s/apparmor,tests: improve comments around apparmor prompting

Signed-off-by: Oliver Calder <[email protected]>
canonical · Sep 5, 2024 · 58e8da3 · 58e8da3
1 parent 0df06ed
commit 58e8da3
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 9 deletions.
diff --git a/sandbox/apparmor/apparmor.go b/sandbox/apparmor/apparmor.go
@@ -461,6 +461,7 @@ func PromptingSupportedByFeatures(apparmorFeatures *FeaturesSupported) (bool, st
 	if strutil.ListContains(apparmorFeatures.KernelFeatures, "policy:notify") {
 		if !strutil.ListContains(apparmorFeatures.KernelFeatures, "policy:notify:user:file") {
 			return false, "the kernel does not support prompting for file access"
+			// XXX: should this error message be "apparmor kernel features do not support prompting" as well?
 		}
 	}
 	if !notify.SupportAvailable() {

diff --git a/tests/main/apparmor-prompting-flag-restart/task.yaml b/tests/main/apparmor-prompting-flag-restart/task.yaml
@@ -107,7 +107,6 @@ execute: |
     echo "Enable prompting via snap client where possible"
     if os.query is-core || os.query is-ubuntu-lt 24.04; then
         # prompting is disabled on Ubuntu Core
-        # TODO on releases < 24.04 we need the snapd snap for testing
         not snap set system experimental.apparmor-prompting=true >& err.out
         if os.query is-core ; then
             MATCH "cannot enable prompting feature as it is not supported on Ubuntu Core systems" < err.out

diff --git a/tests/main/apparmor-prompting-snapd-startup/task.yaml b/tests/main/apparmor-prompting-snapd-startup/task.yaml
@@ -23,8 +23,7 @@ execute: |
     mkdir -p "$(dirname $RULES_PATH)"
     echo '{"rules":[{"id":"0000000000000002","timestamp":"2004-10-20T14:05:08.901174186-05:00","user":1000,"snap":"shellcheck","interface":"home","constraints":{"path-pattern":"/home/test/Projects/**","permissions":["read"]},"outcome":"allow","lifespan":"forever","expiration":"0001-01-01T00:00:00Z"},{"id":"0000000000000003","timestamp":"2004-10-20T16:47:32.138415627-05:00","user":1000,"snap":"firefox","interface":"home","constraints":{"path-pattern":"/home/test/Downloads/**","permissions":["read","write"]},"outcome":"allow","lifespan":"timespan","expiration":"2005-04-08T00:00:00Z"}]}' | tee "$RULES_PATH"
 
-    # Prompting is disabled everywhere but the Ubuntu systems
-    # TODO: on Ubuntu releases < 24.04 we need the snapd snap for testing
+    # Prompting is unsupported everywhere but the Ubuntu non-core systems >= 24.04
     if ! os.query is-ubuntu || os.query is-ubuntu-lt 24.04 || os.query is-core ; then
         not snap set system experimental.apparmor-prompting=true >& err.out
         if os.query is-core; then

diff --git a/tests/main/interfaces-requests-activates-handlers/task.yaml b/tests/main/interfaces-requests-activates-handlers/task.yaml
@@ -21,7 +21,6 @@ execute: |
     echo "Enable prompting via snap client where possible"
     if os.query is-core || os.query is-ubuntu-lt 24.04; then
         # prompting is disabled on Ubuntu Core
-        # TODO on releases < 24.04 we need the snapd snap for testing
         not snap set system experimental.apparmor-prompting=true >& err.out
         if os.query is-core ; then
             MATCH "cannot enable prompting feature as it is not supported on Ubuntu Core systems" < err.out

diff --git a/tests/main/interfaces-snap-interfaces-requests-control/task.yaml b/tests/main/interfaces-snap-interfaces-requests-control/task.yaml
@@ -5,10 +5,10 @@ details: |
     to view and manage request prompts and request rules.
 
     Specifically:
-      - /v2/notices: to read change-update and refresh-inhibit notices
+      - /v2/notices: to read interfaces-requests-prompt and interfaces-requests-rule-update notices
+      - /v2/interfaces/requests/prompts: to receive and reply to request prompts
+      - /v2/interfaces/requests/rules: to view and manage request rules
       - /v2/system-info: to check whether prompting is supported/enabled
-      # TODO: - /v2/interfaces/requests/prompts: to receive and reply to request prompts
-      # TODO: - /v2/interfaces/requests/rules: to view and manage request rules
 
 environment:
     # not all terminals support UTF-8, but Python tries to be smart and attempts
@@ -39,8 +39,7 @@ execute: |
     api-client --socket /run/snapd-snap.socket "/v2/system-info" | jq '."status-code"' | MATCH '^200$'
 
     echo "Ensure AppArmor Prompting experimental feature can be enabled where possible"
-    # prompting is disabled everywhere but the Ubuntu systems
-    # TODO on Ubuntu releases < 24.04 we need the snapd snap for testing
+    # Prompting is unsupported everywhere but the Ubuntu non-core systems >= 24.04
     if ! os.query is-ubuntu || os.query is-ubuntu-lt 24.04 || os.query is-core ; then
         not snap set system experimental.apparmor-prompting=true >& err.out
         if os.query is-core; then