snapd

~mvo/snapd/+git/snapd-mvo:release-2.40.pre1

  1. Git
  2. lp:~mvo/snapd/+git/snapd-mvo
  3. release-2.40.pre1
Last commit made on 2019-07-02
Get this branch:
git clone -b release-2.40.pre1 https://git.launchpad.net/~mvo/snapd/+git/snapd-mvo

Branch merges

Branch information

Name:
release-2.40.pre1
Repository:
lp:~mvo/snapd/+git/snapd-mvo

Recent commits

c84a4ae... by Michael Vogt

packaging: release 2.40~pre1

62bd1cd... by Michael Vogt

Merge pull request #7049 from zyga/tweak/udev-before-pivot

cmd/snap-confine: handle device cgroup before pivot

7c40873... by Michael Vogt

Merge pull request #7051 from zyga/fix/snapd-apparmor-service-no-profiles

cmd/snap-apparmor-service: quit if there are no profiles

5c70dd4... by "John R. Lenton" <email address hidden>

Merge pull request #7025 from chipaca/download-basename

cmd/snap, image: add --target-directory and --basename to 'snap download'

c9cb9e3... by John Lenton

cmd/snap, tests/main/snap-download: --target-directory in full

Also some doc tweaks. Thanks to @pedronis for the suggestions.

1d30f04... by "John R. Lenton" <email address hidden>

Merge pull request #6695 from ymauray/jack_interface

interfaces: add jack1 implicit classic interface

0ff4175... by John Lenton

tests/main/snap-download: cover the new features in spread also

b473e5c... by Zygmunt Krynicki

cmd/snap-confine: allow opening libtinfo.so

When snap-confine runs snap-device-helper it now does so in the initial
host mount namespace. On openSUSE the shell is linked with libtinfo and
we get a denial, like this:

    type=AVC msg=audit(1561974565.075:360): apparmor="DENIED"
    operation="open" profile="/usr/lib/snapd/snap-confine"
    name="/lib64/libtinfo.so.6.1" pid=7732 comm="snap-device-hel"
    requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This patch fixes that by allowing this library to be loaded. As an
alternative that was considered but discarded, udev could run before
apparmor is loaded. I think we will re-visit this once cgroup v2 work
forces changes to snap-device-helper and associated code.

Signed-off-by: Zygmunt Krynicki <email address hidden>

a18187e... by Michael Vogt

Merge pull request #7047 from jdstrand/remove-unused-getresuid

cmd/snap-confine: remove newly unneeded getresuid() local assignments

1832205... by Michael Vogt

Merge pull request #7019 from jdstrand/policy-updates-xli

interfaces: miscellaneous policy updates