profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/alexmurray/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Alex Murray alexmurray @CanonicalLtd Adelaide, Australia Ubuntu Security Staff Engineer at @CanonicalLtd

alexmurray/cstyle 30

C/C++ Style Checker

alexmurray/arxml-mode 3

Emacs mode for editing Adaptive AUTOSAR arxml files

alexmurray/apparmor-mode 2

Emacs major mode for editing AppArmor Policies

alexmurray/avd-search-provider 2

GNOME Shell Android Virtual Device Search Provider

alexmurray/auto-complete 1

Emacs auto-complete package

alexmurray/ccls-snap 1

ccls in a snap

alexmurray/cquery 1

C/C++ language server supporting multi-million line code base, powered by libclang. Emacs, Vim, VSCode, and others with language server protocol support. Cross references, completion, diagnostics, semantic highlighting and more

alexmurray/dbc-mode 1

Emacs mode for editing CAN dbc files

issue commentdjcb/mu

[mu4e bug] Text after signature mark -- disappears from mu4e-compose buffer (gnus)

this is how one would expect signatures to work.

how come? To delete all text after the -- symbol? Thunderbird allows one to put the signature above the quoted reply and does not delete any of the quoted text. I find this behaviour quite disturbing. Is there any work around? Thanks.

Yeah, I agree. The -- is definitely outdated now. I also face the issue you are facing, and was trying to find a solution - which is how I ended up reading this thread. Software for displaying emails have become more sophisticated and can handle more complex rules for identifying signatures (thunderbird, outlook, even gmail-online have more complicated rules to identify signatures). I have not been able to find a workaround.

I'm going to try @djcb 's suggestion and attempt to turn off the message separator.

Also, @djcb , thank you for creating and sharing this fantastic software with the community <3

averter

comment created time in 3 hours

issue commentdjcb/mu

[mu4e bug] Text after signature mark -- disappears from mu4e-compose buffer (gnus)

Yeah, it seems that it works according to various standards / conventions. I guess you work around it by not using the message-separator? For mu4e it's defined as "^-- *$".

If that's not good enough, you can configure mu4e-compose-cite-function and do what you want.

averter

comment created time in 5 hours

PR opened snapcore/snapd

Reviewers
many: pass device/model info to configcore via sysconfig.Device interface Run nested

This is similar to boot.Device.

Use this which is cleaner and delivers more information in the pi options code as well.

Leaves a couple of TODO about where this could also be leveraged as well.

+367 -386

0 comment

51 changed files

pr created time in 5 hours

pull request commentdjcb/mu

Org mu4e compose stabilization

My request was with regards to writing in org and sending either markdown or plain text (or html but orgmsg would handle that).

Sending in plain text is no problem. Just adapt the following to your liking:

  (setq org-msg-default-alternatives '((new		. (text html))
				       (reply-to-html	. (text html))
				       (reply-to-text	. (text))))

Sending in org format is also possible. It may be possible to register the markdown exporter in org-msg-alternative-exporters.

titaniumbones

comment created time in 5 hours

issue commentdjcb/mu

[mu4e bug] Text after signature mark -- disappears from mu4e-compose buffer (gnus)

this is how one would expect signatures to work.

how come? To delete all text after the -- symbol? Thunderbird allows to put the signature above the quoted reply and does not delete any of the quoted text. I find this behaviour quite disturbing. Is there any work around? Thanks.

averter

comment created time in 5 hours

issue commentintel/Intel-Linux-Processor-Microcode-Data-Files

microcode-20200609 Release, at least 06-4e-03, hangs user's system

@whpenner, could you confirm if the latest revision (0xea) is supposed to work around the problem stated in https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-761228960 ?

It would be really nice to be able to ship the microcode update without worrying about severely outdated BIOSes that cannot be fixed due to the usual vendor-won't-issue-updated-firmware + EOL issues.

vicamo

comment created time in 7 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then+        inotifywait /root /var/lib/snapd /var/snap /home "$SNAP_MOUNT_DIR" -d -m -r -e CREATE -e DELETE --exclude "($PWD/task.yaml|$PWD/.*/.*.snap|$PROJECT_PATH/tests/lib/snaps/.*/.*.snap)" -o /tmp/fs.output

I just run with /etc and the following paths are breaking tests: File not deleted /etc/systemd/system/var-lib-snapd-snap-core-11378.mount File not deleted /etc/systemd/system/multi-user.target.wants/var-lib-snapd-snap-core-11378.mount File not deleted /etc/environment File not deleted /etc/systemd/system/multi-user.target.wants/var-lib-snapd-snap-core-11378.mount Dir not deleted /etc/systemd/system/snapd.service.d

sergiocazzolato

comment created time in 7 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then

Nice catch, I added all the classic systems now.

sergiocazzolato

comment created time in 8 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then+        inotifywait /root /var/lib/snapd /var/snap /home "$SNAP_MOUNT_DIR" -d -m -r -e CREATE -e DELETE --exclude "($PWD/task.yaml|$PWD/.*/.*.snap|$PROJECT_PATH/tests/lib/snaps/.*/.*.snap)" -o /tmp/fs.output

I'll add it, in case it causes trouble, I'll remove it.

sergiocazzolato

comment created time in 8 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 restore_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    if os.query is-focal || os.query is.fedora; then+        set +x+        pkill inotifywait+        local created_files=$( sudo cat /tmp/fs.output | grep " CREATE " | awk '{ print $1$3 }' )

Sure, thanks for the suggestion

sergiocazzolato

comment created time in 8 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then

Right, my idea was to add this to some systems and then make it available to any system. I'll add the dependencies and make it work on all the supported classic systems. Thanks for the review

sergiocazzolato

comment created time in 9 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then+        inotifywait /root /var/lib/snapd /var/snap /home "$SNAP_MOUNT_DIR" -d -m -r -e CREATE -e DELETE --exclude "($PWD/task.yaml|$PWD/.*/.*.snap|$PROJECT_PATH/tests/lib/snaps/.*/.*.snap)" -o /tmp/fs.output

Nice, idea, thanks for the review

sergiocazzolato

comment created time in 9 hours

Pull request review commentsnapcore/snapd

tests: check files and dirs are cleaned for each test

 prepare_suite_each() {         "$TESTSTOOLS"/cleanup-state pre-invariant     fi     tests.invariant check++    SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"+    if os.query is-focal || os.query is.fedora; then+        inotifywait /root /var/lib/snapd /var/snap /home "$SNAP_MOUNT_DIR" -d -m -r -e CREATE -e DELETE --exclude "($PWD/task.yaml|$PWD/.*/.*.snap|$PROJECT_PATH/tests/lib/snaps/.*/.*.snap)" -o /tmp/fs.output

Well, initially I tested differnet alternative, also tested files that could be deleted but at the end it was very complex to validate. I'll remove it. Thanks for the review

sergiocazzolato

comment created time in 9 hours

Pull request review commentsnapcore/snapd

o/servicestate: move SetStatus to doQuotaControl

 func (m *ServiceManager) doQuotaControl(t *state.Task, _ *tomb.Tomb) error { 		return err 	} +	var grp *quota.Group 	switch qc.Action { 	case "create":-		err = quotaCreate(st, t, qc, allGrps, perfTimings)+		grp, allGrps, err = quotaCreate(st, qc, allGrps) 	case "remove":-		err = quotaRemove(st, t, qc, allGrps, perfTimings)+		grp, allGrps, err = quotaRemove(st, qc, allGrps) 	case "update":-		err = quotaUpdate(st, t, qc, allGrps, perfTimings)+		grp, allGrps, err = quotaUpdate(st, qc, allGrps) 	default:-		err = fmt.Errorf("unknown action %q requested", qc.Action)+		return fmt.Errorf("unknown action %q requested", qc.Action) 	} -	return err+	if err != nil {+		return err+	}++	// ensure service and slices on disk and their states are updated+	opts := &ensureSnapServicesForGroupOptions{+		allGrps: allGrps,+	}+	appsToRestartBySnap, err := ensureSnapServicesForGroup(st, t, grp, opts)+	if err != nil {+		return err+	}++	// after we have made all the persistent modifications to disk and state,+	// set the task as done, what remains for this task handler is just to+	// restart services which will happen regardless if we get rebooted after+	// unlocking the state - if we got rebooted before unlocking the state, none+	// of the changes we made to state would be persisted and we would run+	// through everything above here again, but the second time around+	// EnsureSnapServices would end up doing nothing since it is idempotent.

Thanks for this explanation.

pedronis

comment created time in 9 hours

Pull request review commentsnapcore/snapd

overlord: only start enabled services

 func StopServices(apps []*snap.AppInfo, flags *StopServicesFlags, reason snap.Se 	return nil } -// ServicesEnableState returns a map of service names from the given snap,-// together with their enable/disable status.-func ServicesEnableState(s *snap.Info, inter interacter) (map[string]bool, error) {+// ServicesEnableState takes a map of application names -> application info+// and returns a map of service names extracted from the given map, together+// with their enable/disable status.+func ServicesEnableState(appInfos map[string]*snap.AppInfo, inter interacter) (map[string]bool, error) {

Is there a deep reason for changing the signature of this function (and QueryDisabledServices below) from taking snap.Info to appInfos map? We are passing all apps anyway right?

mardy

comment created time in 10 hours

Pull request review commentsnapcore/snapd

overlord: only start enabled services

 type ServiceAction struct { 	// inactive and not disabled services in snap-name, and also svc1 regardless 	// of the state svc1 is in. 	ExplicitServices []string `json:"explicit-services,omitempty"`+	DisabledServices []string `json:"disabled-services,omitempty"`

I'm not sure it's a good idea to query disabled services when creating the task in serviceControlTs and store them in ServiceAction on the task - the task may be executed some time later after it was created. I think we should query for disabled services when we handle the task, close to where they need to be passed to wrappers to minimize the time window between checking and acting on them.

mardy

comment created time in 10 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {

added a depth limit along with a unit test

bboozzoo

comment created time in 11 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

+/*+ * Copyright (C) 2021 Canonical Ltd+ *+ * This program is free software: you can redistribute it and/or modify+ * it under the terms of the GNU General Public License version 3 as+ * published by the Free Software Foundation.+ *+ * This program is distributed in the hope that it will be useful,+ * but WITHOUT ANY WARRANTY; without even the implied warranty of+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the+ * GNU General Public License for more details.+ *+ * You should have received a copy of the GNU General Public License+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.+ *+ */++#include "cgroup-support.c"++#include <fcntl.h>+#include <glib.h>+#include <glib/gstdio.h>+#include <sys/stat.h>+#include <sys/types.h>+#include <unistd.h>++#include "../libsnap-confine-private/cleanup-funcs.h"+#include "../libsnap-confine-private/test-utils.h"+#include "cgroup-support.h"++static void sc_set_self_cgroup_path(const char *mock);++static void sc_set_cgroup_root(const char *mock) { cgroup_dir = mock; }++typedef struct _cgroupv2_is_tracking_fixture {+    char *p;+    char *root;+} cgroupv2_is_tracking_fixture;++static void cgroupv2_is_tracking_set_up(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    int fd = g_file_open_tmp("s-c-unit-is-tracking-self-group.XXXXXX", &fixture->p, &err);+    g_assert_no_error(err);+    g_close(fd, &err);+    g_assert_no_error(err);+    sc_set_self_cgroup_path(fixture->p);++    fixture->root = g_dir_make_tmp("s-c-unit-test-root.XXXXXX", &err);+    sc_set_cgroup_root(fixture->root);+}++static void cgroupv2_is_tracking_tear_down(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;++    sc_set_self_cgroup_path("/proc/self/cgroup");+    g_remove(fixture->p);+    g_free(fixture->p);++    sc_set_cgroup_root("/sys/fs/cgroup");+    char *cmd = g_strdup_printf("rm -rf %s", fixture->root);+    g_debug("cleanup command: %s", cmd);+    g_spawn_command_line_sync(cmd, NULL, NULL, NULL, &err);+    g_assert_no_error(err);+    g_free(cmd);+    g_free(fixture->root);+}++static void test_sc_cgroupv2_is_tracking_happy(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    g_file_set_contents(fixture->p, "0::/foo/bar/baz/snap.foo.app.1234-1234.scope", -1, &err);+    g_assert_no_error(err);++    /* there exist 2 groups with processes from a given snap */+    const char *dirs[] = {+        "/foo/bar/baz/snap.foo.app.1234-1234.scope",+        "/foo/bar/snap.foo.app.1111-1111.scope",+        "/foo/bar/bad",+        "/system.slice/some/app/other",+        "/user/slice/other/app",+    };++    for (size_t i = 0; i < sizeof dirs / sizeof dirs[0]; i++) {+        g_autofree const char *np = g_build_filename(fixture->root, dirs[i], NULL);+        int ret = g_mkdir_with_parents(np, 0755);+        g_assert_cmpint(ret, ==, 0);+    }++    bool is_tracking = sc_cgroup_v2_is_tracking_snap("foo");+    g_assert_true(is_tracking);+}++static void test_sc_cgroupv2_is_tracking_just_own_group(cgroupv2_is_tracking_fixture *fixture,+                                                        gconstpointer user_data) {+    GError *err = NULL;+    g_file_set_contents(fixture->p, "0::/foo/bar/baz/snap.foo.app.1234-1234.scope", -1, &err);+    g_assert_no_error(err);++    /* our group is the only one for this snap */+    const char *dirs[] = {+        "/foo/bar/baz/snap.foo.app.1234-1234.scope",+        "/foo/bar/bad",+        "/system.slice/some/app/other",+        "/user/slice/other/app",+    };++    for (size_t i = 0; i < sizeof dirs / sizeof dirs[0]; i++) {+        g_autofree const char *np = g_build_filename(fixture->root, dirs[i], NULL);+        int ret = g_mkdir_with_parents(np, 0755);+        g_assert_cmpint(ret, ==, 0);+    }++    bool is_tracking = sc_cgroup_v2_is_tracking_snap("foo");+    /* our own group is skipped */+    g_assert_false(is_tracking);+}++static void test_sc_cgroupv2_is_tracking_no_dirs(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    g_file_set_contents(fixture->p, "0::/foo/bar/baz/snap.foo.app.scope", -1, &err);+    g_assert_no_error(err);++    bool is_tracking = sc_cgroup_v2_is_tracking_snap("foo");+    g_assert_false(is_tracking);+}++static void test_sc_cgroupv2_is_tracking_bad_self_group(cgroupv2_is_tracking_fixture *fixture,+                                                        gconstpointer user_data) {+    GError *err = NULL;+    /* trigger a failure in own group handling */+    g_file_set_contents(fixture->p, "", -1, &err);+    g_assert_no_error(err);++    if (g_test_subprocess()) {+        sc_cgroup_v2_is_tracking_snap("foo");+    }+    g_test_trap_subprocess(NULL, 0, 0);+    g_test_trap_assert_failed();+    g_test_trap_assert_stderr("cannot obtain own group path\n");+}++static void test_sc_cgroupv2_is_tracking_dir_permissions(cgroupv2_is_tracking_fixture *fixture,+                                                         gconstpointer user_data) {+    if (geteuid() == 0) {+        g_test_skip("the test will not work when running as root");+        return;+    }+    GError *err = NULL;+    g_file_set_contents(fixture->p, "0::/foo/bar/baz/snap.foo.app.1234-1234.scope", -1, &err);+    g_assert_no_error(err);++    /* there exist 2 groups with processes from a given snap */+    const char *dirs[] = {+        "/foo/bar/bad",+        "/foo/bar/bad/badperm",+    };+    for (size_t i = 0; i < sizeof dirs / sizeof dirs[0]; i++) {+        int mode = 0755;+        if (g_str_has_suffix(dirs[i], "/badperm")) {+            mode = 0000;+        }+        g_autofree const char *np = g_build_filename(fixture->root, dirs[i], NULL);+        int ret = g_mkdir_with_parents(np, mode);+        g_assert_cmpint(ret, ==, 0);+    }++    /* dies when hitting an error traversing the hierarchy */+    if (g_test_subprocess()) {+        sc_cgroup_v2_is_tracking_snap("foo");+    }+    g_test_trap_subprocess(NULL, 0, 0);+    g_test_trap_assert_failed();+    g_test_trap_assert_stderr("cannot open directory entry \"badperm\": Permission denied\n");+}++static void sc_set_self_cgroup_path(const char *mock) { self_cgroup = mock; }++typedef struct _cgroupv2_own_group_fixture {+    char *p;+} cgroupv2_own_group_fixture;++static void cgroupv2_own_group_set_up(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    int fd = g_file_open_tmp("s-c-unit-test.XXXXXX", &fixture->p, &err);+    g_assert_no_error(err);+    g_close(fd, &err);+    g_assert_no_error(err);+    sc_set_self_cgroup_path(fixture->p);+}++static void cgroupv2_own_group_tear_down(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    sc_set_self_cgroup_path("/proc/self/cgroup");+    g_remove(fixture->p);+    g_free(fixture->p);+}++static void test_sc_cgroupv2_own_group_path_simple_happy(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    g_autofree const char *p = NULL;+    g_file_set_contents(fixture->p, (char *)user_data, -1, &err);+    g_assert_no_error(err);+    p = sc_cgroup_v2_own_path_full();+    g_assert_cmpstr(p, ==, "/foo/bar/baz.slice");+}++static void test_sc_cgroupv2_own_group_path_empty(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    g_autofree const char *p = NULL;+    g_file_set_contents(fixture->p, (char *)user_data, -1, &err);+    g_assert_no_error(err);+    p = sc_cgroup_v2_own_path_full();+    g_assert_null(p);+}++static void _test_sc_cgroupv2_own_group_path_die_with_message(const char *msg) {+    if (g_test_subprocess()) {+        g_autofree const char *p = NULL;+        p = sc_cgroup_v2_own_path_full();+    }+    g_test_trap_subprocess(NULL, 0, 0);+    g_test_trap_assert_failed();+    g_test_trap_assert_stderr(msg);+}++static void test_sc_cgroupv2_own_group_path_die(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    g_file_set_contents(fixture->p, (char *)user_data, -1, &err);+    g_assert_no_error(err);+    _test_sc_cgroupv2_own_group_path_die_with_message("unexpected content of group entry 0::\n");+}++static void test_sc_cgroupv2_own_group_path_no_file(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    g_remove(fixture->p);+    _test_sc_cgroupv2_own_group_path_die_with_message("cannot open *\n");+}++static void test_sc_cgroupv2_own_group_path_permission(cgroupv2_own_group_fixture *fixture, gconstpointer user_data) {+    if (geteuid() == 0) {+        g_test_skip("the test will not work when running as root");+        return;+    }+    int ret = g_chmod(fixture->p, 0000);+    g_assert_cmpint(ret, ==, 0);+    _test_sc_cgroupv2_own_group_path_die_with_message("cannot open *: Permission denied\n");+}++static void __attribute__((constructor)) init(void) {

tweaked the tests to use more realistic dataset

bboozzoo

comment created time in 11 hours

PR opened snapcore/snapd

tests: skip tests when the sections cannot be retrieved

This is because the store is often failing with the following error:

catalogrefresh.go:128: DEBUG: Catalog refresh failed: cannot sections: got unexpected HTTP status code 403 via GET to "https://api.snapcraft.io/api/v1/snaps/sections".

Currently the test is skipping when the store reports too many request on these tests.

+8 -0

0 comment

2 changed files

pr created time in 11 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

+/*+ * Copyright (C) 2021 Canonical Ltd+ *+ * This program is free software: you can redistribute it and/or modify+ * it under the terms of the GNU General Public License version 3 as+ * published by the Free Software Foundation.+ *+ * This program is distributed in the hope that it will be useful,+ * but WITHOUT ANY WARRANTY; without even the implied warranty of+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the+ * GNU General Public License for more details.+ *+ * You should have received a copy of the GNU General Public License+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.+ *+ */++#include "cgroup-support.c"++#include <fcntl.h>+#include <glib.h>+#include <glib/gstdio.h>+#include <sys/stat.h>+#include <sys/types.h>+#include <unistd.h>++#include "../libsnap-confine-private/cleanup-funcs.h"+#include "../libsnap-confine-private/test-utils.h"+#include "cgroup-support.h"++static void sc_set_self_cgroup_path(const char *mock);++static void sc_set_cgroup_root(const char *mock) { cgroup_dir = mock; }++typedef struct _cgroupv2_is_tracking_fixture {+    char *p;+    char *root;+} cgroupv2_is_tracking_fixture;++static void cgroupv2_is_tracking_set_up(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;+    int fd = g_file_open_tmp("s-c-unit-is-tracking-self-group.XXXXXX", &fixture->p, &err);+    g_assert_no_error(err);+    g_close(fd, &err);+    g_assert_no_error(err);+    sc_set_self_cgroup_path(fixture->p);++    fixture->root = g_dir_make_tmp("s-c-unit-test-root.XXXXXX", &err);+    sc_set_cgroup_root(fixture->root);+}++static void cgroupv2_is_tracking_tear_down(cgroupv2_is_tracking_fixture *fixture, gconstpointer user_data) {+    GError *err = NULL;++    sc_set_self_cgroup_path("/proc/self/cgroup");+    g_remove(fixture->p);+    g_free(fixture->p);++    sc_set_cgroup_root("/sys/fs/cgroup");+    char *cmd = g_strdup_printf("rm -rf %s", fixture->root);

used g_autofree

bboozzoo

comment created time in 11 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

+/*+ * Copyright (C) 2021 Canonical Ltd+ *+ * This program is free software: you can redistribute it and/or modify+ * it under the terms of the GNU General Public License version 3 as+ * published by the Free Software Foundation.+ *+ * This program is distributed in the hope that it will be useful,+ * but WITHOUT ANY WARRANTY; without even the implied warranty of+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the+ * GNU General Public License for more details.+ *+ * You should have received a copy of the GNU General Public License+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.+ *+ */++#include "cgroup-support.c"++#include <fcntl.h>+#include <glib.h>+#include <glib/gstdio.h>+#include <sys/stat.h>+#include <sys/types.h>+#include <unistd.h>++#include "../libsnap-confine-private/cleanup-funcs.h"+#include "../libsnap-confine-private/test-utils.h"+#include "cgroup-support.h"++static void sc_set_self_cgroup_path(const char *mock);++static void sc_set_cgroup_root(const char *mock) { cgroup_dir = mock; }++typedef struct _cgroupv2_is_tracking_fixture {+    char *p;

renamed

bboozzoo

comment created time in 12 hours

issue commentdjcb/mu

[mu4e bug] Text after signature mark -- disappears from mu4e-compose buffer (gnus)

I don't think this is a bug. Given the specifications and definitions, this is how one would expect signatures to work.

But someone consistently corresponding with people using exchange, gmail and all kinds of service provides, it is definitely something that occurs often enough to be an issue. Perhaps this could be a feature request of sorts? I totally agree with the OP that it would be very nice to be free from the -- signature convention which is now quite outdated imo.

averter

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 void sc_cgroup_create_and_join(const char *parent, const char *name, pid_t pid);  **/ bool sc_cgroup_is_v2(void); +/**+ * sc_cgroup_is_tracking_snap checks whether the snap process are being

updated

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);+        if (found == true) {+            return true;+        }+    }+    return false;+}++bool sc_cgroup_v2_is_tracking_snap(const char *snap_instance) {+    debug("is cgroup tracking snap %s?", snap_instance);+    char tracking_group_name[PATH_MAX] = {0};+    sc_must_snprintf(tracking_group_name, sizeof tracking_group_name, "snap.%s.", snap_instance);++    char *own_group SC_CLEANUP(sc_cleanup_string) = sc_cgroup_v2_own_path_full();+    if (own_group == NULL) {+        die("cannot obtain own group path");+    }+    debug("own group: %s", own_group);+    char *just_leaf = strrchr(own_group, '/');+    if (just_leaf == NULL) {+        die("cannot obtain the leaf group path");+    }+    /* pointing at /, advance to the next char */+    just_leaf += 1;

I can add something but it feels like an overkill. If the kerne changed the format, a lot of apps would break.

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);+        if (found == true) {+            return true;+        }+    }+    return false;+}++bool sc_cgroup_v2_is_tracking_snap(const char *snap_instance) {+    debug("is cgroup tracking snap %s?", snap_instance);+    char tracking_group_name[PATH_MAX] = {0};+    sc_must_snprintf(tracking_group_name, sizeof tracking_group_name, "snap.%s.", snap_instance);++    char *own_group SC_CLEANUP(sc_cleanup_string) = sc_cgroup_v2_own_path_full();+    if (own_group == NULL) {+        die("cannot obtain own group path");+    }+    debug("own group: %s", own_group);

I dropped some of the debug lines, as the output was indeed to noisy

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);

tweaked

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);+        if (found == true) {+            return true;+        }+    }+    return false;+}++bool sc_cgroup_v2_is_tracking_snap(const char *snap_instance) {+    debug("is cgroup tracking snap %s?", snap_instance);+    char tracking_group_name[PATH_MAX] = {0};+    sc_must_snprintf(tracking_group_name, sizeof tracking_group_name, "snap.%s.", snap_instance);++    char *own_group SC_CLEANUP(sc_cleanup_string) = sc_cgroup_v2_own_path_full();+    if (own_group == NULL) {+        die("cannot obtain own group path");+    }+    debug("own group: %s", own_group);+    char *just_leaf = strrchr(own_group, '/');+    if (just_leaf == NULL) {+        die("cannot obtain the leaf group path");+    }+    /* pointing at /, advance to the next char */+    just_leaf += 1;+    debug("leap group: %s", just_leaf);++    // this would otherwise be inherently racy, but the caller is expected to+    // keep the snap instance lock, thus preventing new apps of that snap from+    // starting; not we can still return false positive if the currently running+    // process exits but we look at the hierarchy before systemd has cleaned up+    // the group++    bool found = false;+    debug("opening %s", cgroup_dir);+    DIR *root SC_CLEANUP(sc_cleanup_closedir) = opendir(cgroup_dir);+    if (root == NULL) {+        die("cannot open cgroup root dir");+    }+    found = traverse_looking_for_prefix_in_dir(root, tracking_group_name, just_leaf);

added

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);+        if (found == true) {+            return true;+        }+    }+    return false;+}++bool sc_cgroup_v2_is_tracking_snap(const char *snap_instance) {+    debug("is cgroup tracking snap %s?", snap_instance);+    char tracking_group_name[PATH_MAX] = {0};+    sc_must_snprintf(tracking_group_name, sizeof tracking_group_name, "snap.%s.", snap_instance);++    char *own_group SC_CLEANUP(sc_cleanup_string) = sc_cgroup_v2_own_path_full();+    if (own_group == NULL) {+        die("cannot obtain own group path");+    }+    debug("own group: %s", own_group);+    char *just_leaf = strrchr(own_group, '/');+    if (just_leaf == NULL) {+        die("cannot obtain the leaf group path");+    }+    /* pointing at /, advance to the next char */+    just_leaf += 1;+    debug("leap group: %s", just_leaf);++    // this would otherwise be inherently racy, but the caller is expected to+    // keep the snap instance lock, thus preventing new apps of that snap from+    // starting; not we can still return false positive if the currently running

was supposed to be 'note', fixed

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */+        DIR *entdir SC_CLEANUP(sc_cleanup_closedir) = fdopendir(entfd);+        if (entdir == NULL) {+            die("cannot fdopendir directory \"%s\"", ent->d_name);+        }+        debug("descend into %s", ent->d_name);+        int found = traverse_looking_for_prefix_in_dir(entdir, prefix, skip);+        if (found == true) {+            return true;+        }+    }+    return false;+}++bool sc_cgroup_v2_is_tracking_snap(const char *snap_instance) {+    debug("is cgroup tracking snap %s?", snap_instance);+    char tracking_group_name[PATH_MAX] = {0};+    sc_must_snprintf(tracking_group_name, sizeof tracking_group_name, "snap.%s.", snap_instance);++    char *own_group SC_CLEANUP(sc_cleanup_string) = sc_cgroup_v2_own_path_full();+    if (own_group == NULL) {+        die("cannot obtain own group path");+    }+    debug("own group: %s", own_group);+    char *just_leaf = strrchr(own_group, '/');+    if (just_leaf == NULL) {+        die("cannot obtain the leaf group path");+    }+    /* pointing at /, advance to the next char */+    just_leaf += 1;+    debug("leap group: %s", just_leaf);++    // this would otherwise be inherently racy, but the caller is expected to+    // keep the snap instance lock, thus preventing new apps of that snap from+    // starting; not we can still return false positive if the currently running+    // process exits but we look at the hierarchy before systemd has cleaned up+    // the group++    bool found = false;

tweaked

bboozzoo

comment created time in 12 hours

Pull request review commentsnapcore/snapd

cmd/snap-confine: make mount ns use check cgroup v2 compatible

 bool sc_cgroup_is_v2() {     }     return false; }++static bool traverse_looking_for_prefix_in_dir(DIR *root, const char *prefix, const char *skip) {+    while (true) {+        errno = 0;+        struct dirent *ent = readdir(root);+        if (ent == NULL) {+            if (errno != 0) {+                die("cannot read directory entry");+            }+            break;+        }+        if (ent->d_type != DT_DIR) {+            continue;+        }+        if (sc_streq(ent->d_name, "..") || sc_streq(ent->d_name, ".")) {+            /* we don't want to go up or process the current directory again */+            continue;+        }+        if (sc_streq(ent->d_name, skip)) {+            continue;+        }+        if (sc_startswith(ent->d_name, prefix)) {+            debug("found matching prefix in \"%s\"", ent->d_name);+            /* the directory starts with our prefix */+            return true;+        }+        int entfd = openat(dirfd(root), ent->d_name, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);+        if (entfd == -1) {+            die("cannot open directory entry \"%s\"", ent->d_name);+        }+        debug("got directory fd: %d", entfd);+        /* takes ownership o the file descriptor? */

fixed

bboozzoo

comment created time in 12 hours