[03:13] <mup> Bug #1579268 opened: Mouse cursor is different inside graphical windows of snaps (snaps not using system theme) <Snappy:New> <snapd (Ubuntu):Triaged> <https://launchpad.net/bugs/1579268>
[10:56] <cprov> kyrofa: hey, re. expires TZ, it doesn't record timezones atm and is interpreted as utc.
[10:57] <cprov> kyrofa: and sorry I wasn't around yesterday.
[15:47] <kyrofa> cprov, no problem! Would it be possible to return UTC TZ?
[16:04] <cprov> kyrofa: yes, there is a general problem with timestamps in the API, some are naive (no tz info) and some are RFC3339 (appended 'Z'), we will have to clean this up
[16:04] <cprov> kyrofa: but for the time being, there is nothing blocking you parse them as UTC, right ?
[16:54] <ikey> hoping this means anything to anyone because it baffles me
[16:54] <ikey> Dec 23 16:52:00 ironhide audit[3513]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 pid=3513 comm="F12017" exe=2F72756E2F6D656469612F6269676469736B2F67616D65732F737465616D617070732F636F6D6D6F6E2F463120323031372F62696E2F463132303137 sig=31 arch=c000003e syscall=101 compat=0 ip=0x7f72201b4e72 code=0x0
[16:56] <ikey> it seems to be the thing breaking feral games
[16:58] <ikey> if im reading this right 101 is ioperm
[17:58] <ikey> snap run --shell linux-steam-integration
[17:58] <ikey> [1]    11726 invalid system call  snap run --shell linux-steam-integration
[17:58] <ikey> k thats janky.
[18:01] <ikey> i dont seem to be getting any apparmor denials or library errors yet under confinement feral games arent working
[18:01] <ikey> and i cant figure out why they break
[18:10] <mcphail> isn't 101 ptrace?
[18:15] <mcphail> https://github.com/torvalds/linux/blob/9c294ec08408ed90c0f2d994a7979366675e3734/arch/x86/entry/syscalls/syscall_64.tbl#L110 - for 64-bit, anyway
[18:32] <ikey> yeah
[18:32] <ikey> also chown is causing --shell to die
[18:32] <ikey> when it chowns .bash_history
[18:32] <ikey> and the error message seems consistent..
[18:32] <ikey> chown ufee1dead:ufee1dead lol
[18:32] <ikey> Bad system call
[18:32] <ikey> so i guess i just need to allow ptrace in the new interface..
[18:52] <kyrofa> cprov, I'm just leaving them naive for now, but if you promise me that assuming naive datetimesnamps from the store are UTC, then that's also easy
[18:52] <kyrofa> promise me that doing so is safe, I mean
[19:09] <ikey> i cant seem to make this dmesg go away whatever i do..
[19:14] <ikey> snappy-debug is apparently not portable either..
[19:24] <kyrofa> ikey, what are you seeing?
[19:25] <ikey> kyrofa, snappy-debug or my snap issue?
[19:25] <ikey> cuz my snap issue is https://forum.snapcraft.io/t/unable-to-use-ptrace-in-confinement/3297
[19:25] <kyrofa> ikey, both, haha
[19:25] <ikey> and my snappy-debug issue is it absolutely requires /var/log/syslog
[19:25] <ikey> solus doesn't use syslogd we just have journald
[19:26] <kyrofa> ikey, yeah, seccomp denials are totally different from apparmor ones
[19:26] <ikey> yeah this is alien territory to me
[19:26] <ikey> only just got used to doing apparmor rules
[19:26] <kyrofa> ikey, seccomp doesn't support logging if we use the ERRNO method, so we've chosen to use KILL for now while upstreaming the logging capability
[19:26] <ikey> ah ok
[19:27] <kyrofa> ikey, which means if you make a disallowed syscall, unlike apparmor which gives you a nice denial and sends you on your way, you're dead dead dead
[19:27] <ikey> right
[19:27] <ikey> and this is happening within the tree of a multiprocess app so it go boom
[19:28] <kyrofa> ikey, yep
[19:28] <ikey> ok looking at the bpf ptrace is definitely missing
[19:28] <kyrofa> Yeah probably need to add something there
[19:30] <ikey> i thought capability sys_ptrace would do that, guessing not
[19:31] <ikey> and i dont see any of the bpf explicitly setting ptrace on
[19:32] <kyrofa> Yeah, that I don't know
[19:33] <ikey> wonder if this is a kernel issue now.
[19:33]  * ikey tries a reboot
[19:40] <ikey> aha
[19:40] <ikey> i manually recompiled the bpf and added ptrace to it
[19:40] <ikey> and that was enough to make it "work"
[19:41] <kyrofa> Nice! Though I'm sure there are security ramifications there
[19:42] <ikey> yeah we'll need to add some initial deny ptrace lines in apparmor profile and then some explicit allows
[19:44] <ikey> that way we wont be able to ptrace unrelated peers
[20:28] <ikey> boom: https://twitter.com/ufee1dead/status/944666111810965504
[20:38] <cprov> kyrofa: yup, assume utc for now
[21:16] <mcphail> ikey: love it
[21:29] <ikey> the browser interface is causing me some trouble by breaking my ptrace
[21:29] <ikey> as it has a deny all
[21:29] <ikey> and is inserted after my own rules..