=== not_phunyguy is now known as phunyguy | ||
=== not_phunyguy is now known as phunyguy | ||
=== not_phunyguy is now known as phunyguy | ||
mborzecki | morning | 07:29 |
---|---|---|
mardy | mborzecki: hi! | 08:51 |
mborzecki | mardy: hey | 08:52 |
mup | PR snapd#11444 opened: cmd: misc analyzer fixes <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11444> | 10:09 |
mborzecki | mardy: something simple ^^ | 10:09 |
mup | PR snapd#11445 opened: asserts: start supporting optional primary keys in fs backend, assemble and signing <authority-delegation> <Created by pedronis> <https://github.com/snapcore/snapd/pull/11445> | 10:24 |
mup | PR snapd#11446 opened: asserts: extend optional primary keys support to the in-memory backend <authority-delegation> <Created by pedronis> <https://github.com/snapcore/snapd/pull/11446> | 10:24 |
zyga[m] | bboozzoo: approved | 10:24 |
mborzecki | thx | 10:24 |
mup | PR snapd#11430 closed: cmd/snap-mgmt, packaging: trigger daemon reload after purging unit files <Simple 😃> <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11430> | 10:34 |
mup | PR snapd#11438 closed: tests: add test to ensure consecutive refreshes do garbage colleciton of old revs <Simple 😃> <Test Robustness> <Skip spread> <Created by stolowski> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11438> | 10:34 |
mup | PR snapd#11442 closed: o/snapstate: deal with potentially invalid type of refresh.retain value due to lax validation <Squash-merge> <Bug> <Created by stolowski> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11442> | 10:34 |
mup | PR snapd#11447 opened: tests: get lxd snap from candidate channel <Simple 😃> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11447> | 11:09 |
diddledani | amurray: this broke my container image (diddledan/snapcraft) c6011693a816f7f8a5b0c7858ddce91c6ef1a352 | 12:17 |
diddledani | https://github.com/snapcore/snapd/commit/c6011693a816f7f8a5b0c7858ddce91c6ef1a352 | 12:17 |
diddledani | fails with: `aa_is_enabled() failed unexpectedly (No such file or directory): No such file or directory` | 12:18 |
diddledani | this is my snapcraft container image https://github.com/diddlesnaps/snapcraft-container | 12:19 |
ijohnson[m] | diddledani: what is aa_is_enabled returning in your container? | 12:37 |
diddledani | do you mean the C function or the executable `aa-enabled`? for the latter it shows `Maybe - policy interface not available.` | 12:38 |
diddledani | for the C function, presumably it's returning ENOENT considering the error message from snap-confine | 12:39 |
diddledani | ENOENT used to be explicitly handled, now it's a fallthrough to DIEDIEDIE https://github.com/snapcore/snapd/commit/c6011693a816f7f8a5b0c7858ddce91c6ef1a352#diff-850ad7658ba4087a28a764d6a46b74640a2fd43be09f246dabea20dd0f2a16daL56-L59 | 12:40 |
ijohnson[m] | hmm that commit was needed to resolve a CVE so we can't just revert that commit | 12:44 |
amurray | diddledani: is securityfs mounted inside the container? | 12:54 |
diddledani | I don't believe it is.. it's not in /proc/mounts | 12:54 |
amurray | argh, sorry I gotta run - will check scrollback in the morning - otherwise perhaps we can just add back the ENOENT bit... I recall I thought I had a good reason for making that DIEDIEDIE but I can't recall why off the top of my head... | 12:55 |
diddledani | is there a systemd unit that I need to enable to handle that? | 12:55 |
diddledani | yeah, if there's a CVE then obviously I don't want you to potentially reintroduce it | 12:56 |
diddledani | s/it/a vuln/ | 12:56 |
ijohnson[m] | diddledani is apparmor enabled in the kernel? | 12:56 |
diddledani | yes, this is on an Ubuntu Host so apparmor is working on the host os | 12:56 |
ijohnson[m] | Hmm | 12:57 |
ijohnson[m] | Is this in a docker container | 12:57 |
diddledani | yup | 12:57 |
ijohnson[m] | Is it a privileged docker container | 12:57 |
diddledani | this is how I've launched it and how I recommend others launch it: | 12:58 |
diddledani | https://www.irccloud.com/pastebin/5zbD4Yjz/ | 12:58 |
mup | PR snapd#11448 opened: Pr11282+fallback <Created by xnox> <https://github.com/snapcore/snapd/pull/11448> | 13:19 |
mup | PR snapcraft#3655 closed: meta: support application fields (CRAFT-814) <Created by mr-cal> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3655> | 13:34 |
mup | PR snapd#11449 opened: cmd: set core22 migration related env vars and update spread test <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/11449> | 14:00 |
mup | PR snapcraft#3654 closed: projects: add grammar validation <Created by cmatsuoka> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3654> | 15:29 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!