/srv/irclogs.ubuntu.com/2020/02/11/#snappy.txt

mupPR snapd#8114 opened: boot: use variables for boot status values <Simple 😃> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8114>04:45
mborzeckimorning06:26
mborzeckihttps://github.com/snapcore/snapd/pull/8108 needs a 2nd review06:32
mupPR #8108: tests/main/interfaces-pulseaudio: use custom pulseaudio script, set kill timeout <Test Robustness> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8108>06:32
mborzeckisame #811406:35
mupPR #8114: boot: use variables for boot status values <Simple 😃> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8114>06:35
mborzeckiquick round trip to school, back in 3006:40
mborzeckire07:09
pstolowskimorning08:00
mborzeckipstolowski: hey08:03
mborzeckiwow, firefox 73 finally handles hidpi correctly08:05
mupPR snapd#8114 closed: boot: use constants for boot status values <Simple 😃> <UC20> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/8114>08:06
mborzeckipedronis: hey, thanks for merging 8114, i'll proceed updating 807708:08
abeatomborzecki, hey, do you know if the support for default tracks in snapd is already merged?08:21
pedronisabeato: it is in master, it will be in 2.4408:23
mborzeckiabeato: iirc it was, but rather recently, within last 2-3 weeks, pedronis probably has all the details08:23
abeatopedronis, mborzecki ok, thanks08:24
mupPR snapd#8111 closed: tests: add new backend which includes images with tpm support <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8111>08:34
pedronisjamesh: hi, have you seen the questions in #7588 ?08:54
mupPR #7588: cmd/snap: add a "snap routine portal-info" command <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/7588>08:54
pedronismborzecki: we should probably rename the signature in bootState as well to match what we used now in the implementations08:56
sdhd-saschaHi, anything new about #792708:56
mupPR #7927: interfaces: x11 allow apparmor on classic <Created by sd-hd> <https://github.com/snapcore/snapd/pull/7927>08:56
mborzeckipedronis: right, good idea08:56
pedronisthx08:57
mupPR snapd#8115 opened: overlord/devicestate: fix preseed unit tests on systems not using /snap <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8115>08:58
mborzeckipstolowski: ^^08:58
jameshpedronis: sorry.  I've been working through some changes on my other branch.  I'll answer those q's now.09:23
tomwardillWhat would be preventing my snap from reading files from /usr/share (inside the confinement)? Getting pandoc template errors as it can't read the default templates, which are installed in the snap.10:12
zygatomwardill: are you reading them from $SNAP/usr/share or from /usr/share?10:21
tomwardillzyga: /usr/share (prebuild application that I can't change)10:21
zygatomwardill: then they are not installed in the snap10:21
zygatomwardill: are they really in /usr/share from the perspective of the snap? In other words, are they in the base snap used by your application snap?10:22
tomwardillzyga: pandoc is apt installed during build10:22
tomwardillextracting the squashfs shows the files10:22
ograthats $SNAP/usr/share then10:22
tomwardill(it's the pandoc templates I'm tyring to read)10:22
zygatomwardill: again, then your snap contains those files but the application is not using them10:22
zygatomwardill: it is attempting to use files from /usr/share10:23
zygatomwardill: I'm trying to explain the crucial difference10:23
mborzeckilayouts to the rescue?10:23
ograyeah10:23
zygatomwardill: your application is not the root filesystem of the snap application process10:23
tomwardilloh, right, I see.10:23
ograa layout can fake $SNAP/usr/share to look like /usr/share to your application10:23
zygatomwardill: you can ship and access arbitrary files but they are in a runtime-variable location at $SNAP10:23
zygatomwardill: you can use one of the mechanism we have to alleviate that, but it depends on circumstances10:24
zygatomwardill: usually layouts are a good first try10:24
zygatomwardill: they are documented on the snapcraft website, let me know if you need a link10:24
tomwardillI've seen the docs for that, I'll give it a try10:24
tomwardillthanks for the help :)10:24
zygatomwardill: pleasure :) let me know if it worked in the end :)10:25
pedronismborzecki: not urgent but I made a suggestion about how to try to close #670810:40
mupPR #6708: packaging/ubuntu: enable PIE hardening flags <⛔ Blocked> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6708>10:40
mborzeckicachio: hi, do you know when was the last time centos 7 images were updated?11:25
kbroulikHi, does the snap sandbox prevent dbus activation of services? If I call e.g. notifications service when it isn't running, my snap says "name has no owner" and fails. With a git build running regularly it launches the service and continues11:29
mupPR snapd#8116 opened: test/lib/user: add helper lib for doing things for and as a user <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8116>11:32
mborzeckikbroulik: is that on ubuntu?11:34
kbroulikyes11:34
kbroulikit appears an "Introspect" call to a dbus service isnt allowed?11:34
mborzeckikbroulik: right, so there's a known (is it?) problem that the policy allows for a snap app to talk to an 'unconfined' service over dbus, but until the service has actually launched, dbus does not know what context that service would have11:35
kbroulikokay11:35
mupPR snapd#8117 opened: tests: add preseed test for classic <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8117>11:35
kbroulikmborzecki: also "ListActivatableNames" isnt allowed either, so I cant have my app check for that either11:36
mborzeckikbroulik: so the dbus *.service files of your host services need to have `AssumedAppArmorLabel=unconfined` or the service must be already running11:36
mborzeckikbroulik: if it's a particular service in ubuntu then maybe you could file a bug, i know that the desktop team added that snippet to some of the portal services upstreams11:37
kbroulikit's a weird kde plasma specific11:38
cachiomborzecki, 1 week ago11:38
kbroulikI mean, the service is standard (freedesktop notifications) but plasma does something mental with it11:38
cachiomborzecki, hi11:38
kbroulikyou mean LinuxSecurityLabel?11:38
cachiomborzecki, feb-311:38
mborzeckikbroulik: no, `AssumedAppArmorLabel=unconfined`11:38
kbroulikokay11:39
cachiomborzecki, I just retrigger again the update11:39
kbroulikmborzecki: will this be ignored by others not supporting it?11:39
mborzeckikbroulik: afaik for gnome-shell the notification service is part of the shell process, so it's up already before one even starts snap apps11:39
kbroulikmborzecki: yeah in plasma it's not, and with recent startup improvements we now start autostart so fast the apps come up before the desktop is fully ready :)11:39
mborzeckikbroulik: haha must be fun11:40
kbrouliknormally it wouldnt be a problem if people stopped using stupid QDBusInterface class11:40
mborzeckikbroulik: the key is part of upstream spec, https://dbus.freedesktop.org/doc/dbus-specification.html see `Mediating Activation with AppArmor`11:40
kbroulikI looked at that document and Ctrl+F'd for it... :)11:40
kbroulikoh well, thanks, I'll discuss it with my fellow devs11:41
kbroulikso, that "assumed" means, when you call something anyone can do it but once launched regular policies still apply?11:41
kbroulik*when you call when it's not running, I mean11:41
mborzeckikbroulik: i'm no expert on this, but yeah, that'd be my guess11:42
kbroulikok I'll give it a go11:42
kbroulikthanks very much11:42
mborzeckicachio: cool, i got a notification about that https://bugs.centos.org/view.php?id=16441#c36261 so maybe it'll work this time11:42
cachiomborzecki, yesterday failed because an error with a mirror trying to update11:43
cachiomborzecki, lets wait a bit to see the results today11:43
cachiohopefully the systemd error is gone11:43
mborzeckicachio: btw. noticed your note in https://github.com/snapcore/snapd/pull/8058 do yout want to discuss that in/after the standup?11:44
mupPR #8058: run-checks, travis: allow skipping spread jobs by adding a label <Skip spread> <⛔ Blocked> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8058>11:45
mborzecki(or before whatver's more convenient)11:45
cachiomborzecki, during11:45
mborzeckiok11:45
cachiowe decided that last friday but then I forgot it11:45
mborzeckiok, np11:46
mborzeckihuh google:arch-linux-64:tests/main/static failed ?11:46
kbroulikmborzecki: hmm doesnt work in my case.. I believe the "Introspect" call isnt allowed, or does "unconfined" allow any call to that service?11:47
mborzeckikbroulik: isn't Introspect part of the org.freedesktop.DBus inteface?11:48
kbroulikmborzecki: it's on the org.freedesktop.DBus.Introspectable11:48
mborzeckikbroulik: hmm but that would still be a traffic that does to the service, wouldn't it? can you try adding that snippet to *.service locally?11:50
kbroulikI added it, to no effect11:50
kbroulikI dont see a DENIED introspect call in dmesg either, though11:50
kbroulikoof why cant we have nice things :/11:50
mborzeckikbroulik: was dbus reloaded/restarted ?11:51
kbroulikah, yeah the introspect call was denied11:51
kbroulikAn AppArmor policy prevents this sender from sending this message to this recipien11:51
kbroulikmborzecki: I thought that was automatic? I did send a SIGHUP to dbus-daemon though11:53
kbroulik"There is no way to cause the D-BUS daemon to reload its configuration file" heh11:54
zygamvo: reported as https://bugs.launchpad.net/snapd/+bug/186276111:55
mupBug #1862761: core systems using core18 boot base cannot unmount writable cleanly <snapd:New> <https://launchpad.net/bugs/1862761>11:56
mborzeckikbroulik: systemctl restart --user ? iirc dbus also had inotify on the service directories, so maybe it's already reloaded ?12:01
mborzeckikbroulik: this is how your plasma service should look like https://paste.ubuntu.com/p/MsrhGFv9gX/12:01
mborzeckioh, and arch updated glibc to 2.31 and master is thus broken ;P12:01
mupPR snapd#8118 opened: tests/main/static: ldd in glibc 2.31 logs to stderr now <Simple 😃> <⚠ Critical> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8118>12:02
mborzeckithis should fix it ^^12:03
kbroulikmborzecki: heh, well, my system didnt like that at all :D so now I'm going to have to log out12:09
mborzeckikbroulik:hah ;)12:09
kbroulikmborzecki: yeah think that didnt help. It's probably that Introspect call being denied. *but* since nobody should ever use QDBusInterface: if that is ported away and done properly, ideally we'd just do a GetCapabilities call and see if that works or fails and call it a day12:12
kbroulika call which we do later anyway12:12
kbrouliki.e. when using dbus one should never check for services, just call and see what happens12:12
mborzeckicorba of the desktops12:13
cachiomborzecki, centos updated12:15
mborzeckicachio: thanks!12:15
cachiolets see now how it works12:15
mvozyga: \o/ in a meeting - thank you!12:15
cachiomborzecki, to you12:15
* zyga goes to make coffee12:56
zygamborzecki: do you think the user helper could become a non-source but execute helper?12:58
zygamborzecki: to again put boundaries on dependencies12:59
zygamborzecki: it would also make it easier to use from things like retry-tool12:59
mborzeckizyga: maybe, depends on how much time we want to put in it tbh13:02
zygamborzecki: just add a switch statement at the bottom13:02
zygamborzecki: and run the functions you wrote13:02
zygamborzecki: then it becomes user stop-session|start-session etc etc13:03
* zyga breaks for coffee and some food13:17
mborzeckihmm https://forum.snapcraft.io/t/updating-the-current-link-in-the-home-directory-does-not-work/15406/7 i think it'd be weird if snapd started updating that randomly13:44
mborzeckiand certainly there'd be more user drama13:44
mupPR snapcraft#2925 closed: project loader: use get_build_base() to assign plugin handler base <Created by cjp256> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/2925>13:57
mupPR snapcraft#2926 opened: plugin handler: process elf files only if base is specified <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2926>13:57
cjp256ijohnson: https://github.com/snapcore/snapcraft/pull/2926 is the workaround you're looking for :)13:58
mupPR snapcraft#2926: plugin handler: process elf files only if base is specified <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2926>13:58
* ijohnson didn't know cjp256 knew the ways of the force13:59
pedronishas anybody seens this kind of error: https://api.travis-ci.org/v3/job/648850614/log.txt13:59
cjp256i'm quite adept at force pushes13:59
pedronisijohnson: ^14:00
ijohnsonpedronis: will look after SU14:00
zygapedronis: I haven't seen that error14:01
ijohnsonpedronis: I've seen that "in the wild" on my UC20 test machines14:01
mupPR snapd#8119 opened: [RFC] httputil: add NoNetwork(err) helper and spread test <Created by mvo5> <https://github.com/snapcore/snapd/pull/8119>14:05
zygajdstrand: hello14:09
zygajdstrand: I've updated https://github.com/snapcore/snapd/pull/7980 -- would love to know if you can look at the changes14:09
mupPR #7980: packaging,snap-confine: stop being setgid root <Created by zyga> <https://github.com/snapcore/snapd/pull/7980>14:10
zygajdstrand: there are two more PRs that are ready for review but I'll hold on until you ping me you can do those14:10
mborzeckiijohnson: got they impression, they access some snap user data via $HOME/snap/<name>/current, which becomes broken when snap gets updated but a given user runs it rarely14:10
mupPR snapd#8058 closed: run-checks, travis: allow skipping spread jobs by adding a label <Skip spread> <Created by bboozzoo> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/8058>14:41
mborzeckiyay14:41
mupPR snapd#8120 opened: cmd/snap-preseed: snapd version check for the target <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8120>14:51
mupPR snapcraft#2918 closed: elf: ensure _GNU_VERSION_R section is of type GNUVerNeedSection <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2918>14:54
zygabrb, 2nd coffee and a hunt for a memory card adapter14:58
abeatojdstrand, hey, there is this new 'primed-stage-packages' section in the manifest generated by snapcraft. This is a list of the packages that were really primed into the snap. Is there any plan to leverage this on review tools and use it instead of 'staged-packages'?15:07
abeatocjp256, ^^15:07
mupPR snapd#8118 closed: tests/main/static: ldd in glibc 2.31 logs to stderr now <Simple 😃> <⚠ Critical> <Created by bboozzoo> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/8118>15:26
zygamvo: I pushed extra test data to https://github.com/snapcore/snapd/pull/8113 after your approval - if you want to re-view please do15:30
mupPR #8113: cmd/snap-confine: bring /var/lib/dhcp from host, if present <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/8113>15:30
zygamvo: (mount-ns test changes reflecting the new mount)15:30
mvozyga: thank you, looking15:30
mvozyga: that should be fine15:31
mborzeckiijohnson: some comments in #8077, my head goes round with bootState20* things :)15:35
mupPR #8077: boot: enable base snap updates in bootstate20 <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8077>15:35
ijohnsonmborzecki: thanks, I see I forgot to actually push that revert thanks for doing so :-)15:38
mborzeckiijohnson: no problem, reverted it and pushed with some other updates15:38
ijohnsonmborzecki: thanks will take a look in a little bit, trying to finish review of pstolowski's PR15:39
ijohnsonmborzecki: will you merge master to #8108 ?15:41
mupPR #8108: tests/main/interfaces-pulseaudio: use custom pulseaudio script, set kill timeout <Test Robustness> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8108>15:41
ijohnsonalso should probably get another +1 from somebody other than me as I changed the PR a bit15:41
mborzeckiijohnson: right, pushing now15:42
mborzeckiand off to do some groceries15:42
ijohnsonthanks mborzecki15:44
jdstrandabeato (cc cjp256): there is. the review-tools should be updated soonish15:45
abeatojdstrand, cool, that's great news15:46
jdstrandzyga: ack. for now make sure that whatever is needed for 2.44 is milestoned for that. (7980 is on that list)15:46
zygajdstrand: thank you!15:47
abeatosergiusens, cjp256, jdstrand I was also wondering if there could be an option in snapcraft to inject entries in 'primed-stage-packages'. In snaps that we build based on the deb sources, but recompiling (like network-manager) with patches on top, we would like to still receive CVEs without needing to hack review tools15:50
* cachio lunch15:56
cjp256abeato: interesting case15:56
abeatosome times we were putting packages in 'stage-packages' but not really priming them . with this change that technique is not going to work anymore15:58
sergiusensabeato: the alternative is to allow for reporting of the current stage-packages as a fallback... the solution you are using is quite hackish though16:03
ijohnsonabeato: did you ask awe about his plan for doing that? I proposed exactly what you were saying to him a long time ago and he said there was a better way, I don't recall the details however16:04
abeatosergiusens, that's why I'd like a snapcraft option ;) - like report-packages16:04
sergiusensabeato: seems like a very specific workaround for a very specific scenario you have16:04
sergiusensabeato: why not track the udd (or equivalent) of the source package and get auto builds for those?16:06
sergiusenswe still keep both in manifest.yaml, at the end of the day, the reporting tool should allow you to toggle that if you want16:07
abeatosergiusens, that's an alternative...16:09
ijohnsonpstolowski: I reviewed #8046, is the next one I should look at #8102 ?16:10
mupPR #8046: many, tests: integrate all preseed bits and add spread tests <Complex> <Needs Samuele review> <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8046>16:10
mupPR #8102: o/ifacestate: move ResolveDisconnect to ifacestate <Needs Samuele review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8102>16:10
abeatobut maybe adding packges for CVE notifications can be useful in other scenarios. not sure...16:10
abeatoijohnson, hm, I do not think there was an alternative to the staging hack16:11
pstolowskiijohnson: thanks! sure that will help too, it's for snap disconnect --forget16:11
sergiusensabeato: would rather have a generic "subscription" mechanism for this16:11
ijohnsonabeato: perhaps I am mis-remembering16:12
ijohnsonack pstolowski16:12
sergiusensbut this is something for the security team to drive16:12
abeatoright16:12
jdstrandthe thing to keep in mind is that the review-tools don't know that the git source you are using is coming from ubuntu16:13
jdstrandso we have to hint it somehow. one way is the review-tools that we currently do. another is to shove something into stage or prime or something16:14
jdstranda different key could be introduced in the manifest.yaml that it could consider16:14
abeatojdstrand, lately we are using the auto-imported branches. Like16:14
abeato    source: https://git.launchpad.net/ubuntu/+source/network-manager16:14
abeato    source-type: git16:14
abeato    source-branch: applied/1.10.6-2ubuntu1.216:14
abeatowould that be manageable from review-tools?16:14
jdstrandabeato: that's great!16:15
jdstrandabeato: maybe. it kinda feels like the wrong level though16:15
mupPR snapcraft#2927 opened: requirements: uprev lxml to 4.5.0 <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2927>16:15
jdstrandabeato: I'll take a look at the nm manifest.yaml and think about it16:16
abeatojdstrand, ok, note that this is for the 1.10 branch - let me find the link16:16
abeatojdstrand, https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/network-manager/tree/snap/snapcraft.yaml?h=snap-1.1016:17
abeatojdstrand, also: https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/modem-manager/tree/snapcraft.yaml?h=snap-1.1016:18
jdstrandok, thanks16:18
pedronisjdstrand: hi, have you seen this discussion https://github.com/snapcore/snapd/pull/7588#discussion_r377526563? it's about which interface should offer access to network status when running with portals16:26
mupPR #7588: cmd/snap: add a "snap routine portal-info" command <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/7588>16:26
pedronispstolowski: do you have time to quickly check about the prune issue now?16:27
pstolowskipedronis: yes16:28
pstolowskilet's16:28
pedronispstolowski: ok, let's use the standup16:28
jdstrandpedronis: I see it in my inbox, new today. I haven't read it yet16:30
* zyga goes for dinner 16:43
zygapstolowski, pedronis: https://github.com/snapcore/snapd/pull/8102#discussion_r37777042917:03
mupPR #8102: o/ifacestate: move ResolveDisconnect to ifacestate <Needs Samuele review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8102>17:03
mupPR snapcraft#2921 closed: storeapi: remove exposure of series <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2921>17:09
pstolowskizyga: good question!17:12
pstolowskii need to think17:16
pstolowskieod, cu17:22
zygaI will EOD soon but want to inspect one more time this weird bug I found17:29
zygamvo: some early ideas on oom17:29
zygamvo: snap set system oom-order=snap-a,snap-b,snap-d17:30
zygawould protect snap-a from oom more than snap-b, snapd-d and other parts of the system17:30
zygamvo: (the name should probably oom-protect instead of oom-order but I wanted to imply there's an order)17:30
zygamvo: another idea is to provide a privileged interface that allows smart snaps to set up oom protection using any current kernel features17:31
zygamvo: the burden and responsibility shifts17:31
zygamvo: I'll explore two more ideas tomorrow17:32
zygafor now I'm off17:32
ijohnsonpedronis: if you're still around quick question about cleaning the boot variables... is it reasonable to assume in the `commit()` implementation for markSuccessful that it will always be called with both kernel + base snaps markSuccessful() called on the bootStateUpdate ?18:11
ijohnsonpedronis: if so then the auto-cleaning logic is much simpler and we can get rid of one of the return values from genericMarkSuccessful I think18:11
pedronisijohnson: yes, in the sense that's controlled by code inside the package, MarkBootSucceful in boot.go18:12
ijohnsonok, thanks that simplifies things18:12
* ijohnson lunches18:12
pedronisijohnson: please double check the code there matches you expect18:13
pedronis*what you18:13
ijohnsonpedronis: yes it does match, my question was more about whether the current implementation of MarkBootSuccessful in boot.go can be relied on in bootstate20.go18:35
pedronisijohnson: yes, they are within the same package, feel free to add comments though if helps somebody doing changes down the lien18:36
pedronis*line18:36
ijohnsonI'll add comments as to what the assumptions I'm making18:37
ijohnsonerr that was awkwardly phrased ... I'll add comments about it there :-)18:37
zygajdstrand: if you want to chat about any of my branches I'm available19:46
techalchemyzyga, jdstrand just told me to file this bug and ping you: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/186283219:57
mupBug #1862832: Latest snapd triggers apparmor denials on 'sendmsg' name=/run/nvidia-xdriver-xxxx <snapd (Ubuntu):New> <https://launchpad.net/bugs/1862832>19:57
zygaaha19:57
zygalooking19:57
zygatechalchemy: thank you, I'll look at reproducing that back in the office tomorrow19:58
techalchemythanks, I haven't noticed any issues besides the logs19:59
zygatechalchemy: does the application still operate correctly?19:59
zygaaha19:59
techalchemythe one we were looking at doesn't but that was because I built it with an old version of electron builder and it plugs pulseaudio19:59
techalchemyincidentally I looked at the second snap causing the issue and it also still plugs pulseaudio, it seems unlikely that would be  the cause but I guess I've seen stranger things20:00
zygait's a shame the peer addr is ... whatever it is20:01
* zyga wonders20:01
techalchemyit's the same socket as is mentioned elsewhere in the logs20:01
techalchemy(sorry for the highlights) <jdstrand> Decoded: var/run/nvidia-xdriver-f8177d9f20:02
jdstrandtechalchemy: note, the pulseaudio stuff is unrelated to the nvidia stuff. I hadn't seen the logs yet when we were talking about audio, shm, etc20:06
zygajdstrand: having you here, do you have an idea what that peer address represents?20:06
zygaFeb 11 13:59:41 utumno kernel: audit: type=1400 audit(1581447581.792:10272): apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid" pid=1505247 comm="pomotroid" family="unix" sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"20:06
zygapeer="unconfined"20:06
jdstrandtechalchemy: this is the pulse issue: https://forum.snapcraft.io/t/upcoming-pulseaudio-interface-deprecation/13418/1020:06
zygathat's not even a pointer20:06
jdstrandzyga: yeah, snap.pomotroid.pomotroid is trying to talk to @var/run/nvidia-xdriver-f8177d9f20:07
techalchemyjdstrand, yeah i just noticed that the other snaps causing the issue are also still plugging the pulseaudio slot rather than the new audio-playback slot20:07
zygajdstrand: how did you derive @var/run/ from that number?20:07
zygais that some base encoding?20:07
jdstrandzyga: and is being denied. there is also (in the bug) a non-abstract path in /run20:07
zygaaha20:07
jdstrandzyga: the aa-decode command techalchemy gave20:08
techalchemyoh i didn't post the command, woops20:08
jdstrandaa-decode @7661722F72756E2F6E76696469612D786472697665722D6638313737643966000000000000000000000000000000000000000000000000000000000000000020:08
jdstrandbut, '@' isn't accepted by that command, so you drop it to decode, then prepend it20:08
jdstrandzyga: there are nuls in that string so the kernel encoded it20:09
zygahmmm20:09
zyga Jamie Strandboge aa-decode @7661722F72756E2F6E76696469612D786472697665722D6638313737643966000000000000000000000000000000000000000000000000000000000000000020:09
zygaer20:09
zygaaa-decode @7661722F72756E2F6E76696469612D786472697665722D6638313737643966000000000000000000000000000000000000000000000000000000000000000020:09
zygaString should only contain hex characters (0-9, a-f, A-F)20:09
zygathat doesn't work for me on focal?20:09
jdstrandzyga: did you read my next sentence? :)20:09
zygaah, no20:09
zygamissed it among the paste20:10
zygais this encoding something new? I haven't seen it before20:10
mupPR snapcraft#2928 opened: logging: use .warning instead of deprecated .warn <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2928>20:10
zygabut this helps a lot20:10
jdstrandzyga: did you see the next sentence after that? :)20:10
jdstrandzyga: it isn't new to the kernel as the string is determined by userspace20:11
jdstrandzyga: so, there are two denials:20:12
jdstrand/run/nvidia-xdriver-f8177d9f20:12
jdstrandand @var/run/nvidia-xdriver-f8177d9f20:12
jdstrandzyga: and only after upgrading to focal. it seems something changed in the nvidia driver?20:12
jdstrandzyga: I asked techalchemy to ping you since I don't have nvidia hardware and I suspect there is more to this than just adjusting the two denials (there might not be...)20:13
techalchemyyes, all of my nvidia packages were reinstalled i believe20:13
jdstrandzyga: I commented in the bug20:16
zygaThank you20:17
zygaI can check it out tomorrow20:18
* cachio afk21:09
mupPR snapcraft#2929 opened: elf: fixes for corrupt shared objects and semi-resolved path components from ldd <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2929>22:01
mupPR snapcraft#2930 opened: extensions: Handle case when user-dirs.dirs exits but not user-dirs.locale <Created by galgalesh> <https://github.com/snapcore/snapcraft/pull/2930>22:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!