snapcore
interfaces, o/ifacestate: don't allow devmode snaps calling other snaps on UC22
Eventually we will also disable this behavior of being able to call snap-confine from a devmode snap for all other systems, but for now we can only get away with disabling UC22.
Also add missing unit tests from the branch we didn't have time to write/prepare.
Codecov Report
Merging #11408 (3a3e11f) into master (f0ff569) will increase coverage by
0.02%. The diff coverage is50.00%.
@@ Coverage Diff @@
## master #11408 +/- ##
==========================================
+ Coverage 78.34% 78.37% +0.02%
==========================================
Files 931 931
Lines 107005 107023 +18
==========================================
+ Hits 83838 83881 +43
+ Misses 17951 17924 -27
- Partials 5216 5218 +2
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 78.37% <50.00%> (+0.02%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Impacted Files | Coverage Δ | |
|---|---|---|
| interfaces/ifacetest/backendtest.go | 0.00% <0.00%> (ø) |
|
| overlord/ifacestate/helpers.go | 76.07% <33.33%> (-0.46%) |
:arrow_down: |
| interfaces/apparmor/backend.go | 84.37% <100.00%> (+6.36%) |
:arrow_up: |
| overlord/hookstate/hookmgr.go | 74.67% <0.00%> (-0.65%) |
:arrow_down: |
| overlord/ifacestate/handlers.go | 64.87% <0.00%> (-0.15%) |
:arrow_down: |
| daemon/api_connections.go | 93.58% <0.00%> (+0.53%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update f0ff569...3a3e11f. Read the comment docs.
I will split off the other unit tests into a separate PR, I was probably too self-confident in thinking the model stuff would not be complex
Other unit tests split out into https://github.com/snapcore/snapd/pull/11409
@pedronis do we want to pursue this any further?
yes, this and a related problem are on my/our tech debt list. Finding time/timing time is complicated though
