snappy:feature/no-downgrade

Last commit made on 2021-02-15
Get this branch:
git clone -b feature/no-downgrade https://git.launchpad.net/snappy

Branch merges

Branch information

Name:
feature/no-downgrade
Repository:
lp:snappy

Recent commits

f853539... by Zygmunt Krynicki on 2021-02-15

interfaces: remove apparmor downgrade feature

Apparmor downgrade was automatically enabled when the running kernel
supported some, but not all of the features. Since the complete set was
never upstreamed, this effectively meant that users had less features
than they otherwise would have.

Since apparmor is still reported as "partial", nothing changes from the
point of view of not sending any misleading messages. For certain
classes of snap packages, this improves the effective confinement on
systems such as Debian or openSUSE Leap.

Perfect confinement is still way off, this doesn't change that.

Signed-off-by: Zygmunt Krynicki <email address hidden>

3173439... by Michael Vogt on 2021-02-15

Merge pull request #9934 from bboozzoo/bboozzoo/snapd-mk-disble-modules

packaging: disable Go modules in snapd.mk

c86b5ed... by Ian Johnson on 2021-02-15

Merge pull request #9909 from mvo5/snap-run-gdb-deprecate

snap: add deprecation noticed to "snap run --gdb"

Now that we promoted "snap run --gdbserver" the "snap run --gdb" option should be deprecated. We plan to not improve it and it needs to run as root, the program and gdb share a pty and it's overall not great. So let's mark it deprecated and point users to snap run --gdbserver instead.

4a111ca... by Maciej Borzecki on 2021-02-15

packaging: disable Go modules in snapd.mk

The snapd.mk is a packaging helper that is currently used by openSUSE only. Once
Go 1.16, which defaults to expecting modules, lands and becomes default in
Tumbleweed, snapd builds will fail. Make sure to disable the modules
functionality before that happens.

Signed-off-by: Maciej Borzecki <email address hidden>

cc398c1... by Michael Vogt on 2021-02-15

Merge pull request #9268 from jhenstridge/daemon-theme-api

daemon: add API for checking and installing available theme snaps

b59f0dc... by Sergio Cazzolato on 2021-02-15

tests: using labeler action to add automatically a label to run nested tests

* Using labeler action to add automatically a label when nested tests need a run

The idea is to add the "Run nested" label automatically in case either
the nested lib or any nested test changed.

f616a28... by Michael Vogt on 2021-02-15

Merge pull request #9899 from mvo5/kernel-dtb-refs-2.13

gadget: improve error handling around resolving content sources

fafbca2... by Michael Vogt on 2021-02-15

Merge pull request #9931 from pedronis/asserts-deeper-authority-x-check

asserts: repeat the authority cross-check in CheckSignature as well

2c72306... by Michael Vogt on 2021-02-15

Merge remote-tracking branch 'upstream/master' into snap-run-gdb-deprecate

da8011a... by Ian Johnson on 2021-02-13

Merge pull request #9702 from anonymouse64/feature/copy_file_range-seccomp-default

interfaces/seccomp/template.go: allow copy_file_range

This was recently introduced as an optimization to Go 1.15, and so apps that
start compiling may start to try and use it.

Note that Go 1.15 does currently fall back to using other methods if copy_file_range
returns EPERM so that apps that get denied usage of copy_file_range will fallback
to potentially slower implementations. (originally upon Go 1.15 release there
was not a fallback implementation and the app would just crash returning a non-nil
error up the stack).

See golang/go#40893 and
https://go-review.googlesource.com/c/go/+/249257/ for more details on the Go
issue and the fallback implementation.

There are also some instances of Node.JS using this too with the libuv library, see
fs.copyfile() and a corresponding forum topic for more details:
https://forum.snapcraft.io/t/snap-no-longer-has-write-permission/22686