snapd

~mvo/snapd/+git/snapd-mvo:apparmor-mp1061

  1. Git
  2. lp:~mvo/snapd/+git/snapd-mvo
  3. apparmor-mp1061
Last commit made on 2023-07-13
Get this branch:
git clone -b apparmor-mp1061 https://git.launchpad.net/~mvo/snapd/+git/snapd-mvo

Branch merges

Branch information

Name:
apparmor-mp1061
Repository:
lp:~mvo/snapd/+git/snapd-mvo

Recent commits

ff16d96... by Michael Vogt

snapcraft.yaml: pull in apparmor optimization patches from Alfonso

The added apparmor patch `parser: replace dynamic_cast with is_type
method` will speed up profile generation by 30%.

85cdda5... by Aristo Chen

interfaces/opengl: add support for ARM Mali

Signed-off-by: Aristo Chen <email address hidden>

d8f6ff3... by Sergio Cazzolato

tests: fix security-seccomp test by skip using the apparmor parser with cache (#12893)

The test is failing sporadically in uc18. The error seems to be related
to the apparmor_parser which is generating incorrect definitions. This
error seems to be caused because of cached profiles.

e873fab... by Michael Vogt

interfaces: update comments about `no-expr-simplify`

This commit is a followup for the comments in the review for
PR#12918 [1]. As snapd is no longer using `no-expr-simplify`
all reference in the code got updated.

The `AddParametricSnippet()` that was originally introduced to
avoid exponential memory growth with the parser is still useful
and needed because the measurements in PR#12943 show that
multiple lines with overlaping patterns will slow down the
apparmor_parser when running with default `expr-simplify`.

The comments are updated accordingly in this commit.

[1] https://github.com/snapcore/snapd/pull/12918#pullrequestreview-1499831667

5379e2c... by Philip Meulengracht

o/state: clarify why we are s.reading()

As we are not changing state that goes to disk, but we want serialized access we use s.reading() and not s.writing()

d4b64e9... by Philip Meulengracht

o/state: support for task+change status events

Implement support for subscribing to task and change status events.

18f82a8... by Michael Vogt

advisor: add a small unittest

Now that we have the codecov metrics back I noticed that the
advisor/backend.go code has no tests for the rollback functionality.

This commit adds a simple testcase.

cb63090... by Michael Vogt

interface: partly revert network-control apparmor change (ee7e554)

This commit reverts the commenting out of the rule:
```
mount options=(rw, rslave) /,
```
This was broken in apparmor 3.1.4 but got fixed in 3.1.5.

2bef6c5... by Michael Vogt

go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948

7ba95e3... by Sergio Cazzolato

tests: speed up the prepare phase through a new tool to manage initial snapd env (#12707)

* New tool to manage initial env in spread tests

This is used to know in spread tests the initial value for the vars and
be able to repeat not needed steps

* test fixed

* Minor fixes con docs and env var removed

* improve tests.env tool