8cb1194...
by
Paweł Stołowski
on 2020-07-03
Fix typo in changelogs.
7b216db...
by
Paweł Stołowski
on 2020-07-03
snap-confine: don't die if a device from sysfs path cannot be found by udev (#8939)
Don't die if a device from sysfs path cannot be found by udev. Handle error (major and minor set to 0) from udev_device_ get_devnum. Set up common sysfs devices without udev lookup.
Fixes LP: #1881209
798f203...
by
Maciej Borzecki
on 2020-05-26
data/selinux: update policy to allow forked processes to call getpw*()
When a process forked by snapd (eg. unsquashfs) calls getpw*() it may eventually
go through NSS. Depending on host configuration, it is possible that it will hit
nss-systemd and poke systemd- userdb. service. With current policy this triggers
the following denials:
type=AVC msg=audit(05/22/20 03:37:54.119:665) : avc: denied { read } for
pid=27932 comm=unsquashfs name=userdb dev="tmpfs"
ino=13308 scontext= system_ u:system_ r:snappy_ t:s0
tcontext= system_ u:object_ r:systemd_ userdbd_ runtime_ t:s0
tclass=dir permissive=1
type=AVC msg=audit(05/22/20 03:37:54.119:666) : avc: denied { write } for
pid=27932 comm=unsquashfs name=io. systemd. DynamicUser
dev=" tmpfs" ino=63792 scontext= system_ u:system_ r:snappy_ t:s0
tcontext= system_ u:object_ r:systemd_ userdbd_ runtime_ t:s0
tclass= sock_file permissive=1
type=AVC msg=audit(05/22/20 03:37:54.120:667) : avc: denied { sendto } for
pid=27932 comm=unsquashfs path=userdb- 0f2255de09b5cbb 97ed30ae81eda32 2e
scontext= system_ u:system_ r:snappy_ t:s0 tcontext= system_ u:system_ r:snappy_ t:s0
tclass= unix_dgram_ socket permissive=1
Update the policy to allow use of nss.
Signed-off-by: Maciej Borzecki <email address hidden>
a656ddd...
by
Maciej Borzecki
on 2020-06-08
tests/main/ interfaces- time-control: exercise setting time via date
Use date to set the time/date.
Signed-off-by: Maciej Borzecki <email address hidden>
7ddb97f...
by
Maciej Borzecki
on 2020-06-08
interfaces/ builtin/ time-control: allow POSIX clock API
Allow manipulating the clocks via POSIX clock APIs. This allows setting system
time via `date`, which calls `clock_settime` directly like so:
```
stat(..) = 0
clock_settime( CLOCK_REALTIME, {tv_sec=1591517520, tv_nsec=0}) = 0
fstat(..) = 0
```
Signed-off-by: Maciej Borzecki <email address hidden>
5114017...
by
Michael Vogt
on 2020-06-08
Merge pull request #8800 from jdstrand/ add-slack- whitelisted- scheme- 2.45
usersession/userd: add "slack" to the white list of URL schemes handled by xdg-open - 2.45
59589a2...
by
Michael Vogt
on 2020-06-05
releasing package snapd version 2.45.1
854a43f...
by
Michael Vogt
on 2020-06-05
Merge pull request #8820 from bboozzoo/ bboozzoo/ selinux- policy- tweaks- i-2.45
data/selinux: allow checking /var/cache/app-info (2.45)
2248b13...
by
Maciej Borzecki
on 2020-06-04
test-snapd- appstream- metadata: tweak the app name
Signed-off-by: Maciej Borzecki <email address hidden>
284901f...
by
Maciej Borzecki
on 2020-06-04
packaging/fedora: leave a comment on the specifics of make invocation in selinux policy
Signed-off-by: Maciej Borzecki <email address hidden>