From bf5062edc3ea58ef14fbb1e2f6f27ae523e2a422 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Tue, 1 Oct 2024 17:53:07 -0400 Subject: [PATCH] i/builtin: allow accessing real-time clock device nodes via symlinks --- interfaces/builtin/time_control.go | 3 +++ .../snaps/test-snapd-timedate-control-consumer/meta/snap.yaml | 3 +++ tests/main/interfaces-time-control/task.yaml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/interfaces/builtin/time_control.go b/interfaces/builtin/time_control.go index b7359bdd2c53..91f5cf69a88f 100644 --- a/interfaces/builtin/time_control.go +++ b/interfaces/builtin/time_control.go @@ -93,6 +93,9 @@ capability sys_time, /sys/class/rtc/*/ rw, /sys/class/rtc/*/** rw, +# Nodes in /sys/class/rtc could be symlinks under /sys/devices +/sys/devices/**/rtc/*/** rw, + # Allow access to pps # https://www.kernel.org/doc/html/latest/driver-api/pps.html /dev/pps[0-9]* rw, diff --git a/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml b/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml index 003a48dcf2f2..a9ce8907a55b 100644 --- a/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml +++ b/tests/lib/snaps/test-snapd-timedate-control-consumer/meta/snap.yaml @@ -19,3 +19,6 @@ apps: date: command: bin/date plugs: [time-control] + shell: + command: bin/sh + plugs: [time-control] diff --git a/tests/main/interfaces-time-control/task.yaml b/tests/main/interfaces-time-control/task.yaml index 7427b56d5673..671df3787a89 100644 --- a/tests/main/interfaces-time-control/task.yaml +++ b/tests/main/interfaces-time-control/task.yaml @@ -81,3 +81,6 @@ execute: | not test-snapd-timedate-control-consumer.date "$now" 2> call.error # EPERM because date gets blocked by the seccomp profile MATCH "cannot set date: Operation not permitted" < call.error + + # make sure that we can access the files in /sys/class/rtc + test-snapd-timedate-control-consumer.shell -c "cat /sys/class/rtc/rtc0/wakealarm"