interfaces,dirs: add ldconfig backend

[alfonsosanchezbeato]

This backend will expose libraries coming from snaps to either the
rootfs or to other snaps (currently supporting only the former).

[github-actions]

Mon Feb 3 14:25:56 UTC 2025
The following results are from: https://github.com/canonical/snapd/actions/runs/13077391096

Failures:

Preparing:

• openstack:debian-sid-64:tests/regression/

Executing:

• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-gating
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:restart
• openstack:opensuse-tumbleweed-64:tests/main/snap-refresh-hold
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-gating-from-snap
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-backoff
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-retry
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh:parallel
• openstack:opensuse-tumbleweed-64:tests/main/refresh-app-awareness-notify
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:close_mid_restart
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:close
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh:regular
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:ignore

Restoring:

• openstack:opensuse-tumbleweed-64:tests/main/refresh-app-awareness-notify

[Meulengracht]

This looks sensible to me, and clean. Thank you

[pedronis]

One main question.

Further usually interfaces decide to do different things depending if the slot is implicit (see the usage of the implicitSystemPermanent/ConnectedSlot helpers) but maybe here we want to do something at the backend level?

[pedronis]

nitpick: the style here seems to be /etc...

[alfonsosanchezbeato]

Changed

[pedronis]

I'm confused, specification are per snap app set but here we reuse the same file? won't multiple snap stomp on each ther?

[alfonsosanchezbeato]

I have changed this. However I started to re-think about this and I am not sure anymore, maybe I'm missing some piece. I created snapd.conf thinking of it as the only config file for the "system" (rootfs) snap (the implementation is not considering exporting libraries to snap yet). That is, the "snap app set" here is the rootfs. Afaiu any change in interfaces would trigger the call to Setup(), and having multiple files will help with knowing where libraries come from (this could still be done by adding comments in snapd.conf), but there is no other practical effect as the call to ldconfig will process all files in here.

My plan for the implementation for the snaps case, is to have also only one config file per snap, that will be seen in ld.so.conf.d/ but only for the mount namespace of the snap, that would be a mix of the contents of the app base and of these files generated by snapd (that will be found also in the rootfs in, maybe, /var/lib/snapd/ldconfig/).

[alfonsosanchezbeato]

@pedronis as discussed, I've looked with a bit more of detail into this and how it works now is

1. Tasks like "connect" and "setup-profiles" connect the interfaces. In a refresh case, the later does a set of operations (

   snapd/overlord/ifacestate/handlers.go

   Lines 244 to 253 in b85fde1

   	// The snap may have been updated so perform the following operation to
   	// ensure that we are always working on the correct state:
   	//
   	// - disconnect all connections to/from the given snap
   	// - remembering the snaps that were affected by this operation
   	// - remove the (old) snap from the interfaces repository
   	// - add the (new) snap to the interfaces repository
   	// - restore connections based on what is kept in the state
   	// - if a connection cannot be restored then remove it from the state
   	// - setup the security of all the affected snaps

   ) that in the end implies that repo.Connect is called for all connections in the state, filling the interfaces repo appropriately.
2. setupSecurityByBackend is then called in all these tasks, which calls interfaces.SetupMany for all backends of the affected snaps
3. When the backend's Setup is called it calls repo.SnapSpecification, which adds the connected plug for all connected slots to a plug, which covers the greedy plug case (

   snapd/interfaces/repo.go

   Lines 941 to 952 in b85fde1

   	// plug side
   	for _, plugInfo := range r.plugs[snapName] {
   	iface := r.ifaces[plugInfo.Interface]
   	if err := spec.AddPermanentPlug(iface, plugInfo); err != nil {
   	return nil, err
   	}
   	for _, conn := range r.plugSlots[plugInfo] {
   	if err := spec.AddConnectedPlug(iface, conn.Plug, conn.Slot); err != nil {
   	return nil, err
   	}
   	}
   	}

   ). This is symmetric to slots with multiple connections. Therefore the specification should contain the right information even on refreshing snaps due to step 1.

I think then that greedy plugs in principle work as expected, and the unit test that I have implemented for the ldconfig backend does similar things to what is done by the taks. I lean now more towards the option of having just one configuration file in /etc/ld.conf.so.d/ for hybrid, to avoid polluting too much that user-exposed folder. Inside it we could add comments to specify what parts come from a given snap/slot. Thoughts?

[pedronis]

So if I follow if we have a greedy plug on connected to many slot snaps <slot-snap1,2...>, when e.g. slot-snap2 refreshes:

• 1. will add to affected snaps
• When we construct SnapSpecification for 3. will call AddConnectedPlug for all the slots is connected to and not just the one for slot-snap2?

[alfonsosanchezbeato]

r.plugSlots is filled by calls to Repository.Connect. Afaiu in a refresh all connections are restored in the repository by InterfaceManager.reloadConnections() (

snapd/overlord/ifacestate/helpers.go

Line 472 in b85fde1

if _, err := m.repo.Connect(connRef, staticPlugAttrs, connState.DynamicPlugAttrs, staticSlotAttrs, connState.DynamicSlotAttrs, nil); err != nil {

).

So unless I got something wrong, the specification should contain information for all the connected slots, that is, for slot-snap1 and 2.

[pedronis]

Afaiu in a refresh all connections are restored in the repository by InterfaceManager.reloadConnections()

all connections for the given snap

I created the tests we were discussing:

#14985

the conclusion from there is that we should probably create a file per consumer side

[pedronis]

comment

[pedronis]

we can capture the contextual info on the spec in AddConnectedPlug, I would expect that's the place we want this to work from? then we should error or panic if it's called with the contextual info unse

[pedronis]

see something like setScope in the apparmor backend, though what we need here is simpler

[alfonsosanchezbeato]

Done now

[alfonsosanchezbeato]

@pedronis thanks, comments addressed now

[alfonsosanchezbeato]

Done now

[codecov]

Codecov Report

Attention: Patch coverage is 68.92655% with 55 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@6fa2df6). Learn more about missing BASE report.
Report is 59 commits behind head on master.

Files with missing lines	Patch %	Lines
interfaces/ldconfig/backend.go	68.88%	23 Missing and 5 partials ⚠️
interfaces/ifacetest/testiface.go	0.00%	20 Missing ⚠️
interfaces/ldconfig/spec.go	86.79%	6 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #14926   +/-   ##
=========================================
  Coverage          ?   78.22%           
=========================================
  Files             ?     1167           
  Lines             ?   154243           
  Branches          ?        0           
=========================================
  Hits              ?   120656           
  Misses            ?    26155           
  Partials          ?     7432           

Flag	Coverage Δ
unittests	78.22% <68.92%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pedronis]

based on what I found we want this to be based on the plug snap name I think. OTOH if the plug snap is snapd we could use a special name like snapd.conf or snap.system.conf ?

[alfonsosanchezbeato]

Changed as discussed, this is ready for review now

[alfonsosanchezbeato]

@Meulengracht I've re-asked you for review as there have been a few changes

[pedronis]

suggestion

[pedronis]

maybe we should use a struct:

type sourceSlot {
Snap string
Slot string
}

for the key? to avoid the string mangling?

[alfonsosanchezbeato]

Good point, done now

[pedronis]

thank you

this needs to be re-reviewed

[bboozzoo]

do we still care about "ubuntu-core" snap?

[alfonsosanchezbeato]

I've removed, thinking about this we already branched for UC16, so we do not need to care (we probably would not care even for UC16 nowadays).

[bboozzoo]

Suggested change

	// Add cakkback and register the interface
	// Add callback and register the interface

[bboozzoo]

we have some code in repo.go in guessSystemSnapName() which maybe could reuse the list.

[alfonsosanchezbeato]

Changed so at least both share the list of the names of the system snap

[bboozzoo]

Suggested change

	func IsTheSystemSnap(snapName string) bool {
	func IsSystemSnap(snapName string) bool {

[alfonsosanchezbeato]

I prefer to keep this, it makes clear that there can be only one system snap

[bboozzoo]

is "" for implicit plugs/slots? Aren't those always attached to either core or snapd?

[alfonsosanchezbeato]

I think so, yes, afaiu IsTheSystemSnap could be called with "".

[alfonsosanchezbeato]

@bboozzoo thanks for the review, I've addressed your comments now

[alfonsosanchezbeato]

I prefer to keep this, it makes clear that there can be only one system snap

[alfonsosanchezbeato]

I've removed, thinking about this we already branched for UC16, so we do not need to care (we probably would not care even for UC16 nowadays).

[alfonsosanchezbeato]

Changed so at least both share the list of the names of the system snap

[alfonsosanchezbeato]

I think so, yes, afaiu IsTheSystemSnap could be called with "".

[bboozzoo]

LGTM

[alfonsosanchezbeato]

@pedronis @bboozzoo I had to do some changes here as spread tests were failing - I was being naive on when Setup was being called, which is basically all the time for all backends for any interface change. So I had to make sure that the setup for ldconfig only happened for the system snap, and also minimize the calls to ldconfig, otherwise we try to touch files on UC that cannot be written. Please take a look at 2c7d844

needs re-review

[pedronis]

I think we want to be a bit more careful with the checks instead

[pedronis]

this change seems definitely wrong we probably need to do something else and move the check only if the interface has the definer no?

[Meulengracht]

Also in either case this definitely warrants a comment

[alfonsosanchezbeato]

Right, the check really needs to happen only for interfaces supporting ldconfig, I've changed this now and reverted to check for the plug here too.

[pedronis]

this might be ok for now but we probably want to instead change the rest of the code to work even if this is not here

[alfonsosanchezbeato]

With the change in the checks in the specification, this check is not needed anymore. But that is sort of by chance as the spec is empty, if it wasn't it would try to write in /etc/ld.so.conf.d/snap.system.conf for a snap that is not the system snap. So I think it is better to leave for the moment just to make clear we do not support normal snaps for the moment.

[pedronis]

but there two sides to things, you need to be abel to update things both when the system snap is update, but also when the providing snap with the slot which a kernel or something is updated, so I don't think we can really have this check

[alfonsosanchezbeato]

changed now

[Meulengracht]

Also this is a +1 from me if comments are resolved, but not approving since it's awaitings Samuele's approval and you already have maciejs

[alfonsosanchezbeato]

@pedronis @Meulengracht this is ready for another round now

[pedronis]

sorry, another question

[pedronis]

don't we need to do something here to remove the entries for a snap that had ldconfig providing slot?

[pedronis]

@alfonsosanchezbeato remarked that a slot side going away is taken care by this logic:

snapd/overlord/ifacestate/handlers.go

Lines 385 to 396 in 81fd929

	func (m *InterfaceManager) removeProfilesForSnap(task *state.Task, _ *tomb.Tomb, snapName string, tm timings.Measurer) error {
	// Disconnect the snap entirely.
	// This is required to remove the snap from the interface repository.
	// The returned list of affected snaps will need to have its security setup
	// to reflect the change.
	affectedSnaps, err := m.repo.DisconnectSnap(snapName)
	if err != nil {
	return err
	}
	if err := m.setupAffectedSnaps(task, snapName, affectedSnaps, tm); err != nil {
	return err
	}

as the plug side will be Setup

this will need a re-review

[pedronis]

thanks