~mvo/snapd/+git/snapd-mvo:devmode-device-cgroup-fix

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

358473d... by Michael Vogt on 2019-07-24

snap-confine: do not init device cgroup if we are in "devmode"

Interfaces that use the device cgroup are currently not usable
in devmode because we do initialize the device cgroup in
snap-confine regardless if the snap is in devmode or not.

This PR fixes it by checking if the snap is in devmode. As there
is no good way today this PR adds an indirect way to detect
devmode by looking at the seccomp profile. In the future we
probably want to revisit this.

867120e... by "John R. Lenton" <email address hidden> on 2019-07-24

Merge pull request #7150 from zyga/tweak/mount-ns-manual

tests: switch mount-ns test to manual

26cd45b... by Zygmunt Krynicki on 2019-07-24

tests: switch mount-ns test to manual

The test captures too much broken tests. We should iterate, off-master,
to address the leaky tests, before re-enabling this one.

Signed-off-by: Zygmunt Krynicki <email address hidden>

e8964ef... by Michael Vogt on 2019-07-23

Merge pull request #7132 from pedronis/separate-managers-startup

overlord,daemon,cmd/snapd: move expensive startup to dedicated StartUp methods

73d3800... by Zygmunt Krynicki on 2019-07-23

Merge pull request #6959 from jhenstridge/ensure-tree-state

osutil: add EnsureTreeState helper

7318362... by Zygmunt Krynicki on 2019-07-23

Merge pull request #7091 from zyga/feature/new-mount-ns-tests

tests: measure properties of various mount namespaces

06922ee... by Sergio Cazzolato on 2019-07-23

Merge pull request #7121 from sergiocazzolato/tests-extend-to-core-18-part2

tests: part2 making tests work on ubuntu-core-18

723d3b9... by Samuele Pedroni on 2019-07-23

interfaces/policy: minimal policy check for replacing sanitizeReservedFor helpers (1/2)

Add InstallCandidateMinimalCheck to policy checks. The check will be activated for snap installation when snap is installed with --dangerous flag and it's aim is to check slot snap type restrictions only. It doesn't check plugs or slot attributes and doesn't return the default policy decision from base declaration (i.e. deny-installation: true) which would effectively prevent --dangerous. This policy check is meant to replace existing sanitizeSlotReservedFor* helpers and therefore is semantically an equivalent of these helpers.

This new policy check is not yet active in this PR, it will get enabled in a followup together with the removal of sanitizeSlotReservedFor.. helpers.

b214f5b... by James Henstridge on 2019-07-23

osutil: update comment as requested in review.

1fdb97f... by Michael Vogt on 2019-07-23

ifacestate: merge InterfaceManager.initialize into InterfaceManager.StartUp