~ondrak/ondras-snaps/+git/snapd:socket-validation-fix

Last commit made on 2019-05-23
Get this branch:
git clone -b socket-validation-fix https://git.launchpad.net/~ondrak/ondras-snaps/+git/snapd

Branch merges

Branch information

Name:
socket-validation-fix
Repository:
lp:~ondrak/ondras-snaps/+git/snapd

Recent commits

87e4807... by Ondrej Kubik on 2019-05-22

tests: lib: snaps: socket-activation: update test snap with XDG_RUNTIME_DIR socket path

Update socket-activation test snap with socket in XDG_RUNTIME_DIR and SNAP_DATA path

Signed-off-by: Ondrej Kubik <email address hidden>

df87b6e... by Ondrej Kubik on 2019-05-22

wrappers: services: add XDG_RUNTIME_DIR support to ListenStream generation

Expand XDG_RUNTIME_DIR if used for socket activated service

Signed-off-by: Ondrej Kubik <email address hidden>

960cb27... by Ondrej Kubik on 2019-01-04

snap: validate: allow sockets under $XDG_RUNTIME_DIR

XDG_RUNTIME_DIR (usually /run/user/<uid>/snap.$SNAP_INSTANCE_NAME/) is permited path for sockets to be created, this is at the moment blocked
when socket is defined as part of daemon configuration

Signed-off-by: Ondrej Kubik <email address hidden>

9b3be37... by Michael Vogt on 2019-05-22

Merge pull request #6886 from zyga/tweak/propagation-customary-none

cmd/snap-update-ns: use "none" for propagation changes

444ed77... by Zygmunt Krynicki on 2019-05-22

Merge pull request #6885 from zyga/tweak/unused-flag

cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND

38d81e5... by Zygmunt Krynicki on 2019-05-14

cmd/snap-update-ns: use "none" for propagation changes

This is a purely cosmetic change. When mount(1), the command line tool,
makes propagation changes it supplies "none" for the, entirely unused,
mount source argument. Make snap-update-ns provide the same argument.

Signed-off-by: Zygmunt Krynicki <email address hidden>

5a1bcba... by Zygmunt Krynicki on 2019-05-22

cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND

While making other changes I noticed that we have a code sequence
performing bind mount and switching it to slave propagation mode:

    sc_do_mount(SNAP_MOUNT_DIR, dst, NULL, MS_BIND | MS_REC | MS_SLAVE, NULL);
    sc_do_mount("none", dst, NULL, MS_REC | MS_SLAVE, NULL);

The first call, that establishes the bind mount, does not use the
MS_SLAVE flag in practice. The kernel cannot change propagation and
crate a bind mount at the same time. This is documented in mount(2).

As such, remove the MS_SLAVE flag from the first line.

Signed-off-by: Zygmunt Krynicki <email address hidden>

6118cf8... by Michael Vogt on 2019-05-21

Merge pull request #6870 from stolowski/snap-remove-purge

cmd/snap, api, snapstate: implement "snap remove --purge"

f3f47f7... by Paweł Stołowski on 2019-05-21

Adjust help message of --purge flag. Move RemoveFlags close to Remove function.

c736f71... by Paweł Stołowski on 2019-05-21

Minor tweaks (review comments).