~snappy-dev/snapd/+git/snapd-pawel:preseed-test-fix-backport

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

df7ff5e... by Paweł Stołowski on 2020-06-01

Disable part of the nfs-support test that checks udp proto on debian-sid as it is not supported anymore and prints the following error:
mount.nfs: an incorrect mount option was specified
(this is caused by proto=udp part of "mount -t nfs localhost:/home /home -o nfsvers=3,proto=udp").

46c3898... by Paweł Stołowski on 2020-07-06

Backport other test preseed changes from master.

4fb955f... by Paweł Stołowski on 2020-07-06

Updated preseed-reset task.

a1c64e5... by Paweł Stołowski on 2020-07-06

Backport preseed test changes from master.

a201da0... by Michael Vogt on 2020-07-06

Merge pull request #8976 from stolowski/snap-confine-dev-add-dont-die-245

snap-confine: don't die if a device from sysfs path cannot be found by udev (2.45)

8cb1194... by Paweł Stołowski on 2020-07-03

Fix typo in changelogs.

7b216db... by Paweł Stołowski on 2020-07-03

snap-confine: don't die if a device from sysfs path cannot be found by udev (#8939)

Don't die if a device from sysfs path cannot be found by udev. Handle error (major and minor set to 0) from udev_device_get_devnum. Set up common sysfs devices without udev lookup.

Fixes LP: #1881209

798f203... by Maciej Borzecki on 2020-05-26

data/selinux: update policy to allow forked processes to call getpw*()

When a process forked by snapd (eg. unsquashfs) calls getpw*() it may eventually
go through NSS. Depending on host configuration, it is possible that it will hit
nss-systemd and poke systemd-userdb.service. With current policy this triggers
the following denials:

type=AVC msg=audit(05/22/20 03:37:54.119:665) : avc: denied { read } for
         pid=27932 comm=unsquashfs name=userdb dev="tmpfs"
         ino=13308 scontext=system_u:system_r:snappy_t:s0
         tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0
         tclass=dir permissive=1

type=AVC msg=audit(05/22/20 03:37:54.119:666) : avc: denied { write } for
         pid=27932 comm=unsquashfs name=io.systemd.DynamicUser
         dev="tmpfs" ino=63792 scontext=system_u:system_r:snappy_t:s0
         tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0
         tclass=sock_file permissive=1

type=AVC msg=audit(05/22/20 03:37:54.120:667) : avc: denied { sendto } for
         pid=27932 comm=unsquashfs path=userdb-0f2255de09b5cbb97ed30ae81eda322e
         scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:snappy_t:s0
         tclass=unix_dgram_socket permissive=1

Update the policy to allow use of nss.

Signed-off-by: Maciej Borzecki <email address hidden>

a656ddd... by Maciej Borzecki on 2020-06-08

tests/main/interfaces-time-control: exercise setting time via date

Use date to set the time/date.

Signed-off-by: Maciej Borzecki <email address hidden>

7ddb97f... by Maciej Borzecki on 2020-06-08

interfaces/builtin/time-control: allow POSIX clock API

Allow manipulating the clocks via POSIX clock APIs. This allows setting system
time via `date`, which calls `clock_settime` directly like so:

```
stat(..) = 0
clock_settime(CLOCK_REALTIME, {tv_sec=1591517520, tv_nsec=0}) = 0
fstat(..) = 0
```

Signed-off-by: Maciej Borzecki <email address hidden>