/srv/irclogs.ubuntu.com/2021/10/21/#snappy.txt

mborzecki	morning	06:45
mardy	mborzecki: hi!	06:57
mborzecki	mardy: heya	07:03
pstolowski	morning	07:04
mborzecki	mardy: i've pinged pedronis about the apparmor feature name, maybe we should use cap-audit-read, cap-bpf, or something else as long as it's consistent	07:15
mborzecki	https://github.com/snapcore/snapd/pull/10952 needs 2nd review and is super simple	07:18
mup	PR #10952: tests/lib/pkgdb: install strace on Debian 11 and Sid <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10952>	07:18
mborzecki	pstolowski: can you take a look? ^^	07:19
pstolowski	+1	07:19
mborzecki	thanks!	07:20
mup	PR snapd#10954 closed: tests: update the ubuntu-image channel to candidate <⚠ Critical> <Simple 😃> <Created by sergiocazzolato> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10954>	07:33
mborzecki	https://github.com/snapcore/snapd/pull/10947 needs a 2nd review too	07:44
mup	PR #10947: tests: run spread tests on debian 11 <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10947>	07:44
mardy	mborzecki: yes, cap-audit-read might be more clear	08:25
mardy	pstolowski: 'morning!	08:25
pstolowski	hey mardy	08:28
mborzecki	mardy: ok, so cap-bpf and cap-audit-read then?	09:33
mup	PR snapd#10955 opened: tests/main/snapd-snap: restore debian symlink <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10955>	09:33
mardy	mborzecki: did you see amurray comment (https://github.com/snapcore/snapd/pull/10938#issuecomment-948109370)? Unless we have a reason to use hyphens, I'd use underscores	09:48
mup	PR #10938: interfaces: skip connection of netlink interface on older systems <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/10938>	09:48
mup	PR snapd#10956 opened: o/snapstate: migrate to hidden dir on refresh <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10956>	09:48
mborzecki	mardy: yeah, i pinged pedronis for his input, in the meantime i renamed it to cap-bpf in a separate branch	09:50
=== alan_g_ is now known as alan_g
mup	PR snapd#10937 closed: interfaces/u2f-devices: add Nitrokey 3 <Simple 😃> <Created by robin-nitrokey> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10937>	10:49
mup	PR snapd#10949 closed: tests: ensure systemd-timesyncd is installed on debian <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10949>	10:59
mup	PR snapd#10952 closed: tests/lib/pkgdb: install strace on Debian 11 and Sid <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10952>	10:59
mup	PR snapd#10955 closed: tests/main/snapd-snap: restore debian symlink <Simple 😃> <Created by bboozzoo> <Closed by bboozzoo> <https://github.com/snapcore/snapd/pull/10955>	11:09
mup	PR snapd#10957 opened: build-aux: ensure that debian packaging matches build-base <Created by xnox> <https://github.com/snapcore/snapd/pull/10957>	11:14
mardy	mborzecki: are you aware of any AppArmor limitations in opensuse, as far as mount rules are concerned?	11:48
mardy	the spread test for the mount-control interface fails under opensuse: https://github.com/snapcore/snapd/pull/10739/checks?check_run_id=3962169410	11:48
mup	PR #10739: mount-control: step 2 <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/10739>	11:48
mborzecki	mardy: i know that fine grained socket filtering support is missing, but i'm not aware of anything mount related	11:50
mborzecki	mardy: do you see a particular problem there?	11:50
mardy	mborzecki: yes, the generated rule is mount options=(rw,bind) /var/tmp/ -> /var/snap/test-snapd-mount-control/common/,	11:53
mardy	mborzecki: in other distros (Ubuntu), the command "test-snapd-mount-control.cmd mount -o bind,rw /var/tmp/test-snapd-mount-control /tmp" fails	11:53
mardy	mborzecki: in opensuse, it succeeds	11:53
mborzecki	mardy: have you tried on arch?	11:56
mardy	mborzecki: nope, let me try...	11:57
mardy	mborzecki: well, the spread test passes there, so it must be all right	11:58
mup	PR snapd#10958 opened: run-checks: remove --spread from help message <Simple 😃> <Skip spread> <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10958>	12:19
mardy	mborzecki: wow, under opensuse mount rules don't work at all: I added a `deny mount,`, but can still mount anything :-)	12:26
mup	PR snapd#10946 closed: secboot: use latest secboot with tpm legacy platform and v2 fully optional <Squash-merge> <UC20> <Run nested> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10946>	12:39
mup	PR snapd#10959 opened: tests/main/selinux-data-context: use session when performing actions as test user <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10959>	12:39
mup	PR snapd#10942 closed: cmd/snap-confine: die when snap process is outside of snap specific cgroup (2.53) <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10942>	12:49
mup	PR snapd#10960 opened: spread: run lxd tests with version from latest/stable <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10960>	13:14
mup	PR snapd#10958 closed: run-checks: remove --spread from help message <Simple 😃> <Skip spread> <Created by MiguelPires> <Merged by MiguelPires> <https://github.com/snapcore/snapd/pull/10958>	13:24
mup	PR snapd#10961 opened: tests: enable lxd tests on impish system <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10961>	13:35
mup	PR snapd#10962 opened: o/assertstate, snapstate, api: store the current state of validation sets tracking in a stack <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/10962>	13:50
mardy	mborzecki: ah! https://bugzilla.opensuse.org/show_bug.cgi?id=995594	14:17
mborzecki	mardy: still may be worth asking jjohansen about the current status, the bug is from 2017	14:32
mborzecki	mardy: and if the test works on arch then relevant things must be part of the vanilla kernel & apparmor	14:32
mardy	mborzecki: ok, some manual tests show that mount rules are working	15:20
mardy	mborzecki: uh, about that opensuse issue: the snap is actually being run unconfined	15:43
mardy	mborzecki: the profile is loaded in the kernel, but "snap run" is not activating it	15:44
mardy	ijohnson[m]: any idea how that could happen (assuming Maciej is EOD)? ^	15:46
ijohnson[m]	mardy sorry busy ATM, will look in a bit though	15:50
mup	PR snapd#10960 closed: spread: run lxd tests with version from latest/stable <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10960>	16:15
mborzecki	mardy: hmm which opensuse? tumbleweed or 15.x?	16:50
mborzecki	mardy: tumbleweed is the only one we build with apparmor atm. I can look into enabling it for 15.3 too	16:51
mup	PR snapd#10963 opened: release: 2.53.1 <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10963>	17:01
mardy	mborzecki: opensuse-15.3-64	17:50
mardy	mborzecki: ah, that explains it :-)	17:50
mup	PR snapd#10963 closed: release: 2.53.1 <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/10963>	19:11
=== jdstrand_ is now known as jdstrand
mup	PR snapcraft#3591 closed: extensions: conditionally prepend to LIBVA_DRIVERS_PATH instead of overriding it <Created by oSoMoN> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3591>	20:45
mup	PR snapd#10964 opened: release-tools/repack-debian-tarball.sh: fix c-vendor dir <Simple 😃> <Skip spread> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10964>	22:57
mup	PR snapd#10965 opened: packaging: merge 2.53.1 changelog back to master <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10965>	23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!