/srv/irclogs.ubuntu.com/2021/08/10/#snappy.txt

mupPR snapd#10602 closed: release: 2.51.4 <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/10602>00:49
mupPR snapd#10603 opened: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10603>01:24
mupPR snapd#10603 closed: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10603>07:00
mupPR snapd#10601 closed: .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap <⚠ Critical> <Simple 😃> <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10601>08:45
mardymvo: hi! I added the workaround for 16.04, and it seems to work fine. However I now noticed that 14.04 doesn't work at all. It looks like mount units are not properly created there (still investigating).10:06
mardylooks like a bug in "systemctl show": if I run "systemctl show <my-unit>.mount" then all is fine, but if I pass "*.mount" as last parameter, it finds only one mount unit, with a bogus ID (Id=\x2a.mount)10:16
mardyI'm also getting an error on ArchLinux:10:25
mardy2021-08-10T08:35:36.2606742Z + test-snapd-mount-control.cmd grep /var/snap/test-snapd-mount-control/common/target /proc/self/mountinfo10:25
mardy2021-08-10T08:35:36.2608249Z cannot change profile for the next exec call: No such file or directory10:25
mardy2021-08-10T08:35:36.2609165Z snap-update-ns failed with code 110:25
mardy(from https://github.com/snapcore/snapd/pull/10473/checks?check_run_id=3288775107)10:25
mupPR #10473: interfaces/builtin: add mount-control interface <Created by mardy> <https://github.com/snapcore/snapd/pull/10473>10:25
mvomardy: sorry, was in various meetings. if 14.04 does not work it's fine if we just error clearly if someone tries to use the feature on 14.04 - we keep 14.04 just for live-patch around11:26
georgiosyesterday i asked about application confinment with the help of snap, a series of modules such as lsm=landlock,lockdown,yama,apparmor,bpf and a hardened kernel11:35
georgiosbut then i left. so now that i am here, could somebody shade some light?11:35
georgios(oh the  good old days of grsecurity...)11:36
=== marcustomlinson_ is now known as marcustomlinson
georgiosmardy: actually the Archwiki mentions Apparmor for snaps, and in the Apparmor article it suggests the above lsm kernel paramaters12:07
mardygeorgios: I might be wrong, but as far as I know only one security module can be active at a time. So, you are free to enable as many as you like when you build the kernel, but at run-time only one will be used12:35
mardygeorgios: oh, it looks like I was wrong: https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html12:37
mardy"yama" and the others you mentioned are "minor" LSM modules, so multiple of them can coexist12:38
mardygeorgios: so yes, using the line given in the ArchLinux wiki might be a good idea12:38
mupPR snapd#10600 closed: configcore: fix a bunch of incorrect error returns <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10600>13:31
ijohnson[m]mvo: I asked about this after we did 2.51.3 but apparently you didn't answer since we didn't follow through, but can I cherry-pick https://github.com/snapcore/snapd/pull/10315 to release/2.51 ? I have to manually fix the changelog and date formats for releases without that on the release branch, or what I just did yesterday was apply the changes locally being very careful not to commit those changes when I go to create the changelog commit14:16
mupPR #10315: release-tool/changelog.py: misc fixes from real world usage <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10315>14:16
mupPR snapd#10604 opened: wrappers: measure time to enable services in StartServices() <Simple 😃> <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10604>14:16
=== sarnold_ is now known as sarnold
ijohnson[m]mvo: also if you could force land #10542 that would be appreciated14:44
mupBug #10542: Hoary: synaptic asks for root's passwd <synaptic (Ubuntu):Invalid by mvo> <https://launchpad.net/bugs/10542>14:44
mupPR #10542: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10542>14:44
ijohnson[m]mvo: also that bug that mup pointed out with the same number as the PR I mentioned for Ubuntu 5.04 was triaged by you 17 years ago 😀 14:46
mvoijohnson[m]: sure, will do15:04
mvoijohnson[m]: hahaha - scary actualy15:04
mupPR snapd#10542 closed: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10542>15:06
mupPR snapd#10599 closed: configcore: fix early config timezone handling <Run nested> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10599>15:06
ijohnson[m]thanks mvo !15:07
mvoijohnson[m]: yw15:08
mupPR snapcraft#3568 closed: cli: enable SNAPCRAFT_TARGET_ARCH envvar matching --target-arch <Created by cjp256> <Closed by cjp256> <https://github.com/snapcore/snapcraft/pull/3568>15:09
mupPR snapd#10605 opened: many: do not re-check snaps on disk during uc20 install <⛔ Blocked> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10605>16:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!