Skip to content
Ubuntu

fix(profile): snapd #2214

Sign in to view logs

fix(profile): snapd

fix(profile): snapd #2214

Workflow file for this run

.github/workflows/main.yml at 0100132
name: Ubuntu
on: [push, pull_request, workflow_dispatch]
jobs:
check:
runs-on: ubuntu-24.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Run basic profile linter check
run: |
make check
build:
runs-on: ${{ matrix.os }}
needs: check
strategy:
matrix:
os:
- ubuntu-24.04
- ubuntu-22.04
mode:
- default
- full-system-policy
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Install Build dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
devscripts debhelper config-package-dev \
auditd apparmor-profiles apparmor-utils
sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real
- name: Build the apparmor.d package
run: |
if [[ ${{ matrix.mode }} == full-system-policy ]]; then
echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
fi
bash dists/build.sh dpkg
- name: Install apparmor.d
run: sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true
- name: Reload AppArmor
run: |
sudo systemctl restart apparmor.service || true
sudo systemctl status apparmor.service
- name: Ensure compatibility with some AppArmor userspace tools
if: matrix.os != 'ubuntu-24.04'
run: |
sudo aa-enforce /etc/apparmor.d/aa-notify
- name: Show AppArmor log and rules
run: |
sudo aa-log
sudo aa-log -s
sudo aa-log -r
- name: Show Number of loaded profile
run: sudo aa-status --profiled
- name: Cache the build package
if: matrix.mode == 'default' && matrix.os == 'ubuntu-24.04'
uses: actions/cache/save@v4
with:
path: .pkg/apparmor.d_*_amd64.deb
key: ${{ matrix.os }}-${{ matrix.mode }}-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }}
tests:
runs-on: ubuntu-24.04
needs: build
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Restore the cached build package
uses: actions/cache/restore@v4
with:
fail-on-cache-miss: true
path: .pkg/apparmor.d_*_amd64.deb
key: ubuntu-24.04-default-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }}
restore-keys: |
ubuntu-24.04-default-
- name: Install Tests dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
apparmor-profiles apparmor-utils \
bats bats-support
sudo install -Dm0644 .github/local/needrestart /etc/apparmor.d/local/needrestart
- name: Install apparmor.d
run: |
sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true
sudo systemctl restart apparmor.service
- name: Restart some services to ensure they are confined
run: |
services=(
containerd cron
dbus docker
ModemManager multipathd
networkd-dispatcher
packagekit polkit
snapd
systemd-journald systemd-hostnamed systemd-logind systemd-networkd
systemd-resolved systemd-udevd
udisks2
)
sudo systemctl daemon-reload
for service in "${services[@]}"; do
sudo systemctl restart "$service" || systemctl status "$service.service" || true
done
sudo ps auxZ | grep -v '\[.*\]'
sudo aa-log -s --raw
- name: Install integration dependencies
run: |
bash tests/requirements.sh
- name: Run the bats integration tests
run: |
make bats
- name: Show final AppArmor logs
if: always()
run: |
sudo aa-log -s --raw
- name: Show final processes security context
if: always()
run: |
sudo ps auxZ | grep -v '\[.*\]'