mborzecki | morning | 06:45 |
---|---|---|
mardy | mborzecki: hi! | 06:57 |
mborzecki | mardy: heya | 07:03 |
pstolowski | morning | 07:04 |
mborzecki | mardy: i've pinged pedronis about the apparmor feature name, maybe we should use cap-audit-read, cap-bpf, or something else as long as it's consistent | 07:15 |
mborzecki | https://github.com/snapcore/snapd/pull/10952 needs 2nd review and is super simple | 07:18 |
mup | PR #10952: tests/lib/pkgdb: install strace on Debian 11 and Sid <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10952> | 07:18 |
mborzecki | pstolowski: can you take a look? ^^ | 07:19 |
pstolowski | +1 | 07:19 |
mborzecki | thanks! | 07:20 |
mup | PR snapd#10954 closed: tests: update the ubuntu-image channel to candidate <⚠Critical> <Simple 😃> <Created by sergiocazzolato> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10954> | 07:33 |
mborzecki | https://github.com/snapcore/snapd/pull/10947 needs a 2nd review too | 07:44 |
mup | PR #10947: tests: run spread tests on debian 11 <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10947> | 07:44 |
mardy | mborzecki: yes, cap-audit-read might be more clear | 08:25 |
mardy | pstolowski: 'morning! | 08:25 |
pstolowski | hey mardy | 08:28 |
mborzecki | mardy: ok, so cap-bpf and cap-audit-read then? | 09:33 |
mup | PR snapd#10955 opened: tests/main/snapd-snap: restore debian symlink <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10955> | 09:33 |
mardy | mborzecki: did you see amurray comment (https://github.com/snapcore/snapd/pull/10938#issuecomment-948109370)? Unless we have a reason to use hyphens, I'd use underscores | 09:48 |
mup | PR #10938: interfaces: skip connection of netlink interface on older systems <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/10938> | 09:48 |
mup | PR snapd#10956 opened: o/snapstate: migrate to hidden dir on refresh <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10956> | 09:48 |
mborzecki | mardy: yeah, i pinged pedronis for his input, in the meantime i renamed it to cap-bpf in a separate branch | 09:50 |
=== alan_g_ is now known as alan_g | ||
mup | PR snapd#10937 closed: interfaces/u2f-devices: add Nitrokey 3 <Simple 😃> <Created by robin-nitrokey> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10937> | 10:49 |
mup | PR snapd#10949 closed: tests: ensure systemd-timesyncd is installed on debian <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10949> | 10:59 |
mup | PR snapd#10952 closed: tests/lib/pkgdb: install strace on Debian 11 and Sid <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10952> | 10:59 |
mup | PR snapd#10955 closed: tests/main/snapd-snap: restore debian symlink <Simple 😃> <Created by bboozzoo> <Closed by bboozzoo> <https://github.com/snapcore/snapd/pull/10955> | 11:09 |
mup | PR snapd#10957 opened: build-aux: ensure that debian packaging matches build-base <Created by xnox> <https://github.com/snapcore/snapd/pull/10957> | 11:14 |
mardy | mborzecki: are you aware of any AppArmor limitations in opensuse, as far as mount rules are concerned? | 11:48 |
mardy | the spread test for the mount-control interface fails under opensuse: https://github.com/snapcore/snapd/pull/10739/checks?check_run_id=3962169410 | 11:48 |
mup | PR #10739: mount-control: step 2 <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/10739> | 11:48 |
mborzecki | mardy: i know that fine grained socket filtering support is missing, but i'm not aware of anything mount related | 11:50 |
mborzecki | mardy: do you see a particular problem there? | 11:50 |
mardy | mborzecki: yes, the generated rule is mount options=(rw,bind) /var/tmp/** -> /var/snap/test-snapd-mount-control/common/**, | 11:53 |
mardy | mborzecki: in other distros (Ubuntu), the command "test-snapd-mount-control.cmd mount -o bind,rw /var/tmp/test-snapd-mount-control /tmp" fails | 11:53 |
mardy | mborzecki: in opensuse, it succeeds | 11:53 |
mborzecki | mardy: have you tried on arch? | 11:56 |
mardy | mborzecki: nope, let me try... | 11:57 |
mardy | mborzecki: well, the spread test passes there, so it must be all right | 11:58 |
mup | PR snapd#10958 opened: run-checks: remove --spread from help message <Simple 😃> <Skip spread> <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10958> | 12:19 |
mardy | mborzecki: wow, under opensuse mount rules don't work at all: I added a `deny mount,`, but can still mount anything :-) | 12:26 |
mup | PR snapd#10946 closed: secboot: use latest secboot with tpm legacy platform and v2 fully optional <Squash-merge> <UC20> <Run nested> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10946> | 12:39 |
mup | PR snapd#10959 opened: tests/main/selinux-data-context: use session when performing actions as test user <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10959> | 12:39 |
mup | PR snapd#10942 closed: cmd/snap-confine: die when snap process is outside of snap specific cgroup (2.53) <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10942> | 12:49 |
mup | PR snapd#10960 opened: spread: run lxd tests with version from latest/stable <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10960> | 13:14 |
mup | PR snapd#10958 closed: run-checks: remove --spread from help message <Simple 😃> <Skip spread> <Created by MiguelPires> <Merged by MiguelPires> <https://github.com/snapcore/snapd/pull/10958> | 13:24 |
mup | PR snapd#10961 opened: tests: enable lxd tests on impish system <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10961> | 13:35 |
mup | PR snapd#10962 opened: o/assertstate, snapstate, api: store the current state of validation sets tracking in a stack <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/10962> | 13:50 |
mardy | mborzecki: ah! https://bugzilla.opensuse.org/show_bug.cgi?id=995594 | 14:17 |
mborzecki | mardy: still may be worth asking jjohansen about the current status, the bug is from 2017 | 14:32 |
mborzecki | mardy: and if the test works on arch then relevant things must be part of the vanilla kernel & apparmor | 14:32 |
mardy | mborzecki: ok, some manual tests show that mount rules are working | 15:20 |
mardy | mborzecki: uh, about that opensuse issue: the snap is actually being run unconfined | 15:43 |
mardy | mborzecki: the profile is loaded in the kernel, but "snap run" is not activating it | 15:44 |
mardy | ijohnson[m]: any idea how that could happen (assuming Maciej is EOD)? ^ | 15:46 |
ijohnson[m] | mardy sorry busy ATM, will look in a bit though | 15:50 |
mup | PR snapd#10960 closed: spread: run lxd tests with version from latest/stable <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/10960> | 16:15 |
mborzecki | mardy: hmm which opensuse? tumbleweed or 15.x? | 16:50 |
mborzecki | mardy: tumbleweed is the only one we build with apparmor atm. I can look into enabling it for 15.3 too | 16:51 |
mup | PR snapd#10963 opened: release: 2.53.1 <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10963> | 17:01 |
mardy | mborzecki: opensuse-15.3-64 | 17:50 |
mardy | mborzecki: ah, that explains it :-) | 17:50 |
mup | PR snapd#10963 closed: release: 2.53.1 <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/10963> | 19:11 |
=== jdstrand_ is now known as jdstrand | ||
mup | PR snapcraft#3591 closed: extensions: conditionally prepend to LIBVA_DRIVERS_PATH instead of overriding it <Created by oSoMoN> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3591> | 20:45 |
mup | PR snapd#10964 opened: release-tools/repack-debian-tarball.sh: fix c-vendor dir <Simple 😃> <Skip spread> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10964> | 22:57 |
mup | PR snapd#10965 opened: packaging: merge 2.53.1 changelog back to master <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10965> | 23:07 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!