i/builtin: allow accessing real-time clock device nodes via symlinks

canonical · Oct 1, 2024 · bf5062e · bf5062e
1 parent 0a99a8d
commit bf5062e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/interfaces/builtin/time_control.go b/interfaces/builtin/time_control.go
@@ -93,6 +93,9 @@ capability sys_time,
 /sys/class/rtc/*/ rw,
 /sys/class/rtc/*/** rw,
 
+# Nodes in /sys/class/rtc could be symlinks under /sys/devices
+/sys/devices/**/rtc/*/** rw,
+
 # Allow access to pps
 # https://www.kernel.org/doc/html/latest/driver-api/pps.html
 /dev/pps[0-9]* rw,

diff --git a/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml b/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml
@@ -19,3 +19,6 @@ apps:
  date:
  command: bin/date
  plugs: [time-control]
+ shell:
+ command: bin/sh
+ plugs: [time-control]
diff --git a/tests/main/interfaces-time-control/task.yaml b/tests/main/interfaces-time-control/task.yaml
@@ -81,3 +81,6 @@ execute: |
  not test-snapd-timedate-control-consumer.date "$now" 2> call.error
  # EPERM because date gets blocked by the seccomp profile
  MATCH "cannot set date: Operation not permitted" < call.error
+
+ # make sure that we can access the files in /sys/class/rtc
+ test-snapd-timedate-control-consumer.shell -c "cat /sys/class/rtc/rtc0/wakealarm"