~rcj/livecd-rootfs/+git/livecd-rootfs:feature/snap-preseed

Last commit made on 2020-07-18
Get this branch:
git clone -b feature/snap-preseed https://git.launchpad.net/~rcj/livecd-rootfs/+git/livecd-rootfs
Only Robert C Jennings can upload to this branch. If you are Robert C Jennings please log in for upload directions.

Branch merges

Branch information

Name:
feature/snap-preseed
Repository:
lp:~rcj/livecd-rootfs/+git/livecd-rootfs

Recent commits

84397b5... by Robert C Jennings on 2020-07-18

Avoid rbind /sys for chroot snap pre-seeding (cgroups fail to unmount)

Builds in LP with the Xenial kernel were happy with the recursive mount of
/sys inside the chroot while performing snap-preseeding but autopkgtests
with the groovy kernel failed. With the groovy kernel the build was
unable to unmount sys/kernel/slab/*/cgroup/* (Operation not permitted).

This patch mounts /sys and /sys/kernel/security in the chroot in the
same way we've added for binary hooks. This provides the paths under
/sys needed for snap-preseed while avoiding issues unmounting other
paths.

b22d7dc... by Dimitri John Ledkov on 2020-07-18

releasing package livecd-rootfs version 2.676

b14f79c... by Dimitri John Ledkov on 2020-07-17

apparmor: compile all profiles

31861fd... by Dimitri John Ledkov on 2020-07-17

seccomp: mount more up-to-date seccomp features

bc4d32a... by Dimitri John Ledkov on 2020-07-17

seccomp: add more up-to-date seccomp actions

a14a31b... by Dimitri John Ledkov on 2020-07-17

apparmor: mount more up-to-date apparmor features in the chroot.

37be000... by Dimitri John Ledkov on 2020-07-17

apparmor: Add generic v5.4 kernel apparmor features

3694cf3... by Dimitri John Ledkov on 2020-07-17

releasing package livecd-rootfs version 2.675

6e6ab16... by Dimitri John Ledkov on 2020-07-17

live-server: remove duplicate snaps, due to overlayfs vs snap-preseed.

1ca11c9... by Robert C Jennings on 2020-07-15

Apply snap-preseed optimizations after seeding snaps

The snap-preseed command can do a number of things during the build
that are currently performed at first boot (apparmor profiles, systemd
unit generation, etc). This patch adds a call to reset the seeding and
apply these optimizations when adding a seeded snap. As a prerequisite
to calling snap-preseed we need to make /dev/mem available as well as
mounts from the host to perform this work, so those are also added here.