[SRU] cannot execute 'netplan generate' from within a snap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Confirmed
|
Medium
|
Unassigned | ||
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
This netplan SRU contains a backport of the io.netplan.
[Test Plan]
The following development and SRU process was followed:
https:/
Netplan contains an extensive integration test suite that is ran using
the SRU package for each release. This test suite's results are available here:
http://
A successful run is required before the proposed netplan.io package
can be let into -updates.
In addition to the autopkgtests, we want to make sure that a YAML config is (re-)generated when calling the io.netplan.
root@bb:~# cat /run/systemd/
root@bb:~# vim /etc/netplan/
root@bb:~# busctl call io.netplan.Netplan /io/netplan/Netplan io.netplan.Netplan Generate
b true
root@bb:~# cat /run/systemd/
The netplan team will be in charge of attaching the artifacts and console
output of the appropriate run to the bug. Netplan team members will not
mark ‘verification-done’ until this has happened.
[Where problems could occur]
This SRU is only adding auxiliary functionality and not modifying the netplan core at all, so the impact is expected to be pretty small – if at all.
Netplan being a core package it could impact the whole networking stack of the operating system up to the point where servers would not be reachable anymore after a reboot, due to broken network config being generated by netplan at bootup. In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug:
PPA pre-testing:
https:/
Bionic:
https:/
https:/
https:/
https:/
https:/
https:/
[Other Info]
The integration test logs will be attached to this bug, once the package has been accepted into -proposed and the tests have been executed on the real infrastructure.
This change will land in Hirsute and Focal via the netplan.io 0.103 upgrade SRU (LP: #1938920)
[Changelog]
* d/p/0006-
Implement the io.netplan.
'generate' from within a snap (LP: #1926442)
* Update debian/gbp.conf
=== Original description ===
A snap, connected to the 'network-
A call to '/usr/sbin/netplan generate' fails with apparmor errors like this:
[ 529.034756] audit: type=1400 audit(161961188
Apr 28 12:13:55 foobar network-
It looks like the Python wrapper for netplan (in /usr/sbin/netplan) is whitelisted, but the actual netplan generator (in /usr/lib/
Changed in snappy: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in netplan.io (Ubuntu Groovy): | |
status: | New → Won't Fix |
Changed in netplan.io (Ubuntu Impish): | |
status: | In Progress → Fix Released |
description: | updated |
description: | updated |
Changed in netplan.io (Ubuntu Hirsute): | |
status: | New → Fix Committed |
Changed in netplan.io (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in netplan.io (Ubuntu Hirsute): | |
status: | Fix Committed → Fix Released |
Changed in netplan.io (Ubuntu Focal): | |
status: | Fix Committed → Fix Released |
affects: | snappy → snapd |
there is no direct access to the command, only the dbus service is allowed for security reasons, you can call:
dbus-send --system \ method_ call \ io.netplan. Netplan \ netplan/ Netplan io.netplan. Netplan. Apply
--type=
--print-reply \
--dest=
/io/
when the network- setup-control interface is connected ...
https:/ /github. com/ogra1/ config- snap/blob/ master/ snap/hooks/ connect- plug-network- setup-control
is a working example ...