snapd

~mvo/snapd/+git/snapd-mvo:test-block-tty-injection

Git
lp:~mvo/snapd/+git/snapd-mvo
test-block-tty-injection

Last commit made on 2023-05-26

Get this branch:: git clone -b test-block-tty-injection https://git.launchpad.net/~mvo/snapd/+git/snapd-mvo

Branch merges

Branch information

Name:: test-block-tty-injection

Repository:: lp:~mvo/snapd/+git/snapd-mvo

Recent commits

2692648... by Michael Vogt on 2023-05-25

tests: fix snap-seccomp-blocks-tty-injection on 32bit systems

0fdda71... by Michael Vogt on 2023-05-25

tests: fix snap-seccomp-blocks-tty-injection on partially confined systems and on ubuntu core

00760d3... by Alex Murray on 2023-05-25

tests/main/snap-seccomp-blocks-tty-injection: fix shellcheck errors

Signed-off-by: Alex Murray <email address hidden>

efdbc11... by Alex Murray on 2023-03-23

tests/main/snap-seccomp-blocks-tty-injection: spread test CVE-2023-1523

Add a spread test which exercises the two tty injection PoCs for both
CVE-2023-1523 and CVE-2019-7303

Signed-off-by: Alex Murray <email address hidden>

9a5accc... by Frederik Du Toit Lotter on 2023-01-13

secboot: UUID generator error instead of panic

The randutil.RandomKernelUUID() used to generate a panic on failure.

The process of consolidating common code used by Pebble and Snapd
(e.g. randutil) highlighted the fact that an error return, as relied on by
Pebble, is a more flexibie approach and allows application code to decide
the severity, instead of the library function.

- Make secboot unlock code to deal with an error that can now be returned
from the UUID generator.

- Add unit tests to cover the new error paths in the code.

Signed-off-by: Fred Lotter <email address hidden>

0a488db... by Frederik Du Toit Lotter on 2023-01-13

cgroup: UUID generation error instead of panic

The randutil.RandomKernelUUID() used to generate a panic on failure.

- Make cgroup code deal with the error that can now be returned from the UUID
generator.

- Add unit tests to cover the new error paths in the code.

367bb1e... by Frederik Du Toit Lotter on 2023-01-13

randutil: add unittests for RandomKernelUUID()

e21246f... by Frederik Du Toit Lotter on 2023-01-13

randutil: make RandomKernelUUID() return an error

Make RandomKernelUUID() return an error instead of generating a panic. This
is better suited for this library function. The severity of the failure can
be determined by the application code.

12ca6af... by Oliver Calder on 2023-05-24

interfaces/builtin: fix custom-device default udev kernel rules (#12833)

* interfaces/builtin: fix custom-device default udev kernel rules

The KERNEL value in udev rules must be the basename of the device path.
For devices for which there is not a matching kernel value specified in
the custom-device `udev-tagging` section, a default udev kernel rule is
generated. Previously, https://github.com/snapcore/snapd/pull/12734
(and prior) generated these default rules by using the complete device
path relative to `/dev/`. However, for device paths which are in
subdirectories of `/dev/`, this means that the kernel values were not
basenames, which violates the udev spec.

This commit changes this behavior to instead generate udev kernel rules
using the basename of each specified device.

Since ambiguity would arise if multiple devices had the same basename,
this change introduces a check to ensure that all the specified devices
have unique basenames.

Additionally, this commit introduces a check to ensure that all
specified kernel values in the `udev-tagging` section are basenames.

It is still the case that each specified kernel value must match one of
the specified devices.

There are currently problems with `vet` where it is claimed that several
of the `[]string` variables in `validateUDevDevicesUniqueBasenames()`
are unused. These variables are used in a several ways, so further
investigation is required as to why this is the case.