[06:38] morning [06:51] good morning mborzecki [06:56] mvo: hey [06:57] mvo: heh: https://forum.snapcraft.io/t/firefox-83-0-snap-was-broken-fixed-square-fonts/21248 [07:12] hi mvo, mborzecki [07:12] jamesh: hey [07:16] I did a little experiment on the weekend to see how much of go-check I could delete while still retaining the features I use: https://github.com/go-check/check/pull/122 -- it's functional (apart from its own tests), and opens the door to parallel testing [07:16] PR go-check/check#122: check: replace test runner logic with Go's stdlib subtest support [07:16] it turns each go-check test into a stdlib testing sub-test [07:25] good morning [07:28] mborzecki, heh more selinux denials I see [07:28] type=PROCTITLE msg=audit(11/23/20 00:49:39.509:26526) : proctitle=/usr/libexec/snapd/snap-update-ns snap-store [07:28] type=SYSCALL msg=audit(11/23/20 00:49:39.509:26526) : arch=x86_64 syscall=unlinkat success=yes exit=0 a0=0xffffffffffffff9c a1=0xc0001a8250 a2=0x200 a3=0xc0001a8250 items=0 ppid=3053 pid=6546 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=snap-update-ns exe=/usr/libexec/snapd/snap-update-ns subj=system_u:system_r:snappy_mount_t:s0 key=(null) [07:28] type=AVC msg=audit(11/23/20 00:49:39.509:26526) : avc: denied { rmdir } for pid=6546 comm=snap-update-ns name=.X11-unix dev="sda2" ino=34699367 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1 [07:28] are those from the x11 fixes? [07:29] mvo did merging the internal snap-device-helper regress anything, e.g.: google:ubuntu-core-18-64:tests/main/security-dev-input-event-denied [07:31] zyga: rmdir .x11-unix? [07:32] jamesh: nice, i like the fact that with the change the pattern where we loop over a list of test cases could use t.Run() again, no more commenting out test cases to run a specific one [07:33] mborzecki, I didn't look deeper, just reviewed logs of failed tests [07:33] hey jamesh :-) [07:33] I read your post about the go testing [07:33] zyga: which PR is that? [07:34] https://github.com/snapcore/snapd/pull/9546 [07:34] PR #9546: overlord: add inert export manager [07:34] I sent some patches there yesterday [07:35] hm i see that on centos 7 only [07:41] hi zyga [07:58] zyga: oh, nice, thanks for updating that PR! [07:59] mborzecki: noooo, fonts again :( [07:59] hey mvo :-) [08:03] pstolowski: hey [08:04] morning [08:04] hey pawel [08:04] updated fusion over weekend [08:22] good morning pstolowski [08:30] o/ [08:33] good morning pedronis [08:33] pedronis, I pushed a few patches to the inert export manager PR [08:39] mvo: https://forum.snapcraft.io/t/important-internal-change-to-snap-downloads-in-edge-future-snapd-2-49/21255 [08:40] pstolowski: yay, nice! [08:51] jamesh: hey, not sure if you have seen it, I added some comments on 8943 and approved it, let me know if you want to address anything (just nitpicks) and if you want to do it in the PR or rather as a followup, either way is fine. if followup I can merge the PR now [08:52] mvo: yeah. I'm addressing those now. [08:52] mvo: thanks [08:53] jamesh: \o/ thank you! === tinwood_ is now known as tinwood [09:12] i've landed #9640, let me know of tests/nested/manual/core20-save fails in any of the PRs [09:12] PR #9640: tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants

[09:15] hmm cannot perform operation: mount --bind /var/lib/snapd/snap/core18/current/etc/apparmor /tmp/snap.rootfs_08zCTp/etc/apparmor: Permission denied [09:15] that's when trying the updated 2.48 package on arch [09:16] [lis23 10:16] audit: type=1400 audit(1606122967.226:703): apparmor="DENIED" operation="open" profile="/usr/lib/snapd/snap-confine" name="/proc/77278/attr/apparmor/current" pid=77278 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [09:16] [ +0.058639] audit: type=1400 audit(1606122967.283:704): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_vKrjPA/etc/apparmor/" pid=77278 comm="snap-confine" srcname="/var/lib/snapd/snap/core18/1932/etc/apparmor/" flags="rw, bind" [09:17] PR snapd#9640 closed: tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants

[09:20] hmmm so restarted apparmor.service once more and it works now, why wasn't that picked up the first time? [09:34] https://github.com/snapcore/snapd/pull/9204 didn't manke it to 2.48? [09:35] PR #9204: sandbox: track applications unconditionally [09:38] mvo: hi, thanks for reviewing #9679 [09:38] PR #9679: daemon: start cleaning up api tests [09:38] mborzecki: it's marked intentionally 2.49 [09:38] pedronis: my pleasure [09:41] pstolowski: hi, maybe you could give a 2nd review to #9679, sadly it's a bit large and some bits a bit tedious [09:41] PR #9679: daemon: start cleaning up api tests [09:42] pedronis: sure [09:43] pedronis: yeah, noticed [09:43] pstolowski: thx [09:54] #9590 needs 2nd review [09:54] PR #9590: tests: download timeout spread test [10:02] PR snapd#9681 closed: tests: Fix snap-debug-bootvars test to make it work on arm devices and core18 [10:07] PR snapd#9683 opened: packaging/arch: sync with AUR packaging [10:52] pedronis: I updated 9670, hopefully clearer now [10:53] pedronis: (but no rush of course) [10:53] I'll look after lunch [11:16] google:ubuntu-core-18-64:tests/main/security-dev-input-event-denied sometimes fails on gh, but works when running from local? [11:17] PR snapd#9684 opened: devicestate: support "storage-safety" defaults during install (2.48) [11:17] racy? [11:17] or fallout from the internal snap-device-helper merge? [11:20] pedronis: looks like 9679 is good to get merged too, nice ! [11:23] mvo: can you land https://github.com/snapcore/snapd/pull/9676 ? the failure on 18.04 is unrelated [11:23] PR #9676: bootloader: indicate when boot config was updated [11:29] mborzecki: sure [11:30] mvo: thanks [11:32] yw [11:32] PR snapd#9676 closed: bootloader: indicate when boot config was updated [12:07] PR snapd#9683 closed: packaging/arch: sync with AUR packaging [12:26] mvo: I'm still confused by the logic in 9670 [12:26] pedronis: hm, that's not good [12:27] pedronis: thanks for your comment, I will update the code and the tests to follow your advise [12:28] mvo: is the same advice I gave the last time fwiw, maybe there's a reason to do it differently? [12:29] pedronis: not really, I think I just forgot over the weekend [12:29] ok [13:02] mvo: I stared more at #9526 and something doesn't look right [13:02] PR #9526: snapshotstate: add cleanup of abandonded snapshot imports [14:38] PR snapd#9679 closed: daemon: start cleaning up api tests [14:51] mvo: I updated the comment on 9680, could you please take a look? thanks [14:52] ijohnson: sure [15:35] hey ijohnson === msalvatore_ is now known as msalvatore [16:16] hi, is it possible to passthrough settings for limits (specifically LimitNOFILE and LimitNOFILESoft) to a service unit in a snap? [16:22] mvo: hey! I'm looking at the snapd SRU right now [16:22] mvo: the SRU bug mentions looking for 2.48 test logs in https://travis-ci.org/github/snapcore/snapd/branches , but that seems to have really old runs like from 3 months ago? [16:23] mvo: I don't see the 2.48 branch there or any activity since 3 months - did this move somewhere else? If yes, where can I find the test logs? [16:25] sil2100: indeed, I need to update this, we moved to GH actions since [16:26] mvo: the unit tests are failing in #9526 now [16:26] PR #9526: snapshotstate: add cleanup of abandonded snapshot imports [16:28] pedronis: looking [16:30] pstolowski, thanks [16:30] pstolowski, I replied to some points [16:30] zyga: thanks [16:33] pstolowski, I want to rest a little but I'll go through the easy stuff for tomorrow [16:34] zyga: no worries, also I can push some trivials if that's ok [16:34] pstolowski, nah, you'll take all the glory and credit then [16:34] and I won't have anything easy to contribute anymore :) [16:35] :D [16:50] a second review for 9670 would be great [17:04] https://github.com/snapcore/snapd/runs/1425950639?check_suite_focus=true <- is this the set of test results for 2.48? I think I'm still a bit new to this whole GH actions work ;) [17:06] sil2100: yes, that is correct, but the spread runner for this is not wired up :/ [17:07] sil2100: I can create an artifical run for you, I was looking around and we don't have a run that tests exactly the release (each commit is tested so I can give you the run of the commit before that release) [17:09] mvo: one for the previous commit sounds fine! I just want to document it on the SRU bug so that we have it handy before proceeding :) [17:09] I trust you that it's all green anyway [17:09] (well, green enough for release) [17:09] sil2100: yeah, let me create something artifcial for you while I sort this out [17:13] sil2100: I created https://github.com/snapcore/snapd/pull/9685 for you, I will keep an eye on it and once it's done I can link to it from the sru bug [17:13] PR #9685: tests: run tests against 2.48 for the SRU <⛔ Blocked> [17:14] PR snapd#9685 opened: tests: run tests against 2.48 for the SRU <⛔ Blocked> === msalvatore_ is now known as msalvatore [17:24] mvo: thank you! [17:44] hey zyga (sorry I missed your ping earlier) === ijohnson is now known as ijohnson|lunch === ijohnson|lunch is now known as ijohnson [22:50] PR snapd#9680 closed: osutil/disks: allow mocking DiskFromDeviceName