Merge ~sylvain-pineau/checkbox-ng:fix-CVE-2021-44731 into checkbox-ng:master
Proposed by
Sylvain Pineau
Status: | Merged |
---|---|
Approved by: | Sylvain Pineau |
Approved revision: | 96116055eba4336b8f6370982b14e6b688a0fa0c |
Merged at revision: | 1941bac47541c5b6b052be64cc8a4b5ddfc11ab1 |
Proposed branch: | ~sylvain-pineau/checkbox-ng:fix-CVE-2021-44731 |
Merge into: | checkbox-ng:master |
Diff against target: |
38 lines (+10/-10) 1 file modified
plainbox/impl/session/restart.py (+10/-10) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Sylvain Pineau (community) | Approve | ||
Review via email:
|
Description of the change
CVE-2021-44731 adjustments in checkbox.
The systemd service unit responsible to start the `checkbox-cli service` command now runs outside confinement but still provide SNAP and SNAP_DATA env var.
The logic to establish which restart strategy to adopt must change. the deb restart strategy must be evaluated first since the new service unit will be named as for debs.
Doing so will prevent the use of the on_ubuntucore() method (which selects a strategy assuming a real snap runtime).
To post a comment you must log in.
self-approved