/srv/irclogs.ubuntu.com/2019/10/14/#snappy.txt

mborzeckimorning05:15
zygamborzecki: good morning05:16
mborzeckizyga: hey05:16
zygamborzecki: election results, uuuuh05:17
mborzeckizyga: not a surprise really05:17
mvohey mborzecki and zyga05:18
mborzeckizyga: i'm happy sejm is more diversified, but wan's really expecting a significant power shift05:18
zygahey mvo05:18
zygamborzecki: did you see the new results this morning05:18
zygamborzecki: pis has almost 50 now05:18
mborzeckimvo: hey05:20
mborzeckizyga: those aren't final yet05:21
zygamborzecki: exactly :(05:21
mupPR core-build#57 opened: many: drop static files for "core" snap from the package <Created by mvo5> <https://github.com/snapcore/core-build/pull/57>05:43
mvomborzecki, zyga: can I get a review for this please? and for https://github.com/snapcore/core/pull/8305:44
mupPR core#83: move most of the ubuntu-core config deb into the snap snap build <Created by mvo5> <https://github.com/snapcore/core/pull/83>05:44
mborzeckimvo: can you take a quick look at https://github.com/snapcore/snapd/pull/7587 ?05:45
mvowithout one review from a team member I cannot merge05:45
mupPR #7587: spread: generate delta when using google backend <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7587>05:45
mvomborzecki: sure05:45
zygaI'll be around in 1505:47
mupPR core-build#48 closed: config: remove static files in etc,lib,usr,var <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/core-build/pull/48>05:50
zygamborzecki: is school cancelled for your kids as well?05:51
mupPR snapd#7587 closed: spread: generate delta when using google backend <Simple 😃> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/7587>05:56
mborzeckimvo: left some comments under https://github.com/snapcore/core/pull/8305:58
mupPR core#83: move most of the ubuntu-core config deb into the snap snap build <Created by mvo5> <https://github.com/snapcore/core/pull/83>05:58
mborzeckimvo: i suppose it was like this before too05:58
mvomborzecki: yeah, these files just move in this PR - happy to do a followup with fixes06:00
mborzeckimvo: +106:07
mvomborzecki: \o/06:07
mborzeckimvo: hm the travis job is red anyway06:11
mvomborzecki: yeah, I need to tweak the ppa:snappy-dev/image archive as right now the builds are fighting over which content is correct06:13
mvomborzecki: the coresponding one in core-build (57) is what is needed in the ppa to properly build06:14
mvomborzecki: if you could also please look at https://github.com/snapcore/core-build/pull/5706:50
mupPR core-build#57: many: drop static files for "core" snap from the package <Created by mvo5> <https://github.com/snapcore/core-build/pull/57>06:50
mvomborzecki: its the coresponding one for the one you reveiwed before06:50
mupPR core#83 closed: move most of the ubuntu-core config deb into the snap snap build <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/core/pull/83>06:50
zygaeoan woes :/06:53
zygamoving back to vm06:53
=== pstolowski|afk is now known as pstolowski
pstolowskimornings07:02
mvohey pstolowski07:03
zygahey pawel07:09
mupPR core-build#57 closed: many: drop static files for "core" snap from the package <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/core-build/pull/57>07:11
mupPR core#107 opened: extra-file: drop restorecon from sshd-host-keygen <Created by mvo5> <https://github.com/snapcore/core/pull/107>07:11
mborzeckipstolowski: hey07:13
mupPR core#108 opened: extra-files: add /var/home to make snaps work on some distros <Created by mvo5> <https://github.com/snapcore/core/pull/108>07:16
zygathanks for that07:16
mborzeckigot to run an errand, back in a bit07:17
mvozyga: my pleasure07:17
mupPR core18#141 opened: static: add /var/home to make snaps work on some distros <Created by mvo5> <https://github.com/snapcore/core18/pull/141>07:17
mupPR snapd#7594 opened: tests: replace "test-snapd-base-bare" with real "bare" base snap <Created by mvo5> <https://github.com/snapcore/snapd/pull/7594>07:42
mvozyga: also https://github.com/snapcore/bare-base/pull/1 (which I think mup is not monitoring yet)07:47
mupPR bare-base#1: Makefile: add /var/home to make snaps work on some distros #141 <Created by mvo5> <https://github.com/snapcore/bare-base/pull/1>07:47
mborzeckire07:55
zygaone sec08:01
zygahmm08:02
pstolowski:08:17
mborzeckimvo: can you take another look at https://github.com/snapcore/snapd/pull/7536 ? it's unclear to me whether we're still missing something there or not08:17
mupPR #7536: gadget: accept system-seed role and ubuntu-data label <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7536>08:17
mvomborzecki: in a meeting, but happy to do so later08:18
mborzeckimvo:  cool, thanks!08:18
Chipacazyga: http://whatthecommit.com/index.txt08:21
zygaChipaca: looking08:51
zygahello btw :)08:51
zygaChipaca: will you tell if I uses that :D ?08:51
zygabrb08:51
zygalet me get coffee08:51
Chipacacoffee sounds like a good idea08:55
zygaheh09:01
zygamy woes with eoan on suspend09:01
zygatranslate to same woes in vmware on suspend09:01
zyga(vmware suspends VMs to save power if asked to by asking the os to suspend)09:01
mupPR snapd#7595 opened: seed/seedwriter: support writing Core 20 seeds (aka recovery systems) <Created by pedronis> <https://github.com/snapcore/snapd/pull/7595>09:10
* zyga runs spread _and_ gets that coffee he wanted09:34
mborzeckido you guys think it's legit to poke snapd api when a snap service is being stoped?09:55
ondraChipaca I think I found another 20 seconds in first boot :009:56
ondraChipaca or more :)09:56
pstolowskiondra: hey, i'm working on pre-baking of firstboot stuff, with the plan to shave off those most expensive ops10:16
pstolowskipedronis: btw i saw your comment to Friday's standup notes, do you have a moment today to discuss?10:17
Chipacaondra: tell me more :-)10:23
ondrapstolowski sure10:24
Chipacapstolowski: ondra is finding things we can do that'll help current core16/18 though so as long as it's not disruptive it's good imho10:24
ondraChipaca reading logs, we are trying to refresh catalogue from store, at very early stage. I'd think this is operation do not need to do pre-seeding10:25
ondraChipaca it's so early in the boot, we have no network, so it keeps timing out.10:25
Chipacaondra: you're saying skipping that saves us 20+ seconds?10:26
ograyeah, snapd really shouldnt assume network ... we have many wlan equipped boards that first need wifi setup10:26
ondraChipaca in our case there will be never network a this stage ( wireless only net interface, image has no baked in AP credentials)10:26
ondraChipaca yep10:26
pstolowskiondra: funny you mention this as it's currently erroring/making noise in my pre-baking code (precisely because of no network in the chroot env) and i was about to look at what to do about it10:26
Chipacaondra: you can trick it to skipping that step fwiw10:27
ondraChipaca https://paste.ubuntu.com/p/73vXpjW3jf/10:27
ondrapstolowski Chipaca I'd argue that we have not even parsed seed.yaml, what do we actually need to refresh, or what do we expect to gain from it?10:28
ondraChipaca pstolowski https://paste.ubuntu.com/p/3f2ZPHrtmt/10:29
ondrathis shaved me 20 seconds and no noise10:29
Chipacaondra: if you drop in a snapd.service.d file with [Service] ExecStartPre=touch /var/cache/snapd/names, that should have it skip that catalog refresh10:29
ondrapstolowski Chipaca does it sounds like something we can assume?10:29
Chipacaondra: or that :-)10:30
Chipacaondra: but, if you do that, can you make seeded trigger a catalog refresh?10:30
ondraChipaca I was thinking to simply check if we are seeded, and if not, assume this is first boot10:30
ondraChipaca you mean to trigger refresh after it's seeded?10:31
Chipacaondra: that would mean no catalogues for the first day of the device10:31
Chipacaondra: yes, please10:31
Chipacaondra: it's called "refresh" but they don't exist before the first refresh succeeds10:31
ondraChipaca this is first shot, I'm sure this can be done better way10:31
Chipacaondra: fair enough10:32
ondraChipaca but are you sure it works this way? because this refresh cannot succeed for many reasons10:32
Chipacaondra: right, it failing means it tries again sooner10:32
ondraChipaca there are no snaps installed, so what is it actually refreshing? if this is brand store it should have no way to access store anyway10:33
ondraChipaca we only get serial assertion once seeded10:33
Chipacaondra: right but you're changing code that affects everybody :)10:33
ograpfft10:33
ograwho cares about the others10:33
ondraChipaca then let's make it way it works way we want :)10:33
ondraChipaca this was my first shot to see if I can use seeded as detection of first boot10:34
ondraChipaca now we need to decide what to do next, ideally I was thinking to schedule refresh in say 10 minutes or something10:34
ondraChipaca but I think you guys know first boot sequence way better than me, so you might have better idea10:35
ogradoes refresh uses deltas ? could we pre-seed it with data at build time so it only needs to do a delta update ?10:36
ondraI do not know if we even know at that point number of snaps we are about to seed, so we can guess delay10:36
ondraogra what refresh? this pings server before we have any snap installed10:36
ondraat that point, there zero snaps to check for refresh10:36
ograi thought it queies the store and fills a local db10:37
ogra*queries10:37
Chipacaogra: catalog refresh is not refresh10:38
Chipacaoh dear looks like i'm lagged10:38
ograah, ok10:38
ogra(just thinking about cutting down the amount of data to request and transfer to cut down time)10:38
ondraogra you want to refresh before you have even first version, ever heard "trying to run before you can walk"10:39
ondra:P10:39
Chipacaondra: so, what we want at some point is to move catalog-refresh to a task, and then trigger that task from the right places/times10:39
zygamvo: some packaging changes may be needed https://forum.snapcraft.io/t/stop-commands-and-snapd-package-cleanup/1368810:40
ondraChipaca that sounds good10:40
Chipacaondra: easy peasy :-p10:40
ograondra, no, i want to pre-fill a db and only apply a delta so you dont need the full db data10:40
ondraChipaca I'd do test boot to see refresh time, because we might trigger refresh when we get serial assertion10:41
ondraogra I think we do not get db delta, as we are only pulling assertions we care about and relevant to the system10:41
Chipacaondra: meanwhile your approach is a good step in the right direction. I'd suggest moving the check earlier, even, to where the CanAutoRefresh check is10:42
ondraogra but I might be wrong10:42
ograi'm probably tricked by the name "catalog-refresh" then :)10:42
ondraChipaca I was not brave to put it that early, you say it's safe, then indeed better place10:42
Chipacaondra: putting it super early means it gets to try again every ~5 minutes or so10:43
Chipacaondra: that's what we want :-)10:43
ondraChipaca ah yeah indeed that's good one10:43
Chipacathen once seeded it'll do the catalog refresh, and set the next catalog refresh time and back off10:44
ondraChipaca yep, it seems it triggered refresh once it got serial assertion, even with current change10:46
mvozyga: packaging change where exactly? in lxd? or snapd?10:47
ondraChipaca I just did fresh boot with change I had, so we have good trigger post seeding as well10:47
ondraChipaca OK I will update change based on your suggestion and prepare PR10:47
ondraChipaca we can then iterate there10:48
ondraChipaca thanks for help :)10:48
Chipacaondra: thank you!10:48
zygamvo: in snapd10:49
mborzeckizyga: mvo: yeah, the situation is puzzling10:55
mborzeckimaybe let's talk after/during standup?10:56
mborzeckii guess there's a reason why it's done in postrm and not prerm like other distros10:56
mvomborzecki: after sounds ok10:59
mupPR core18#141 closed: static: add /var/home to make snaps work on some distros <Created by mvo5> <Merged by sil2100> <https://github.com/snapcore/core18/pull/141>10:59
ograwow, there are distros using /var/home as default ? crazy !11:00
Chipacaogra: silverblue i think11:01
ogra(i used to do that on servers with /var being the data partition ... but would never have imagined a distro doing this by default)11:01
* pstolowski lunch11:31
mupPR snapd#7596 opened: Skip catalog refresh on unseeded system <Created by kubiko> <https://github.com/snapcore/snapd/pull/7596>11:35
ondraChipaca pstolowski https://github.com/snapcore/snapd/pull/759611:36
mupPR #7596: Skip catalog refresh on unseeded system <Created by kubiko> <https://github.com/snapcore/snapd/pull/7596>11:36
ondrapstolowski I also created this PR, to run assertion check in parallel https://github.com/snapcore/snapd/pull/759011:37
mupPR #7590: seed: seed16: run adding snaps in parallel <Needs Samuele review> <Created by kubiko> <https://github.com/snapcore/snapd/pull/7590>11:37
zygabrb11:45
zyga111:53
* zyga needs to leave the house and think11:56
zygaor work anywhere but here11:56
zygaI cannot stand the smell anymore (kitchen nearby)11:56
mupBug #1650738 changed: Scan network failure error after first reboot <Snappy:Fix Released> <https://launchpad.net/bugs/1650738>12:11
mupBug #1649840 changed: unknown keys in model assertion are silently ignored <Snappy:Won't Fix> <Ubuntu Image:Invalid by sil2100> <https://launchpad.net/bugs/1649840>12:14
mupBug #1651722 changed: Latest candidate snap breaks running snapcraft in classic snap <Snappy:Fix Released> <https://launchpad.net/bugs/1651722>12:14
abeatosil2100, hey, did you see my update to https://github.com/CanonicalLtd/ubuntu-image/pull/175 ?12:14
mupPR CanonicalLtd/ubuntu-image#175: Little kernel bootloader support <Created by alfonsosanchezbeato> <https://github.com/CanonicalLtd/ubuntu-image/pull/175>12:14
* Chipaca goes for a short walk12:20
=== ricab is now known as ricab|lunch
sil2100abeato: hey! Yes, let me look at that and action in a bit, I'm on the release sprint right now12:54
zygamvo: I'm on a slow network, I cannot join the standup with video today12:56
zyganot sure if audio will work, I'll do my best12:56
mvozyga: no worries12:57
abeatosil2100, cool, take you time, thanks13:00
zygaI cannot connect13:01
zygaEoan and modem manager :-/13:01
mupBug #1749538 changed: refresh time docs lacks the correct command <docs> <Snappy:Fix Released by morrisong> <https://launchpad.net/bugs/1749538>13:26
Chipacapedronis: wrt #1659153, I don't think there's a bug beyond the impedance mismatch (which could be alleviated by blocking private+name)13:32
mupBug #1659153: /v2/find with select=private has different behaviour for queries and name searches <Snappy:Confirmed> <https://launchpad.net/bugs/1659153>13:32
Chipacapedronis: OTOH I'm not sure what store bug you mean :-)13:33
Chipacapedronis: snap find --name hits the store's 'info' endpoint13:33
Chipacanot the search one13:33
mborzeckimvo: pedronis: ok, added a note in the forum about the prerm thung we agreed on13:39
mborzeckipedronis: can you take another look at claudio's PR https://github.com/snapcore/snapd/pull/7536 ? i'm not sure there's more to do there, and if we land it then i could start looking into https://github.com/snapcore/snapd/pull/759313:41
mupPR #7536: gadget: accept system-seed role and ubuntu-data label <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7536>13:41
mupPR #7593: recovery-tool: add sfdisk wrapper <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7593>13:41
pedronismborzecki: I'll try to look today or tomorrow morning at that PR13:47
mborzeckipedronis: great, thanks!13:47
=== ricab|lunch is now known as ricab
zygaI managed to somehow connect13:58
zygaat this rate I will run windows with WSL to get a machine that works :|13:59
* Chipaca sends zyga a raspberry pi14:02
mborzeckizyga: what's wrong with eoan?14:16
zygamborzecki: suspend resume kills my input14:16
zygamborzecki: then does something really odd to my modem14:16
zygaended up powering off14:16
zygaand then powering on14:16
zygathen I can connect14:17
zygareboot is not good enough14:17
zygagnome-shell connection menu gets very confused when this happens, so I really reboot out of a habit now14:17
mborzeckizyga: btw. i think i asked abut it already, is the input and modem connected via usb?14:18
zygamborzecki: I don't know14:19
zygamvo: packaging question: should /usr/bin/snap be a symbolic link to /usr/lib/snapd/snap?14:19
zygamvo: in our debian/ubuntu packages14:19
rbasakANy help with hacking on snapcraft please?14:20
zygamborzecki: I don't think the touchpad / trackpoint is using usb14:21
rbasakI'm trying to look at https://bugs.launchpad.net/snapcraft/+bug/1841861 but a day later I still haven't managed to figure out how to run snapcraft from the source tree :-/14:21
mupBug #1841861: Python plugins fails to build a snap when some parts depends on unpublished modules <Snapcraft:New> <https://launchpad.net/bugs/1841861>14:21
zygamborzecki: my knowledge ends at xinput that says:14:22
zygaSynPS/2 Synaptics TouchPad14:22
rbasaksnapcraft seems to have its own plugin discovery and it's a plugin I'm trying to modify14:22
zygaTPPS/2 IBM TrackPoint14:22
rbasakBut it's not using PYTHONPATH, and looking in the pip-installed area first.14:22
rbasak(having followed HACKING.md)14:22
zygakenvandine: ^ actually, do you know how to debug xinput things going away on suspend14:22
zygakenvandine: on my laptop suspend kills the trackpoint/touchpad until reboot14:23
rbasakAnd I'm about five levels deep in indirection trying to figure out how to get snapcraft to look in the source tree :-/14:23
mvozyga: maybe, whats the advantage of doing it?14:24
zygamvo: /usr/lib/snapd is enough to get all the new binaries14:25
zygamvo: IIRC we do something like that on core1814:25
mborzeckizyga: hmm same on x250, not listed in lsusb14:26
zygaanyway14:26
zygaback to work14:26
ijohnsonrbasak: I think the actual snapcraft devs such as cjp256 and sergiusens are off today, but also note that there is an additional channel for snapcraft specifically #snapcraft15:01
rbasakJoined, thanks!15:02
sil2100abeato: can we get https://snapcraft.io/docs/gadget-snap updated with the new names too?15:16
abeatosil2100, sure, let me edit15:16
abeatosil2100, ah, I thought that was the forum15:16
abeatosil2100, I don't know who needs to change that one15:17
sil2100Ah, the forum one too! I never know which one is the official one in the end15:18
mvopedronis: do you want to review 7593 or do you think a review from maciej and me will be enough?15:19
pedronismvo: I probably will not do a deep review, but I should look at it15:20
abeatosil2100, anyway, I've edited the forum one: https://forum.snapcraft.io/t/the-gadget-snap/69615:20
pedronismvo: also is recovery-tool called recovery-tool? shouldn't it be snap-recovery ?15:20
pedroniswhere will it get installed?15:21
pedronisI asked in the PR itself15:22
abeatoijohnson, hi! do you know where is the latest version of the dpdk/hugepages interfaces?15:25
ijohnsonabeato: you mean the one that luke worked/is working on?15:25
abeatoyes15:25
ijohnsonone minute let me look15:26
pedronisChipaca: I made a meta-comment in #7589, would like your input15:26
abeatopedronis, fyi I have edited https://forum.snapcraft.io/t/the-gadget-snap/696 , updating the role names for lk partitions as was decided15:26
mupPR #7589: cmd/snap: add ability to register "snap internal" commands <Needs Samuele review> <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/7589>15:26
abeatoijohnson, k15:26
mvopedronis: I think snap-recovery is more approprate, yes15:27
pedronisabeato: thank you15:28
ijohnsonabeato: last I heard from Luke, https://github.com/snapcore/snapd/pull/5885 was up-to-date, I helped him a bit with the dpdk snap here: https://github.com/anonymouse64/dpdk-snap/tree/wip15:28
mupPR #5885: Adding DPDK interface for DPDK Snap <Decaying ☢> <Created by wililupy> <Closed by zyga> <https://github.com/snapcore/snapd/pull/5885>15:28
ijohnsonerr up-to-date insofar as that's all the work Luke had on it, not necessarily that it was complete15:29
abeatoijohnson, ok, thanks for the pointers15:29
zygaWrapping up for now. Time to eat something15:48
sil2100abeato: merged your PR, thanks again! We should have it in edge soonish15:51
sil2100There's still one thing we want to add before we promote this further15:51
sil2100Hopefully having it in edge will be enough for now?15:51
abeatosil2100, awesome, thank you!15:54
abeatosil2100, sure, no hurry for me15:54
=== pstolowski is now known as pstolowski|afk
kenvandinezyga: sorry, I was out today for a holiday.  I'll catch up with you in the morning20:27
=== jdstrand_ is now known as jdstrand
jdstrandjoedborg: hey, I just saw this: 16:03 < joedborg> `[285928.025967] audit: type=1400 audit(1570741250.597:1384598): apparmor="DENIED" operation="signal" profile="docker-default" pid=703 comm="kubelet" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.kubernetes-worker.kubelet"`20:34
jdstrandjoedborg: kubelet shouldn't be talking to a 'docker-default' profile, it should be talking to the one that containerd sets up20:35
jdstrandjoedborg: oh, I read that backward. why is a docker container sending signals to kubelet?20:36
ijohnsonjdstrand: joedborg: I don't remember the specifics, but IIRC the child profile (i.e. the container) needs to signal to the parent that it is done, I think that's something runC does20:49
ijohnsonalso welcome back jdstrand :-)20:49
jdstrandijohnson: thanks, right, but the kubernetes-worker snap has a containerd with a different profile name than 'docker-default', so I'm confused why a profile named 'docker-default' is in play at all20:50
jdstrandjoedborg: eff, I am a little slow today. that denial says that a process running under a 'docker-default' profile name was sent 'kill' by snap.kubernetes-worker.kubelet, and that was blocked because the docker-default profile doesn't allow receiving signals from snap.kubernetes-worker.kubelet20:52
jdstranderf*20:52
jdstrandjoedborg: so, why is kubelet talking to a container running under the 'docker-default' profile? the snap should be configured for it to talk to a containerd profile20:53
ijohnsonjdstrand, well regardless of why it's named docker-default, the container is only allowed to transition to a docker-default profile from `docker-support` interface or to the `systemd-run` one from `k8s-support` interface if I'm reading those correctly20:55
ijohnsonjdstrand: so if it started running under containerd-default we would have to change the apparmor transition rules wouldn't we?20:55
jdstrandijohnson: the interfaces were adjusted for this before I left and there were no denials and no docker-default profiles on the system. I'm wondering what has changed. like, did something get dropped from the snap packaging? is the packaging moving to docker instead of containerd? something else?20:57
jdstrandijohnson: ie:20:58
jdstrand# defaults for containerd20:58
jdstrandchange_profile unsafe /** -> cri-containerd.apparmor.d,20:58
jdstrandsignal (send) peer=cri-containerd.apparmor.d,20:58
jdstrandptrace (read, trace) peer=cri-containerd.apparmor.d,20:58
jdstrandijohnson: it all worked fine. this is for kubelet to *send* signals. the denial is about the container to *receive* them though20:58
jdstrandijohnson: and there were patches to cri-containerd.apparmor.d in the kubernetes-worker package to allow this20:59
jdstrand(and for said profile to be named 'cri-containerd.apparmor.d', not 'docker-default'20:59
jdstrand)20:59
jdstrandso I'm confused why 'docker-default' is the profile name21:00
jdstrandthe snap wasn't changed in 17 days according to github. I need more context from joedborg21:01
* jdstrand wonders if the control plane has a mix of docker and containerd. that would be weird...21:02
joedborgHey jdstrand can we pick it up tomorrow please? I’ve got today off.  The eks-support branch in GitHub is up to date but I don’t think it’s very relevant21:04
jdstrandjoedborg: yes, of course :)21:04
jdstrandjoedborg: enjoy the rest of the day :)21:04
joedborgjdstrand: thanks :) I think it’s an issue of stuff in containerd still being constructed by apparmor21:05
joedborgThat docker signal may be a red herring21:05
joedborgConstricted *21:05
jdstrandjoedborg: well, kubelet shouldn't be sending a signal to anything with a 'docker-default' profile name when containerd is spinning up containers under the cri-containerd.apparmor.d profile21:08
jdstrandjoedborg: unless there is an external docker that is spinning up stuff and the CP is telling kubelet to work with that container.21:09
jdstrandthere are other things that could be wrong. we can look tomorrow21:09
joedborgjdstrand: yeah you might well be right as it’s a brown field deployment.  I’ll take a look in the AM and circle back.  Hope you had a good vacation btw21:10
ijohnsonjdstrand: hmm I guess I never noticed that new containerd transition in docker-support, I only looked at kubernetes-support interface, it's still a bit confusing to me why certain things are in docker-support and not kubernetes-support when the docker snap doesn't use those things21:20
ijohnsonjdstrand: anyways, for the docker snap specifically, the docker-default profile isn't persistent, it's just created in /tmp somewhere, loaded into the kernel and then the file is deleted, so it wouldn't show up anywhere in the normal apparmor packaging dirs21:20
ijohnsonjdstrand: but anyways anyways I'll let you take care of this, as I haven't actually built this kubernetes snap and am just theorizing about everything21:21
jdstrandjoedborg: thanks, it was great21:23
jdstrandijohnson: yeah, I'm familiar with the way docker does things these days, but 'aa-status' would show it since the profile need to be loaded into the kernel for a process to be running under that profile. thanks21:24
ijohnsonyes aa-status would still show it that's correct, I assumed you meant no docker-default profiles on the filesystem, sorry21:25
jdstrandno worries at all :)21:26
mupPR snapd#7597 opened: overlord/snapstate: add LastActiveDisabledServices, ComputeMissingDisabledServices <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/7597>22:58
mupPR snapd#7598 opened: test/lib/names.sh: make backslash escaping explicit <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/7598>23:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!