Draft
Conversation
|
Thu Apr 23 07:57:37 UTC 2026 No spread failures reported |
ernestl
force-pushed
the
ernestl/security-logging
branch
from
f8d7fe2 to
394fe53
Compare
ernestl
force-pushed
the
ernestl/security-logging
branch
from
58a574e to
98be93f
Compare
ernestl
force-pushed
the
ernestl/security-logging
branch
2 times, most recently
from
1a335d5 to
aa2c6a9
Compare
… on commit (canonical#16889) Although we error early if we can tell that a write affects ephemeral data but no save-view hook is present, a change-view hook may have written to an ephemeral path after that initial check so we need to check again before committing. Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
ernestl
force-pushed
the
ernestl/security-logging
branch
from
15fa59d to
184daa6
Compare
on UC26 images, by setting appropriately the path.
ernestl
force-pushed
the
ernestl/security-logging
branch
from
184daa6 to
d84e954
Compare
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
…anonical#16928) Add unit tests for the non-obvious values that are accepted for target. Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* o/confdbstate: block concurrent snapctl accesses Extend the blocking UX to include accesses coming from snapctl. o/confdbstate: unblock as many reads as possible o/confdbstate: fix ignored err return + outdated TODO o/confdbstate: remove channel when closing o/confdbstate: read w/o tasks also unblocks next access o/confdbstate: unblock next pending access on error paths o/confdbstate: test hook helper o/confdbstate: unblock depending on tasks o/confdbstate: unblocked access must remove its own access o/confdbstate: prevent race conditions in multi read scenarios Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: make channel buffered; tweaks Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: more tweaks Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: fix racy test Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: remove waitID when setting ongoing tx Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: merge WriteConfdbFromSnap and getTransactionToSet Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: improve docs Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: more docs + rename Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: tweak cleanup and test Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: rm unnecessary code; minor improvements Signed-off-by: Miguel Pires <miguel.pires@canonical.com> * o/confdbstate: remove edge usage; other minor tweaks Signed-off-by: Miguel Pires <miguel.pires@canonical.com> --------- Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
canonical#16777) * o/h/ctlcmd, t/main: add per-change rate limit, unit tests, spread test * o/h/ctlcmd: update to table-driven tests * o/h/ctlcmd: keep rate-limiting in memory, have ready check outside of lock * o/h/ctlcmd: ensure is-ready aligns with spec implentation * fixup! o/h/ctlcmd: ensure is-ready aligns with spec implentation * o/h/ctlcmd, t/m/snapctl-is-ready: fix lock hold while sleeping, refactor test tables to seperate logic and rate-lim tests, refactor spread tests to adhere to command format, add rate-lim spread test * o/h/ctlcmd: fix unit test complexity, simplify table-driven tests, fix race condition in helpers.go * t/main/snapctl-is-ready*: fix issue with --classic on UC * fixup! t/main/snapctl-is-ready*: fix issue with --classic on UC * o/h/ctlcmd: change behavior of last-accessed so that if it doesnt exist in cache, it is created * fixup! o/h/ctlcmd: change behavior of last-accessed so that if it doesnt exist in cache, it is created * t/main/snapctl-is-ready: fix spread test formatting * o/h/ctlcmd, t/main/snapctl-is-ready: fix spread test issues, clean-up isReady helper * t/main/snapctl-is-ready: remove rate limit spread test * o/h/ctlcmd, t/main/snapctl-is-ready: fix comments, error strings, use snap install --wait in spread test * fixup! o/h/ctlcmd, t/main/snapctl-is-ready: fix comments, error strings, use snap install --wait in spread test * o/h/ctlcmd, t/m/snapctl-is-ready: Move last access caching later in isReady, simplify spread test * fixup! o/h/ctlcmd, t/m/snapctl-is-ready: Move last access caching later in isReady, simplify spread test * fixup! fixup! o/h/ctlcmd, t/m/snapctl-is-ready: Move last access caching later in isReady, simplify spread test * fixup! fixup! fixup! o/h/ctlcmd, t/m/snapctl-is-ready: Move last access caching later in isReady, simplify spread test * fixup! fixup! fixup! fixup! o/h/ctlcmd, t/m/snapctl-is-ready: Move last access caching later in isReady, simplify spread test * o/h/ctlcmd: add toWait to the cached time to start waiting from when the last wait is finished * o/h/ctlcmd: add private type for key, ensure last access accounts for wait time for current request * o/ctlcmd: refactor rate limiting into some named functions * ov/ho/ctlcmd: add to non-root allowlist, write change status to stderr on ret code 2, fix spread test description * fixup! ov/ho/ctlcmd: add to non-root allowlist, write change status to stderr on ret code 2, fix spread test description * ov/ho/ctlcmd, tests: improve code documentation, revert spread test to pack and install instead of INSTALL_LOCAL tool * ov/ho/ctlcmd: fix doc comments * fixup! ov/ho/ctlcmd: fix doc comments * fixup! fixup! ov/ho/ctlcmd: fix doc comments * fixup! fixup! fixup! ov/ho/ctlcmd: fix doc comments * fixup! fixup! fixup! fixup! ov/ho/ctlcmd: fix doc comments --------- Co-authored-by: Andrew Phelps <andrew.phelps@canonical.com>
Agent-Logs-Url: https://github.com/canonical/snapd/sessions/cb4d4ae7-c044-49ec-baad-4c67d1c638be Co-authored-by: zyga <784262+zyga@users.noreply.github.com>
…ial_escape_oob test Agent-Logs-Url: https://github.com/canonical/snapd/sessions/c41263a1-0b0a-4730-a291-91a8ecf80263 Co-authored-by: zyga <784262+zyga@users.noreply.github.com>
…est.c Agent-Logs-Url: https://github.com/canonical/snapd/sessions/b588b58a-c79b-4639-9612-5a71bb0c7285 Co-authored-by: zyga <784262+zyga@users.noreply.github.com>
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
…fter the test, bump size (canonical#16954) Ensure that the state before and after the state is consistent. Specifically, mount units created during suite prepare are carried over to the test, thus mounting a tmpfs on top of /var/lib/snapd creates a discrepancy between e.g. unit files under /etc/systemd/system and actual snapd state. Adding purge ensures that the system state and snapd state match again. Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
…errors (canonical#16945) * overlord, snap: omit snapd refresh suggestion for ISA-related assume errors Remove "(try to refresh snapd)" suggestion from error messages when snap assumes fail due to ISA-related issues. ISA errors indicate architectural incompatibilities that cannot be resolved by refreshing snapd, so the suggestion is misleading in these cases. Introduce IsaError type to distinguish ISA validation failures from other assume validation errors, allowing appropriate error message formatting. * tests/regression/lp-1813365: adapt to python locaction in UC26
…nd audit sinks are implemented.
ernestl
force-pushed
the
ernestl/security-logging
branch
2 times, most recently
from
0ef8820 to
49182f7
Compare
ernestl
force-pushed
the
ernestl/security-logging
branch
2 times, most recently
from
5a01fd4 to
13bdc60
Compare
ernestl
force-pushed
the
ernestl/security-logging
branch
from
13bdc60 to
1065844
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Thanks for helping us make a better snapd!
Have you signed the license agreement and read the contribution guide?