Skip to content

data/selinux/snappy: allow connecting to squid proxy #16375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bboozzoo wants to merge 1 commit into
base: master
Choose a base branch
from
Open

data/selinux/snappy: allow connecting to squid proxy #16375

bboozzoo wants to merge 1 commit into from

Conversation

@bboozzoo
Copy link
Contributor

@bboozzoo bboozzoo commented Dec 16, 2025

We already allow connecting to generic HTTP proxies (classified as http_cache_port_t). Extend the policy to allow connecting to squid proxies (squid_port_t), in case someone is using them (like we do in tests running in PS7).

Thanks for helping us make a better snapd!
Have you signed the license agreement and read the contribution guide?

@bboozzoo
data/selinux/snappy: allow connecting to squid proxy
cc3dba8 
We already allow connecting to generic HTTP proxies (classified as
http_cache_port_t). Extend the policy to allow connecting to squid
proxies (squid_port_t), in case someone is using them (like we do in
tests running in PS7).

Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
Copilot AI review requested due to automatic review settings December 16, 2025 11:47
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the SELinux policy for snapd to allow connecting to squid proxy servers in addition to the already supported generic HTTP proxies. This change is needed for test environments using squid proxies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link

codecov bot commented Dec 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.49%. Comparing base (d017aa5) to head (cc3dba8).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #16375      +/-   ##
==========================================
- Coverage   77.55%   77.49%   -0.07%     
==========================================
  Files        1329     1340      +11     
  Lines      182828   183046     +218     
  Branches     2438     2438              
==========================================
+ Hits       141791   141843      +52     
- Misses      32455    32611     +156     
- Partials     8582     8592      +10
Flag Coverage Δ
unittests 77.49% <ø> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

sergiocazzolato
sergiocazzolato approved these changes Dec 16, 2025
View reviewed changes
Copy link
Collaborator

@sergiocazzolato sergiocazzolato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@github-actions
Copy link

github-actions bot commented Dec 16, 2025
edited
Loading

Tue Dec 16 20:39:04 UTC 2025
The following results are from: https://github.com/canonical/snapd/actions/runs/20266845499

Failures:

Preparing:

  • openstack:opensuse-tumbleweed-selinux-64:null
  • openstack:opensuse-tumbleweed-selinux-64:null
  • openstack:opensuse-tumbleweed-selinux-64:null:lxd
  • openstack:opensuse-tumbleweed-selinux-64:null:destructive
  • openstack:opensuse-tumbleweed-64:null
  • openstack:opensuse-tumbleweed-64:null
  • openstack:opensuse-15.6-64:null:plain_plusdirs
  • openstack:opensuse-15.6-64:null
  • openstack:opensuse-15.6-64:null
  • openstack:opensuse-tumbleweed-selinux-64:null:parallel
  • openstack:opensuse-15.6-64:null:funky
  • openstack:opensuse-tumbleweed-64:null:lxd
  • openstack:opensuse-tumbleweed-64:null:destructive
  • openstack:opensuse-tumbleweed-64:null:funkyfunc
  • openstack-ps7:ubuntu-26.04-64:
  • openstack-ps7:ubuntu-26.04-64:

Executing:

  • openstack:centos-9-64:tests/main/auto-refresh-pre-download:restart
  • openstack:centos-9-64:tests/main/snap-debug-raa
  • openstack:centos-9-64:tests/main/auto-refresh-backoff
  • openstack:centos-9-64:tests/main/auto-refresh:regular
  • openstack:centos-9-64:tests/main/snap-refresh-hold
  • openstack:centos-9-64:tests/main/auto-refresh-gating-from-snap
  • openstack:centos-9-64:tests/main/auto-refresh-gating
  • openstack:centos-9-64:tests/main/refresh-app-awareness-notify
  • openstack:centos-9-64:tests/main/auto-refresh-pre-download:close_mid_restart
  • openstack:centos-9-64:tests/main/auto-refresh-pre-download:ignore
  • openstack:centos-9-64:tests/main/auto-refresh:parallel
  • openstack:centos-9-64:tests/main/auto-refresh-pre-download:close
  • openstack:centos-9-64:tests/main/auto-refresh-retry
  • openstack:debian-sid-64:tests/main/auto-refresh-pre-download:close_mid_restart
  • openstack:debian-sid-64:tests/main/snap-debug-raa
  • openstack:debian-sid-64:tests/main/auto-refresh-pre-download:restart
  • openstack:debian-sid-64:tests/main/auto-refresh:regular
  • openstack:debian-sid-64:tests/main/auto-refresh-pre-download:close
  • openstack:debian-sid-64:tests/main/refresh-app-awareness-notify
  • openstack:debian-sid-64:tests/main/auto-refresh:parallel
  • openstack:debian-sid-64:tests/main/interfaces-network-status-classic
  • openstack:debian-sid-64:tests/main/snap-refresh-hold
  • openstack:debian-sid-64:tests/main/auto-refresh-retry
  • openstack:debian-sid-64:tests/main/auto-refresh-gating
  • openstack:debian-sid-64:tests/main/auto-refresh-gating-from-snap
  • openstack:debian-sid-64:tests/main/auto-refresh-backoff
  • openstack:debian-sid-64:tests/main/auto-refresh-pre-download:ignore
  • openstack:fedora-41-64:tests/main/auto-refresh-gating-from-snap
  • openstack:fedora-41-64:tests/main/auto-refresh-pre-download:restart
  • openstack:fedora-41-64:tests/main/auto-refresh-gating
  • openstack:fedora-41-64:tests/main/auto-refresh-pre-download:close
  • openstack:fedora-41-64:tests/main/snap-refresh-hold
  • openstack:fedora-41-64:tests/main/refresh-app-awareness-notify
  • openstack:fedora-41-64:tests/main/auto-refresh:parallel
  • openstack:fedora-42-64:tests/main/auto-refresh-pre-download:close
  • openstack:fedora-42-64:tests/main/auto-refresh-backoff
  • openstack:fedora-41-64:tests/main/auto-refresh-pre-download:close_mid_restart
  • openstack:fedora-42-64:tests/main/auto-refresh-gating
  • openstack:fedora-42-64:tests/main/auto-refresh:regular
  • openstack:fedora-42-64:tests/main/auto-refresh-retry
  • openstack:fedora-42-64:tests/main/auto-refresh-pre-download:ignore
  • openstack:fedora-41-64:tests/main/auto-refresh-retry
  • openstack:fedora-42-64:tests/main/auto-refresh-pre-download:restart
  • openstack:fedora-42-64:tests/main/auto-refresh-pre-download:close_mid_restart
  • openstack:fedora-42-64:tests/main/snap-debug-raa
  • openstack:fedora-42-64:tests/main/snap-refresh-hold
  • openstack:fedora-41-64:tests/main/snap-debug-raa
  • openstack:fedora-42-64:tests/main/refresh-app-awareness-notify
  • openstack:fedora-42-64:tests/main/auto-refresh:parallel
  • openstack:fedora-41-64:tests/main/auto-refresh:regular
  • openstack:fedora-41-64:tests/main/auto-refresh-backoff
  • openstack:fedora-41-64:tests/main/auto-refresh-pre-download:ignore
  • openstack:fedora-42-64:tests/main/auto-refresh-gating-from-snap
  • openstack-ps7:ubuntu-26.04-64:tests/main/i18n
  • openstack-ps7:ubuntu-26.04-64:tests/main/upgrade-from-release

Restoring:

  • openstack:centos-9-64:tests/main/snap-debug-raa
  • openstack:centos-9-64:tests/main/refresh-app-awareness-notify
  • openstack:debian-sid-64:tests/main/snap-debug-raa
  • openstack:debian-sid-64:tests/main/refresh-app-awareness-notify
  • openstack:fedora-41-64:tests/main/refresh-app-awareness-notify
  • openstack:fedora-42-64:tests/main/snap-debug-raa
  • openstack:fedora-41-64:tests/main/snap-debug-raa
  • openstack:fedora-42-64:tests/main/refresh-app-awareness-notify
  • openstack:opensuse-15.6-64:null:plain_plusdirs
  • openstack:opensuse-15.6-64:null
  • openstack:opensuse-15.6-64:null:funky
  • openstack:opensuse-15.6-64:null
  • openstack-ps7:ubuntu-26.04-64:tests/main/

@bboozzoo bboozzoo added Auto rerun spread Auto reruns spread up to 4 times in non-draft PRs w/ >=1 approval and <20 fails in any fund. system cross-distro Runs all spread systems in parallel labels Dec 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sergiocazzolato sergiocazzolato sergiocazzolato approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Auto rerun spread Auto reruns spread up to 4 times in non-draft PRs w/ >=1 approval and <20 fails in any fund. system cross-distro Runs all spread systems in parallel

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bboozzoo @sergiocazzolato