[00:49] <mup> PR snapd#10602 closed: release: 2.51.4 <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/10602>
[01:24] <mup> PR snapd#10603 opened: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10603>
[07:00] <mup> PR snapd#10603 closed: packaging: merge 2.51.4 changelog back to master <Simple 😃> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10603>
[08:45] <mup> PR snapd#10601 closed: .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap <⚠ Critical> <Simple 😃> <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10601>
[10:06] <mardy> mvo: hi! I added the workaround for 16.04, and it seems to work fine. However I now noticed that 14.04 doesn't work at all. It looks like mount units are not properly created there (still investigating).
[10:16] <mardy> looks like a bug in "systemctl show": if I run "systemctl show <my-unit>.mount" then all is fine, but if I pass "*.mount" as last parameter, it finds only one mount unit, with a bogus ID (Id=\x2a.mount)
[10:25] <mardy> I'm also getting an error on ArchLinux:
[10:25] <mardy> 2021-08-10T08:35:36.2606742Z + test-snapd-mount-control.cmd grep /var/snap/test-snapd-mount-control/common/target /proc/self/mountinfo
[10:25] <mardy> 2021-08-10T08:35:36.2608249Z cannot change profile for the next exec call: No such file or directory
[10:25] <mardy> 2021-08-10T08:35:36.2609165Z snap-update-ns failed with code 1
[10:25] <mardy> (from https://github.com/snapcore/snapd/pull/10473/checks?check_run_id=3288775107)
[10:25] <mup> PR #10473: interfaces/builtin: add mount-control interface <Created by mardy> <https://github.com/snapcore/snapd/pull/10473>
[11:26] <mvo> mardy: sorry, was in various meetings. if 14.04 does not work it's fine if we just error clearly if someone tries to use the feature on 14.04 - we keep 14.04 just for live-patch around
[11:35] <georgios> yesterday i asked about application confinment with the help of snap, a series of modules such as lsm=landlock,lockdown,yama,apparmor,bpf and a hardened kernel
[11:35] <georgios> but then i left. so now that i am here, could somebody shade some light?
[11:36] <georgios> (oh the  good old days of grsecurity...)
[12:07] <georgios> mardy: actually the Archwiki mentions Apparmor for snaps, and in the Apparmor article it suggests the above lsm kernel paramaters
[12:35] <mardy> georgios: I might be wrong, but as far as I know only one security module can be active at a time. So, you are free to enable as many as you like when you build the kernel, but at run-time only one will be used
[12:37] <mardy> georgios: oh, it looks like I was wrong: https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html
[12:38] <mardy> "yama" and the others you mentioned are "minor" LSM modules, so multiple of them can coexist
[12:38] <mardy> georgios: so yes, using the line given in the ArchLinux wiki might be a good idea
[13:31] <mup> PR snapd#10600 closed: configcore: fix a bunch of incorrect error returns <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10600>
[14:16] <ijohnson[m]> mvo: I asked about this after we did 2.51.3 but apparently you didn't answer since we didn't follow through, but can I cherry-pick https://github.com/snapcore/snapd/pull/10315 to release/2.51 ? I have to manually fix the changelog and date formats for releases without that on the release branch, or what I just did yesterday was apply the changes locally being very careful not to commit those changes when I go to create the changelog commit
[14:16] <mup> PR #10315: release-tool/changelog.py: misc fixes from real world usage <Skip spread> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10315>
[14:16] <mup> PR snapd#10604 opened: wrappers: measure time to enable services in StartServices() <Simple 😃> <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10604>
[14:44] <ijohnson[m]> mvo: also if you could force land #10542 that would be appreciated
[14:44] <mup> Bug #10542: Hoary: synaptic asks for root's passwd <synaptic (Ubuntu):Invalid by mvo> <https://launchpad.net/bugs/10542>
[14:44] <mup> PR #10542: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10542>
[14:46] <ijohnson[m]> mvo: also that bug that mup pointed out with the same number as the PR I mentioned for Ubuntu 5.04 was triaged by you 17 years ago 😀 
[15:04] <mvo> ijohnson[m]: sure, will do
[15:04] <mvo> ijohnson[m]: hahaha - scary actualy
[15:06] <mup> PR snapd#10542 closed: tests/nested/manual: enable serial assertions on testkeys nested VM's <Simple 😃> <Test Robustness> <Run nested> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10542>
[15:06] <mup> PR snapd#10599 closed: configcore: fix early config timezone handling <Run nested> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10599>
[15:07] <ijohnson[m]> thanks mvo !
[15:08] <mvo> ijohnson[m]: yw
[15:09] <mup> PR snapcraft#3568 closed: cli: enable SNAPCRAFT_TARGET_ARCH envvar matching --target-arch <Created by cjp256> <Closed by cjp256> <https://github.com/snapcore/snapcraft/pull/3568>
[16:52] <mup> PR snapd#10605 opened: many: do not re-check snaps on disk during uc20 install <⛔ Blocked> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10605>