr := fdeMgr(st) @@ -379,7 +399,7 @@ func (m *FDEManager) doEFISecurebootDBUpdatePrepare(t *state.Task, tomb *tomb.To FDEManager: mgr, unlocker: st.Unlocker(), }, - updateData.Method, dirs.GlobalRootDir, params, updateData.Payloads, + updateData.Method, dirs.GlobalRootDir, params, updates, ) }, updateData.Method) }() diff --git a/overlord/fdestate/secure_boot_update_test.go b/overlord/fdestate/secure_boot_update_test.go index 0e511776c1d..4fd60a78667 100644 --- a/overlord/fdestate/secure_boot_update_test.go +++ b/overlord/fdestate/secure_boot_update_test.go @@ -56,7 +56,7 @@ func (s *fdeMgrSuite) testEFISecurebootNoSealedKeysForKind( // make sure the state is true c.Assert(err, Equals, device.ErrNoSealedKeys) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -105,7 +105,7 @@ func (s *fdeMgrSuite) TestEFISecurebootStartupClean(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -140,12 +140,23 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareHappyForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(mgr, NotNil) c.Check(params.Options.RevokeOldKeys, Equals, false) c.Check(params.RunModeBootChains, HasLen, 1) - c.Check(updates, DeepEquals, [][]byte{[]byte("payload")}) + var expectedDatabase secboot.KeyDatabase + switch kind { + case fdestate.EFISecurebootPK: + expectedDatabase = secboot.KeyDatabasePK + case fdestate.EFISecurebootKEK: + expectedDatabase = secboot.KeyDatabaseKEK + case fdestate.EFISecurebootDB: + expectedDatabase = secboot.KeyDatabaseDB + case fdestate.EFISecurebootDBX: + expectedDatabase = secboot.KeyDatabaseDBX + } + c.Check(updates, DeepEquals, []secboot.DbUpdate{{Database: expectedDatabase, Payload: []byte("payload")}}) // normally executed by the backend code c.Check(mgr.Update("run", "default", &backend.SealingParameters{ @@ -255,7 +266,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSelfForKind( s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -360,7 +371,7 @@ func (s *fdeMgrSuite) TestEFISecurebootPrepareConflictOperationNotInDoingYet(c * s.mockDeviceInState(model, "run") resealCalls := 0 - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -430,7 +441,7 @@ func (s *fdeMgrSuite) testEFISecurebootPrepareConflictSnapChangesForKind( c.Assert(rmTasks, NotNil) chg.AddAll(rmTasks) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { c.Fatalf("unexpected call") return fmt.Errorf("unexpected call") })() @@ -478,7 +489,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndCleanupRunningActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -625,7 +636,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAndUnexpectedStartupActionForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) // normally executed by the backend code @@ -813,7 +824,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateAbortForKind( resealForDBUpdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUpdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -947,7 +958,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateResealFailedAbortsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return fmt.Errorf("mock error") @@ -1035,7 +1046,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdatePostUpdateResealFailedForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1163,7 +1174,7 @@ func (s *fdeMgrSuite) testEFISecurebootUpdateUndoResealFailsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil @@ -1276,7 +1287,7 @@ func (s *fdeMgrSuite) TestEFISecurebootCleanupNoChange(c *C) { onClassic := true s.startedManager(c, onClassic) - defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + defer fdestate.MockBackendResealKeysForSignaturesDBUpdate(func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { panic("unexpected call") })() @@ -1543,7 +1554,7 @@ func (s *fdeMgrSuite) testEFISecurebootConflictingSnapsForKind( resealForDBUPdateCalls := 0 resealForBootChainsCalls := 0 defer fdestate.MockBackendResealKeysForSignaturesDBUpdate( - func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates [][]byte) error { + func(mgr backend.FDEStateManager, method device.SealingMethod, rootdir string, params *boot.ResealKeyForBootChainsParams, updates []secboot.DbUpdate) error { resealForDBUPdateCalls++ c.Check(params.Options.RevokeOldKeys, Equals, false) return nil diff --git a/secboot/secboot.go b/secboot/secboot.go index b2f304c096c..1ee46b5f726 100644 --- a/secboot/secboot.go +++ b/secboot/secboot.go @@ -102,6 +102,20 @@ type ModelForSealing interface { SignKeyID() string } +type KeyDatabase int + +const ( + KeyDatabasePK KeyDatabase = iota + KeyDatabaseKEK + KeyDatabaseDB + KeyDatabaseDBX +) + +type DbUpdate struct { + Database KeyDatabase + Payload []byte +} + // TODO:FDEM: rename and drop Model from the name? type SealKeyModelParams struct { // The snap model @@ -113,7 +127,7 @@ type SealKeyModelParams struct { KernelCmdlines []string // TODO:FDEM: move this somewhere else? // The content of an update to EFI DBX - EFISignatureDbxUpdates [][]byte + EFISignatureDbxUpdates []DbUpdate } type TPMProvisionMode int diff --git a/secboot/secboot_sb_test.go b/secboot/secboot_sb_test.go index 336bc457a1c..cb88cb2529b 100644 --- a/secboot/secboot_sb_test.go +++ b/secboot/secboot_sb_test.go @@ -39,6 +39,7 @@ import ( "strings" "time" + efilib "github.com/canonical/go-efilib" "github.com/canonical/go-tpm2" "github.com/canonical/go-tpm2/linux" "github.com/canonical/go-tpm2/mu" @@ -1477,7 +1478,7 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { expectedErr string oldKeyFiles bool buildProfileErr string - dbxUpdates [][]byte + dbxUpdates []secboot.DbUpdate revoke bool noDmaProtection bool // Preinstall check was used to determine for encryption availability at install time @@ -1490,11 +1491,11 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { // happy case with check result available on disk and AllowInsufficientDmaProtection true {tpmEnabled: true, resealCalls: 1, noDmaProtection: true, hasCheckResult: true}, // happy case with check result available on disk and DBX update - {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdates: [][]byte{[]byte("dbx-update")}}, + {tpmEnabled: true, resealCalls: 1, hasCheckResult: true, dbxUpdates: []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-update")}}}, // happy case with key files {tpmEnabled: true, keyDataInFile: true, usePrimaryKeyFile: true, resealCalls: 1}, // happy case with DBX update - {tpmEnabled: true, resealCalls: 1, dbxUpdates: [][]byte{[]byte("dbx-update")}}, + {tpmEnabled: true, resealCalls: 1, dbxUpdates: []secboot.DbUpdate{{Database: secboot.KeyDatabaseDBX, Payload: []byte("dbx-update")}}}, // happy case, old keys {tpmEnabled: true, resealCalls: 1, revokeCalls: 1, oldKeyFiles: true}, // happy case, revoke (new keys) @@ -1591,7 +1592,18 @@ func (s *secbootSuite) TestResealKeysWithTPM(c *C) { var dbxUpdates []*sb_efi.SignatureDBUpdate for _, u := range tc.dbxUpdates { - dbxUpdates = append(dbxUpdates, &sb_efi.SignatureDBUpdate{Name: sb_efi.Dbx, Data: u}) + var db efilib.VariableDescriptor + switch u.Database { + case secboot.KeyDatabasePK: + db = sb_efi.PK + case secboot.KeyDatabaseKEK: + db = sb_efi.KEK + case secboot.KeyDatabaseDB: + db = sb_efi.Db + case secboot.KeyDatabaseDBX: + db = sb_efi.Dbx + } + dbxUpdates = append(dbxUpdates, &sb_efi.SignatureDBUpdate{Name: db, Data: u.Payload}) } var dbUpdateOption sb_efi.PCRProfileOption = sb_efi.WithSignatureDBUpdates(dbxUpdates...) diff --git a/secboot/secboot_tpm.go b/secboot/secboot_tpm.go index 62094ce2a54..1ca9482f999 100644 --- a/secboot/secboot_tpm.go +++ b/secboot/secboot_tpm.go @@ -30,6 +30,7 @@ import ( "path/filepath" "strings" + efilib "github.com/canonical/go-efilib" "github.com/canonical/go-tpm2" "github.com/canonical/go-tpm2/mu" sb "github.com/snapcore/secboot" @@ -817,9 +818,20 @@ func buildPCRProtectionProfile(modelParams []*SealKeyModelParams, checkResult *P var dbUpdates []*sb_efi.SignatureDBUpdate if len(modelParams) > 0 { for _, update := range modelParams[0].EFISignatureDbxUpdates { + var db efilib.VariableDescriptor + switch update.Database { + case KeyDatabasePK: + db = sb_efi.PK + case KeyDatabaseKEK: + db = sb_efi.KEK + case KeyDatabaseDB: + db = sb_efi.Db + case KeyDatabaseDBX: + db = sb_efi.Dbx + } dbUpdates = append(dbUpdates, &sb_efi.SignatureDBUpdate{ - Name: sb_efi.Dbx, - Data: update, + Name: db, + Data: update.Payload, }) } } @@ -887,9 +899,20 @@ func buildPCRProtectionProfileLegacy(modelParams []*SealKeyModelParams, allowIns var updateDB []*sb_efi.SignatureDBUpdate for _, update := range mp.EFISignatureDbxUpdates { + var db efilib.VariableDescriptor + switch update.Database { + case KeyDatabasePK: + db = sb_efi.PK + case KeyDatabaseKEK: + db = sb_efi.KEK + case KeyDatabaseDB: + db = sb_efi.Db + case KeyDatabaseDBX: + db = sb_efi.Dbx + } updateDB = append(updateDB, &sb_efi.SignatureDBUpdate{ - Name: sb_efi.Dbx, - Data: update, + Name: db, + Data: update.Payload, }) } From 4c6f82c27cd4344d3137ba48c84574b6d8b61120 Mon Sep 17 00:00:00 2001 From: Valentin David Date: Wed, 4 Feb 2026 13:12:03 +0100 Subject: [PATCH 31/41] overlord/fdestate/secure_boot_update.go: force reseal on cleanup This is needed otherwise cache will see that no update is needed, and booting with old keys would still work until we actually update kernel. --- overlord/fdestate/secure_boot_update.go | 1 + 1 file changed, 1 insertion(+) diff --git a/overlord/fdestate/secure_boot_update.go b/overlord/fdestate/secure_boot_update.go index 2233d93b993..399992cfc54 100644 --- a/overlord/fdestate/secure_boot_update.go +++ b/overlord/fdestate/secure_boot_update.go @@ -331,6 +331,7 @@ func postUpdateReseal(mgr *FDEManager, unlocker boot.Unlocker, method device.Sea Options: boot.ResealKeyToModeenvOptions{ ExpectReseal: true, RevokeOldKeys: true, + Force: true, }, } return mgr.resealKeyForBootChains(unlocker, method, dirs.GlobalRootDir, params) From 929ca404868afd70a8e4adb26b78590ceeda2953 Mon Sep 17 00:00:00 2001 From: Maciej Borzecki Date: Thu, 5 Feb 2026 17:20:39 +0100 Subject: [PATCH 32/41] interfaces/seccomp: allow memfd_secret (#16545) * interfaces/seccomp: allow memfd_secret Allow memfd_secret system call which is generally useful for creating memory regions that have stronger protection than RAM based files created with memfd_create or anonymous mmap() mappings. Signed-off-by: Maciej Borzecki * tests/main/template-memfd: spread test Signed-off-by: Maciej Borzecki --------- Signed-off-by: Maciej Borzecki --- interfaces/seccomp/template.go | 1 + tests/main/template-memfd/memfd.c | 63 +++++++++++++++++++++++++++++ tests/main/template-memfd/task.yaml | 44 ++++++++++++++++++++ 3 files changed, 108 insertions(+) create mode 100644 tests/main/template-memfd/memfd.c create mode 100644 tests/main/template-memfd/task.yaml diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go index 228c7b1ea4b..0276ee24b21 100644 --- a/interfaces/seccomp/template.go +++ b/interfaces/seccomp/template.go @@ -265,6 +265,7 @@ arm_fadvise64_64 mbind membarrier memfd_create +memfd_secret mincore mkdir mkdirat diff --git a/tests/main/template-memfd/memfd.c b/tests/main/template-memfd/memfd.c new file mode 100644 index 00000000000..fe770aa3a35 --- /dev/null +++ b/tests/main/template-memfd/memfd.c @@ -0,0 +1,63 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include /* SYS_* constants */ +#include + +static int memfd_secret(unsigned int flags) { return syscall(SYS_memfd_secret, flags); } + +static void fd_close(int *fd) { + if (fd != NULL && *fd >= 0) { + close(*fd); + *fd = -1; + } +} + +int main(int argc, char *argv[]) { + if (argc != 2) { + fprintf(stderr, "usage: %s [secret|create]\n", argv[0]); + return 1; + } + + int fd __attribute__((cleanup(fd_close))) = -1; + if (strcmp(argv[1], "secret") == 0) { + fd = memfd_secret(0); + } else if (strcmp(argv[1], "create") == 0) { + fd = memfd_create("test", 0); + } else { + fprintf(stderr, "incorrect mode: '%s'\n", argv[1]); + return 1; + } + + if (fd < 0) { + perror("memfd"); + return 1; + } + + if (ftruncate(fd, 1024) != 0) { + perror("ftruncate failed"); + return 1; + } + + const char canary[] = "hello"; + size_t canary_len = strlen(canary); + + void *addr = mmap(NULL, canary_len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (addr == NULL) { + perror("map"); + return 1; + } + + fd_close(&fd); + + strncpy(addr, canary, canary_len); + + if (strcmp(addr, canary) != 0) { + fprintf(stderr, "unexpected data\n"); + return 1; + } + return 0; +} diff --git a/tests/main/template-memfd/task.yaml b/tests/main/template-memfd/task.yaml new file mode 100644 index 00000000000..e78bfb23d46 --- /dev/null +++ b/tests/main/template-memfd/task.yaml @@ -0,0 +1,44 @@ +summary: Verify access to memfd_create and memfd_secret + +details: | + Verify access to memfd_create and memfd_secret for snaps. + +systems: + # UC: cannot use gcc + - -ubuntu-core-* + # no support at all for either syscall + - -ubuntu-20.04-* + - -ubuntu-18.04-* + - -ubuntu-16.04-* + - -amazon-linux-2-* + +environment: + MODE/secret: "secret" + MODE/create: "create" + +skip: + - reason: "Unsupported by host kernel" + if: | + case "$MODE/$SPREAD_SYSTEM" in + secret/debian-12-*|secret/ubuntu-22.04-*|secret/centos-9-*|secret/opensuse-15.6-*) + # supports memfd_create, but not memfd_secret, fallthrough + ;& + secret/amazon-linux-2023-*) + # supports memfd_create, but not memfd_secret + exit 0 + ;; + *) + exit 1 + ;; + esac + +prepare: | + "$TESTSTOOLS"/snaps-state install-local test-snapd-sh-core24 + + gcc -o memfd -Wall -Wextra memfd.c + cp -v memfd /var/snap/test-snapd-sh-core24/common/ + +execute: | + # these should not fail, unless it's unsupported system call + # shellcheck disable=SC2016 + test-snapd-sh-core24.sh -c "\$SNAP_COMMON/memfd $MODE" From 104ce5ac0df38bfbe5c96d528e0be5817f490a9a Mon Sep 17 00:00:00 2001 From: Ernest Lotter Date: Wed, 4 Feb 2026 15:01:49 +0200 Subject: [PATCH 33/41] tests: increase nested 24/26 disk size to 30GB (#16548) --- spread.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spread.yaml b/spread.yaml index 55167e3d30e..ddc2f7c4686 100644 --- a/spread.yaml +++ b/spread.yaml @@ -332,11 +332,11 @@ backends: workers: 14 - ubuntu-24.04-64: image: ubuntu-2404-64-virt-enabled - storage: 25G + storage: 30G workers: 14 - ubuntu-26.04-64: image: ubuntu-2604-64-virt-enabled - storage: 25G + storage: 30G workers: 14 google-nested-arm: @@ -496,11 +496,11 @@ backends: workers: 12 - ubuntu-24.04-64: image: snapd-spread/ubuntu-24.04-64 - storage: 25G + storage: 30G workers: 12 - ubuntu-26.04-64: image: snapd-spread/ubuntu-26.04-64 - storage: 25G + storage: 30G workers: 12 openstack-validation: From 514496bab9f6307e1a5c2cccf2f3bca06e6d0d5d Mon Sep 17 00:00:00 2001 From: Ernest Lotter Date: Thu, 5 Feb 2026 13:32:38 +0200 Subject: [PATCH 34/41] tests/main, tests/upgrade, : fix main/snap-ns-forward-compat, main/upgrade-from-release, upgrade/basic (#16555) * tests/main/upgrade-from-release: updated resolute snapd release to 2.74 * tests/upgrade/basic: adapt for snap-confine binary package that was removed from snapd source package --- tests/main/upgrade-from-release/task.yaml | 3 ++- tests/upgrade/basic/task.yaml | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/main/upgrade-from-release/task.yaml b/tests/main/upgrade-from-release/task.yaml index d68ab69adb9..bfd828b5c65 100644 --- a/tests/main/upgrade-from-release/task.yaml +++ b/tests/main/upgrade-from-release/task.yaml @@ -41,8 +41,9 @@ execute: | apt update -qq fi + # TODO: add automatic package lookup - manual list maintenance is impractical declare -A EXPECTED_SNAPD_VERSIONS=( - ["26.04"]='2.73\+ubuntu26.04' + ["26.04"]='2.74\+ubuntu26.04' ["25.10"]='2.73\+ubuntu25.10' ["24.04"]='2.62\+24.04' ["22.04"]='2.55.3\+22.04' diff --git a/tests/upgrade/basic/task.yaml b/tests/upgrade/basic/task.yaml index f0fe935c5fd..7b5d4f2897f 100644 --- a/tests/upgrade/basic/task.yaml +++ b/tests/upgrade/basic/task.yaml @@ -48,7 +48,7 @@ execute: | esac echo "Install previous snapd version from the store" - distro_install_package snap-confine snapd + distro_install_package snapd case "$SPREAD_SYSTEM" in arch-*|centos-*) @@ -108,8 +108,8 @@ execute: | if os.query is-arch-linux; then # Arch's pacman is a bit funky here, the command that's run is: # pacman -U --noconfirm --force /home/gopath/snapd-*.pkg.tar.xz - # The official repo package contains snapd and snap-confine. The local test package - # conflicts with snap-confine, thus pacman will ask to remove snap-confine, displaying + # The official repo package contains snapd and snap-confine (up to snapd < 2.74). The local + # test package conflicts with snap-confine, thus pacman will ask to remove snap-confine, displaying # a question, but at the same time it completely ignores --noconfirm and aborts the upgrade. # As a workaround, drop --noconfirm and pass 'y' to all the questions. yes | pacman -U "$GOHOME"/snap*."$pkg_extension" From f964d3eb0972903e246972e75fcb1c7ff412120a Mon Sep 17 00:00:00 2001 From: Katie May Date: Fri, 6 Feb 2026 13:45:28 +0100 Subject: [PATCH 35/41] tests: skip i18n test on noble (#16560) --- tests/main/i18n/task.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/main/i18n/task.yaml b/tests/main/i18n/task.yaml index ab65df8a170..157ccd6d614 100644 --- a/tests/main/i18n/task.yaml +++ b/tests/main/i18n/task.yaml @@ -7,7 +7,7 @@ details: | systems: [-debian-sid-*] skip: - - if: os.query is_resolute + - if: os.query is_resolute || os.query is_noble reason: The Latvian translation is missing <> and causing the test to fail. Once that is fixed, the test should be renabled (in SNAPDENG-36202). restore: | From 0a484a3009d0c5b2651c6e4f2f4982d0f796339d Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Thu, 22 Jan 2026 13:26:25 +0100 Subject: [PATCH 36/41] interfaces/seccomp: allow pidfd_open syscall The pidfd_open(2) system call allows obtaining a file descriptor that refers to a process. This is useful for process management and is used by modern applications and libraries. This change adds pidfd_open to the default seccomp template, allowing all snaps to use this syscall. The syscall is placed logically with other process-related syscalls like getpid and getppid. Signed-off-by: Zygmunt Krynicki Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- interfaces/seccomp/template.go | 1 + 1 file changed, 1 insertion(+) diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go index 0276ee24b21..690606615b4 100644 --- a/interfaces/seccomp/template.go +++ b/interfaces/seccomp/template.go @@ -182,6 +182,7 @@ getpgid getpgrp getpid getppid +pidfd_open getpriority getrandom getresgid From f157ce85ece06c2052c7422d2f312ca0aa36e79b Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Mon, 2 Feb 2026 10:01:12 +0100 Subject: [PATCH 37/41] interfaces/seccomp: explain why we allow pidfd_open Signed-off-by: Zygmunt Krynicki --- interfaces/seccomp/template.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go index 690606615b4..08cbcbe8a4a 100644 --- a/interfaces/seccomp/template.go +++ b/interfaces/seccomp/template.go @@ -182,6 +182,12 @@ getpgid getpgrp getpid getppid +# Note that pidfd_open semantics differs from the traditional pid handling. +# Any process can open the pid of any other process in its pid namespace. What +# is further controlled depends on the relationship between the two processes +# and the capabilities of the calling process. Because of this, we allow +# pidfd_open unconditionally here and rely on the kernel to enforce proper +# access control. pidfd_open getpriority getrandom From 0edef06cc6d6d0710a904ce12f80b6f0126b81f0 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Thu, 22 Jan 2026 13:39:31 +0100 Subject: [PATCH 38/41] tests: add test for pidfd_open A new integration test is included that: - Compiles a C program testing pidfd_open - Creates a test snap using snap pack - Verifies the syscall is allowed by the seccomp profile - Runs on all classic systems (excluding ubuntu-core without gcc) Signed-off-by: Zygmunt Krynicki --- .../template-seccomp-pidfd-open/task.yaml | 57 +++++++++++++++++++ .../test-pidfd-open.c | 36 ++++++++++++ .../test-snapd-pidfd-open/meta/snap.yaml | 10 ++++ 3 files changed, 103 insertions(+) create mode 100644 tests/main/template-seccomp-pidfd-open/task.yaml create mode 100644 tests/main/template-seccomp-pidfd-open/test-pidfd-open.c create mode 100644 tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml diff --git a/tests/main/template-seccomp-pidfd-open/task.yaml b/tests/main/template-seccomp-pidfd-open/task.yaml new file mode 100644 index 00000000000..ff9e2a0707a --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/task.yaml @@ -0,0 +1,57 @@ +summary: Ensure that pidfd_open syscall is allowed by default seccomp profile + +details: | + The pidfd_open(2) system call allows obtaining a file descriptor that refers + to a process. This test verifies that the syscall is allowed by the default + seccomp profile for all snaps. + +systems: + # Exclude ubuntu-core systems as they don't have gcc + - -ubuntu-core-* + # Too old to support pidfd_open + - -ubuntu-16.04-* + - -ubuntu-18.04-* + - -centos-9-* + - -amazon-linux-2-* + - -amazon-linux-2023-* + +prepare: | + echo "Compile the test program on the host" + # Build the test binary statically, as it will be running inside a base with + # potentially older glibc. + mkdir -p test-snapd-pidfd-open/bin + gcc -Wall -Wextra -Werror test-pidfd-open.c -o test-snapd-pidfd-open/bin/test-pidfd-open -static + + echo "Create the snap package" + snap pack test-snapd-pidfd-open + + echo "Install the test snap" + snap install --dangerous test-snapd-pidfd-open_1.0_*.snap + +restore: | + snap remove --purge test-snapd-pidfd-open || true + rm -f test-snapd-pidfd-open_1.0_*.snap + +execute: | + echo "Test that pidfd_open is allowed from within the snap" + # The test program will: + # - Return 0 and print "success" if pidfd_open works + # - Return 0 and print "not supported" if kernel doesn't support it + # - Return 1 if it's blocked by seccomp + output=$(snap run test-snapd-pidfd-open 2>&1) + echo "$output" + + # Check that it's either successful or not supported by kernel, + # but not blocked by seccomp + if echo "$output" | grep -q "blocked"; then + echo "FAIL: pidfd_open was blocked by seccomp" + exit 1 + fi + + if echo "$output" | grep -qE "(success|not supported)"; then + echo "PASS: pidfd_open is allowed or not supported by kernel" + exit 0 + fi + + echo "FAIL: Unexpected output from test program" + exit 1 diff --git a/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c new file mode 100644 index 00000000000..e57802e99c3 --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c @@ -0,0 +1,36 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include + +int main(void) { + pid_t pid; + int fd; + + // Get our own PID + pid = getpid(); + printf("Testing pidfd_open with PID %d\n", pid); + + // Try to open a pidfd for our own process + fd = syscall(__NR_pidfd_open, pid, 0); + + if (fd == -1) { + if (errno == ENOSYS) { + printf("pidfd_open: not supported by kernel\n"); + return 0; + } else if (errno == EPERM || errno == EACCES) { + printf("pidfd_open: blocked (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } else { + printf("pidfd_open: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } + } + + printf("pidfd_open: success (fd=%d)\n", fd); + close(fd); + return 0; +} diff --git a/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml b/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml new file mode 100644 index 00000000000..467b7ef8923 --- /dev/null +++ b/tests/main/template-seccomp-pidfd-open/test-snapd-pidfd-open/meta/snap.yaml @@ -0,0 +1,10 @@ +name: test-snapd-pidfd-open +version: 1.0 +summary: Test snap for pidfd_open syscall +description: | + This snap tests that the pidfd_open syscall is allowed by the default + seccomp profile. + +apps: + test-snapd-pidfd-open: + command: bin/test-pidfd-open From 9deca257cfc63ca42ea09183f1110cbd6db70c63 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Mon, 2 Feb 2026 09:19:14 +0100 Subject: [PATCH 39/41] tests: extend pidfd_open test to check waitid behavior Specifically the behavior of non-child process (PID 1) Signed-off-by: Zygmunt Krynicki --- .../test-pidfd-open.c | 43 ++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c index e57802e99c3..74381be2b5e 100644 --- a/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c +++ b/tests/main/template-seccomp-pidfd-open/test-pidfd-open.c @@ -4,11 +4,14 @@ #include #include #include +#include +#include #include int main(void) { pid_t pid; int fd; + siginfo_t info; // Get our own PID pid = getpid(); @@ -32,5 +35,43 @@ int main(void) { printf("pidfd_open: success (fd=%d)\n", fd); close(fd); - return 0; + + // Now test opening pidfd for PID 1 and waitid + printf("\nTesting pidfd_open with PID 1\n"); + fd = syscall(__NR_pidfd_open, 1, 0); + + if (fd == -1) { + if (errno == ENOSYS) { + printf("pidfd_open: not supported by kernel\n"); + return 0; + } else if (errno == EPERM || errno == EACCES) { + printf("pidfd_open for PID 1: blocked (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } else { + printf("pidfd_open for PID 1: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + return 1; + } + } + + printf("pidfd_open for PID 1: success (fd=%d)\n", fd); + + // Try to waitid on PID 1 (should fail since it's not a child process) + printf("Attempting waitid on PID 1 (should fail since it's not a child)...\n"); + int ret = waitid(P_PIDFD, fd, &info, WEXITED); + + if (ret == -1) { + if (errno == ECHILD) { + printf("waitid: correctly failed with ECHILD (PID 1 is not a child process)\n"); + close(fd); + return 0; + } else { + printf("waitid: failed with unexpected error (errno=%d: %s)\n", errno, strerror(errno)); + close(fd); + return 1; + } + } else { + printf("waitid: unexpectedly succeeded\n"); + close(fd); + return 1; + } } From 7d830b0d13184d19cb2ea7b005c0cf48ea525665 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Wed, 4 Feb 2026 19:42:59 +0100 Subject: [PATCH 40/41] tests: fix packing system data on debian-12 When /etc/apparmod.d/snap.snapd.* does not exist the old logic would do the wrong thing attempt to pack a file with wildcard in the name. Use nullglob to avoid this. Signed-off-by: Zygmunt Krynicki --- tests/lib/state.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/lib/state.sh b/tests/lib/state.sh index 131f37e166c..6c8b7245cef 100755 --- a/tests/lib/state.sh +++ b/tests/lib/state.sh @@ -56,9 +56,8 @@ save_snapd_state() { break fi done - snapd_service_env=$(ls -d /etc/systemd/system/snapd.*.d || true) - snap_confine_profiles="$(ls /etc/apparmor.d/snap.snapd.* || true)" + shopt -s nullglob # shellcheck disable=SC2086 tar cf "$SNAPD_STATE_FILE" \ /var/lib/snapd \ @@ -70,9 +69,10 @@ save_snapd_state() { /etc/systemd/system/"$escaped_snap_mount_dir"-*core*.mount \ /etc/systemd/system/snapd.mounts.target.wants/"$escaped_snap_mount_dir"-*core*.mount \ /etc/systemd/system/multi-user.target.wants/"$escaped_snap_mount_dir"-*core*.mount \ - $snap_confine_profiles \ + /etc/apparmor.d/snap.snapd.* \ $snapd_env \ - $snapd_service_env + /etc/systemd/system/snapd.*.d + shopt -u nullglob systemctl daemon-reload # Workaround for http://paste.ubuntu.com/17735820/ core="$(readlink -f "$SNAP_MOUNT_DIR/core/current")" From fe6aa6f760d0d64523765579a3de04eef659b900 Mon Sep 17 00:00:00 2001 From: ernestl Date: Fri, 6 Feb 2026 19:40:46 +0200 Subject: [PATCH 41/41] release: 2.74.1 --- NEWS.md | 8 ++++++++ packaging/arch/PKGBUILD | 2 +- packaging/debian-sid/changelog | 16 ++++++++++++++++ packaging/fedora/snapd.spec | 15 ++++++++++++++- packaging/opensuse/snapd.changes | 5 +++++ packaging/opensuse/snapd.spec | 2 +- packaging/ubuntu-16.04/changelog | 16 ++++++++++++++++ 7 files changed, 61 insertions(+), 3 deletions(-) diff --git a/NEWS.md b/NEWS.md index f16a16902fd..81ffaf47638 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,11 @@ +# New in snapd 2.74.1 +* FDE: measure DeployedMode and AuditMode variables if they appear as disabled in the event log to avoid a potential reseal-failure boot loop +* LP: #2139611 FDE: fix db updates by allowing multiple payloads +* LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising memory lock limit when required +* LP: #2139099 snap-confine: bump the max element count of the BPF map used to store IDs of allowed/matched devices to 1000 +* Interfaces: Added pidfd_open and memfd_secret to seccomp template +* Interfaces: camera | add locking permission for /dev/video + # New in snapd 2.74 * FDE: use new activation API from secboot * FDE: use activation API also with non keydata keys diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index a23421d12d8..6420f38e58d 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -11,7 +11,7 @@ pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd' 'libcap' 'apparmor') optdepends=('bash-completion: bash completion support' 'xdg-desktop-portal: desktop integration') -pkgver=2.74 +pkgver=2.74.1 pkgrel=1 arch=('x86_64' 'i686' 'armv7h' 'aarch64') url="https://github.com/snapcore/snapd" diff --git a/packaging/debian-sid/changelog b/packaging/debian-sid/changelog index 917e341c825..1a6122f1b89 100644 --- a/packaging/debian-sid/changelog +++ b/packaging/debian-sid/changelog @@ -1,3 +1,19 @@ +snapd (2.74.1-1) unstable; urgency=medium + + * New upstream release, LP: #2138629 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + + -- Ernest Lotter Fri, 06 Feb 2026 19:40:03 +0200 + snapd (2.74-1) unstable; urgency=medium * New upstream release, LP: #2138629 diff --git a/packaging/fedora/snapd.spec b/packaging/fedora/snapd.spec index 41ec86dfa66..fb8250669e8 100644 --- a/packaging/fedora/snapd.spec +++ b/packaging/fedora/snapd.spec @@ -114,7 +114,7 @@ %endif Name: snapd -Version: 2.74 +Version: 2.74.1 Release: 0%{?dist} Summary: A transactional software package manager License: GPL-3.0-only @@ -1008,6 +1008,19 @@ fi %endif %changelog +* Fri Feb 06 2026 Ernest Lotter +- New upstream release 2.74.1 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + * Tue Jan 20 2026 Ernest Lotter - New upstream release 2.74 - FDE: use new activation API from secboot diff --git a/packaging/opensuse/snapd.changes b/packaging/opensuse/snapd.changes index e6da5361755..fff0026fc32 100644 --- a/packaging/opensuse/snapd.changes +++ b/packaging/opensuse/snapd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 06 17:40:03 UTC 2026 - ernest.lotter@canonical.com + +- Update to upstream release 2.74.1 + ------------------------------------------------------------------- Tue Jan 20 16:54:17 UTC 2026 - ernest.lotter@canonical.com diff --git a/packaging/opensuse/snapd.spec b/packaging/opensuse/snapd.spec index 1d1ccf735d2..48cf57fbb58 100644 --- a/packaging/opensuse/snapd.spec +++ b/packaging/opensuse/snapd.spec @@ -100,7 +100,7 @@ Name: snapd -Version: 2.74 +Version: 2.74.1 Release: 0 Summary: Tools enabling systems to work with .snap files License: GPL-3.0 diff --git a/packaging/ubuntu-16.04/changelog b/packaging/ubuntu-16.04/changelog index 14afbedd692..146fad28acb 100644 --- a/packaging/ubuntu-16.04/changelog +++ b/packaging/ubuntu-16.04/changelog @@ -1,3 +1,19 @@ +snapd (2.74.1) xenial; urgency=medium + + * New upstream release, LP: #2138629 + - FDE: measure DeployedMode and AuditMode variables if they appear + as disabled in the event log to avoid a potential reseal-failure + boot loop + - LP: #2139611 FDE: fix db updates by allowing multiple payloads + - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising + memory lock limit when required + - LP: #2139099 snap-confine: bump the max element count of the BPF + map used to store IDs of allowed/matched devices to 1000 + - Interfaces: Added pidfd_open and memfd_secret to seccomp template + - Interfaces: camera | add locking permission for /dev/video + + -- Ernest Lotter Fri, 06 Feb 2026 19:40:03 +0200 + snapd (2.74) xenial; urgency=medium * New upstream release, LP: #2138629