| mup | PR snapd#10602 closed: release: 2.51.4 <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/10602> | 00:49 |
|---|---|---|
| mup | PR snapd#10603 opened: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10603> | 01:24 |
| mup | PR snapd#10603 closed: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10603> | 07:00 |
| mup | PR snapd#10601 closed: .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap <⚠Critical> <Simple 😃> <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10601> | 08:45 |
| mardy | mvo: hi! I added the workaround for 16.04, and it seems to work fine. However I now noticed that 14.04 doesn't work at all. It looks like mount units are not properly created there (still investigating). | 10:06 |
| mardy | looks like a bug in "systemctl show": if I run "systemctl show <my-unit>.mount" then all is fine, but if I pass "*.mount" as last parameter, it finds only one mount unit, with a bogus ID (Id=\x2a.mount) | 10:16 |
| mardy | I'm also getting an error on ArchLinux: | 10:25 |
| mardy | 2021-08-10T08:35:36.2606742Z + test-snapd-mount-control.cmd grep /var/snap/test-snapd-mount-control/common/target /proc/self/mountinfo | 10:25 |
| mardy | 2021-08-10T08:35:36.2608249Z cannot change profile for the next exec call: No such file or directory | 10:25 |
| mardy | 2021-08-10T08:35:36.2609165Z snap-update-ns failed with code 1 | 10:25 |
| mardy | (from https://github.com/snapcore/snapd/pull/10473/checks?check_run_id=3288775107) | 10:25 |
| mup | PR #10473: interfaces/builtin: add mount-control interface <Created by mardy> <https://github.com/snapcore/snapd/pull/10473> | 10:25 |
| mvo | mardy: sorry, was in various meetings. if 14.04 does not work it's fine if we just error clearly if someone tries to use the feature on 14.04 - we keep 14.04 just for live-patch around | 11:26 |
| georgios | yesterday i asked about application confinment with the help of snap, a series of modules such as lsm=landlock,lockdown,yama,apparmor,bpf and a hardened kernel | 11:35 |
| georgios | but then i left. so now that i am here, could somebody shade some light? | 11:35 |
| georgios | (oh the good old days of grsecurity...) | 11:36 |
| === marcustomlinson_ is now known as marcustomlinson | ||
| georgios | mardy: actually the Archwiki mentions Apparmor for snaps, and in the Apparmor article it suggests the above lsm kernel paramaters | 12:07 |
| mardy | georgios: I might be wrong, but as far as I know only one security module can be active at a time. So, you are free to enable as many as you like when you build the kernel, but at run-time only one will be used | 12:35 |
| mardy | georgios: oh, it looks like I was wrong: https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html | 12:37 |
| mardy | "yama" and the others you mentioned are "minor" LSM modules, so multiple of them can coexist | 12:38 |
| mardy | georgios: so yes, using the line given in the ArchLinux wiki might be a good idea | 12:38 |
| mup | PR snapd#10600 closed: configcore: fix a bunch of incorrect error returns <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10600> | 13:31 |
| ijohnson[m] | mvo: I asked about this after we did 2.51.3 but apparently you didn't answer since we didn't follow through, but can I cherry-pick https://github.com/snapcore/snapd/pull/10315 to release/2.51 ? I have to manually fix the changelog and date formats for releases without that on the release branch, or what I just did yesterday was apply the changes locally being very careful not to commit those changes when I go to create the changelog commit | 14:16 |
| mup | PR #10315: release-tool/changelog.py: misc fixes from real world usage <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10315> | 14:16 |
| mup | PR snapd#10604 opened: wrappers: measure time to enable services in StartServices() <Simple 😃> <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10604> | 14:16 |
| === sarnold_ is now known as sarnold | ||
| ijohnson[m] | mvo: also if you could force land #10542 that would be appreciated | 14:44 |
| mup | Bug #10542: Hoary: synaptic asks for root's passwd <synaptic (Ubuntu):Invalid by mvo> <https://launchpad.net/bugs/10542> | 14:44 |
| mup | PR #10542: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10542> | 14:44 |
| ijohnson[m] | mvo: also that bug that mup pointed out with the same number as the PR I mentioned for Ubuntu 5.04 was triaged by you 17 years ago 😀 | 14:46 |
| mvo | ijohnson[m]: sure, will do | 15:04 |
| mvo | ijohnson[m]: hahaha - scary actualy | 15:04 |
| mup | PR snapd#10542 closed: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10542> | 15:06 |
| mup | PR snapd#10599 closed: configcore: fix early config timezone handling <Run nested> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10599> | 15:06 |
| ijohnson[m] | thanks mvo ! | 15:07 |
| mvo | ijohnson[m]: yw | 15:08 |
| mup | PR snapcraft#3568 closed: cli: enable SNAPCRAFT_TARGET_ARCH envvar matching --target-arch <Created by cjp256> <Closed by cjp256> <https://github.com/snapcore/snapcraft/pull/3568> | 15:09 |
| mup | PR snapd#10605 opened: many: do not re-check snaps on disk during uc20 install <â›” Blocked> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10605> | 16:52 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!