snappy:release/2.30

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

1da1e65... by Maciej Borzecki on 2018-01-03

tests/main/classic-confinement: enable the test on Fedora

The snap-exec failure has been addressed with
563795fd8d628c64da4019aee3f5c6a845eb0fe7. We can reenable the test for Fedora
now.

Signed-off-by: Maciej Borzecki <email address hidden>

e5b3564... by Maciej Borzecki on 2018-01-03

cmd/snap: use distro snap-exec when running under classic confinement

We have used a hardcoded path to snap-exec pointing to 'core'
libexec (/usr/lib/snapd) directory. Subsequently we tried to run snap-exec from
that location through snap-confine. When classic confinement is in effect,
snap-confine does not set up a mount namespace where the 'core' snap is a
rootfs, thus we are running off the distro's root filesystem. In such case, the
path to snap-exec may or may not be valid, depending on whether the distro's
libexec directory coincides with the path from 'core'. The assumption would be
invalid on distributions where libexec is under a different path, eg. Fedora
where snapd's libexecdir is /usr/libexec/snapd.

Fix the issue by using snap-exec from distro specific libexec directory when
running under classic confinement. Should 'snap' be reexeced from the 'core'
snap, use the 'core' snap version of snap-exec too.

Partially addresses: https://bugs.launchpad.net/snapd/+bug/1736939

Signed-off-by: Maciej Borzecki <email address hidden>

fbfee0e... by Maciej Borzecki on 2018-01-16

dirs: check if distro 'is like' fedora when picking path to libexecdir

The original bug report [1] comes from Korora, a Fedora derivative. Address it
by checking if distro 'is like' fedora rather than using a hardcoded list of
options. Both RHEL and CentOS list ID_LIKE="..fedora.." in their /etc/os-release
files. Korora, being a derivative also has ID_LIKE="fedora".

[1]. https://bugs.launchpad.net/snappy/+bug/1743301

Signed-off-by: Maciej Borzecki <email address hidden>

f77a084... by Sergio Cazzolato on 2017-12-07

Add support on tests for cm3 gadget

57a9c3b... by Maciej Borzecki on 2017-12-18

data/selinux: add policykit_dbus_chat()

Add an optional policy to allow policykit_dbus_chat(). Enables sending to and
receiving messages from policykit.

Signed-off-by: Maciej Borzecki <email address hidden>

bbb4e66... by Maciej Borzecki on 2017-12-18

data/selinux: bump policy version to 0.0.13

Signed-off-by: Maciej Borzecki <email address hidden>

ebe68cc... by Maciej Borzecki on 2017-12-15

data/selinux: allow messages from policykit

snapd talks to polkitd over DBus and calls
org.freedesktop.PolicyKit1.Authority.CheckAuthorization() method. The default
SELinux policy prevents polkitd from sending a reply back to snapd.

Resolves: https://forum.snapcraft.io/t/selinux-blocking-snapd-since-update-on-fedora-27/3002

Quoting dbus-daemon manual (SELinux section):

  > First, any time a message is routed from one connection to another connection,
  > the bus daemon will check permissions with the security context of the first
  > connection as source, security context of the second connection as target,
  > object class "dbus" and requested permission "send_msg".

The change adds adjusts the policy to allow DBus messages (dbus send_msg) to be
sent from processes with type polkit_t (polkitd) to processes with type
snappy_t (snapd).

Signed-off-by: Maciej Borzecki <email address hidden>

5f5180e... by Maciej Borzecki on 2017-12-14

tests/main/searching: redirect stderr when not expecting any find results

Signed-off-by: Maciej Borzecki <email address hidden>

84cadc7... by Maciej Borzecki on 2017-12-14

tests/main/searching: handle changes in featured snaps list

When doing `snap find --section=..` do not make any assumptions about the list
of returned snaps. Use specific snap when checking if section list uses host's
architecture.

Signed-off-by: Maciej Borzecki <email address hidden>

64fa0b5... by Michael Vogt on 2017-12-18

releasing package snapd version 2.30