schopinsbeattie: you might want to have a look at https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1964098 :)09:50
ubottuLaunchpad bug 1964098 in rustc (Ubuntu) "[FFe] Versioned packages for Rust toolchain" [Undecided, New]09:50
sbeattieschopin: thanks!14:19
hallynsigh - i'm being lazy here, but is there a way for me to post an extra apparmor profile snipped for a snap (firefox, specifically)?  /etc/dnsmasq.d/ style?  That'll just get appended to the shipped policy?15:05
hallynsomething like https://stackoverflow.com/questions/44174234/apparmor-profile-for-libreoffice-in-a-ubuntu-snap-package15:05
hallynI want firefox to be allowed to run /usr/local/bin/st and /usr/bin/vim15:06
hallyni'm on impish.  should it have a kernel immune to dirtypipez?15:44
hallyn(cuase, it doesn't :(  )   15:44
ebarrettogeorgiag, ^ 15:45
sdezielhallyn: fixed kernels are apparently going to be released in the next 24h15:45
hallynok thanks15:46
georgiaghallyn: I don't think there's currently a way to have a policy on top of the current snap policy for firefox. as a workaround, you can change the snap firefox policy and reload it, but that's temporary - snap will reload the original unchanged policy after a while15:54
jjohansenhallyn: georgiag is right. This is one of those things that is planned for but we just haven't had time to do yet15:58
hallynso the 'snap policy' includes 'apparmor policy'?  Where do I find that?15:59
jjohansenbasically there are two things that are wip to do this15:59
jjohansen1. being able to "inherit" from a profile15:59
hallynwill you slap me if i say you should hire someone? :)15:59
jjohansen2. Being able to specify an overlay location16:00
hallynwhat would inherit from what?  16:00
hallynit seems like the notion of "connecting" would be useful...  which ionly mention bc i readsomewhere about snap connect or something16:01
jjohansenso you could specify a new profile, inheriting from another profile, and then add new rules to that profile16:01
hallynthat would be perfect16:02
hallynbut so in the meantime where woudl i find the polcy to update?  having t oupdate it after every snap refresh is better than nothing16:02
hallyni can script that :)16:02
sbeattiehallyn: you're hired! (I wish)16:04
hallynthanks jjohansen 16:04
hallynsbeattie: hirenapping is illegal16:04
sbeattiehallyn: uh-hunh, sure, if you say so.16:05
hallyn"laws are subject to interpretation"16:06
sarnoldlook if you just want to do the work without being paid, that's fine by us too...17:01
hallyn:)    deal!17:27
hallynok so i need to go find snap help i guess17:27
hallynugh this is a pain.  maybe i should just move to the apt package17:36
jjohansenyeah, that is what I have done for the moment17:36
hallynotherwise it looks like i need to learn what 'stage' and 'prime' mean.  (I need to bind in /usr/bin/vim into the chroot)17:37
hallynwow.  i did "snap remove firefox", and it removed my profile from my homedir!17:45
hallynNow I"m very angry.  Maybe it's time to move to void linux17:45
sarnoldI do keep hearing good things about void18:09
sarnoldsnap remove firefox killing your user profile is vastly uncool18:10
hallynand i didn't have a backup :(18:13
hallynwell, i'm taking the opportunity to clear my bookmarks and make sure my extensions haven't gotten a long-lived trojan over time :)18:14
sarnoldlosing firefox history would be a huge blow..18:14
hallyni don't like leaving anything but small easily verifiable text files when i switch systems (which i just did last week), but i'd cheated and rsynced my old .mozilla18:15
hallynyeah, but OTOH having stuff in history leads me to fogetting how to find it :)  i'm juts gonna look on the bright side18:15
sarnoldI wonder how moz does their firefox binary publishing; I wonder if they repurpose an existing binary for the snap, or if the snap is the "right" place to get an ubuntu firefox binary18:18
hallynthis morning i did an xprop on firefox (bc the WM_NAME had changed, as it turns out to 'Navigator' , which threw off my wm), i noticed that one of the variables said something about Arch linux.18:20
hallyni didnt' keep the info around.18:20
sarnold*navigator*, wow. that's a blast from the past.18:22
hallynI KNOW RITE18:25
hallyni'm curious how that snuck in :)18:25
hallynit wasn't there yesterday18:25
sarnoldis it april? heh18:27
* hallyn checks18:29
jdstrandhallyn: iirc, snapd keeps backups21:57
* jdstrand tries to find it21:58
jdstrandhallyn: https://snapcraft.io/docs/snapshots - "Snapshots are generated manually with the snap save command and automatically when a snap is removed."21:58
hallyni see a zipfile...  will it actually have my homedir stuff?  let's see22:36
hallynyeah i see it.  thanks - i'll just encrypt and keep a cpy of htat in case i absolutely need something back :)22:38
sdezielhallyn: update kernels are available now22:57
sdezielthose patching CVE-2022-0847 that is22:58
ubottuA flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the syste... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847>22:58
hallyn(seems to have dropped, but in case he checks the logs) thanks sdeziel,  updated a few hours ago and tested that the poc stopped working :) \o/23:00
jdstrandhallyn: \o/ :)23:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!