[09:50] <schopin> sbeattie: you might want to have a look at https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1964098 :)
[14:19] <sbeattie> schopin: thanks!
[15:05] <hallyn> sigh - i'm being lazy here, but is there a way for me to post an extra apparmor profile snipped for a snap (firefox, specifically)?  /etc/dnsmasq.d/ style?  That'll just get appended to the shipped policy?
[15:05] <hallyn> something like https://stackoverflow.com/questions/44174234/apparmor-profile-for-libreoffice-in-a-ubuntu-snap-package
[15:06] <hallyn> I want firefox to be allowed to run /usr/local/bin/st and /usr/bin/vim
[15:44] <hallyn> i'm on impish.  should it have a kernel immune to dirtypipez?
[15:44] <hallyn> (cuase, it doesn't :(  )   
[15:45] <ebarretto> georgiag, ^ 
[15:45] <sdeziel> hallyn: fixed kernels are apparently going to be released in the next 24h
[15:46] <hallyn> :cringe:
[15:46] <hallyn> ok thanks
[15:54] <georgiag> hallyn: I don't think there's currently a way to have a policy on top of the current snap policy for firefox. as a workaround, you can change the snap firefox policy and reload it, but that's temporary - snap will reload the original unchanged policy after a while
[15:58] <hallyn> :(
[15:58] <jjohansen> hallyn: georgiag is right. This is one of those things that is planned for but we just haven't had time to do yet
[15:59] <hallyn> so the 'snap policy' includes 'apparmor policy'?  Where do I find that?
[15:59] <jjohansen> basically there are two things that are wip to do this
[15:59] <jjohansen> 1. being able to "inherit" from a profile
[15:59] <hallyn> will you slap me if i say you should hire someone? :)
[16:00] <jjohansen> 2. Being able to specify an overlay location
[16:00] <jjohansen> hahaha
[16:00] <hallyn> what would inherit from what?  
[16:01] <hallyn> it seems like the notion of "connecting" would be useful...  which ionly mention bc i readsomewhere about snap connect or something
[16:01] <jjohansen> so you could specify a new profile, inheriting from another profile, and then add new rules to that profile
[16:01] <hallyn> ok
[16:02] <hallyn> that would be perfect
[16:02] <hallyn> but so in the meantime where woudl i find the polcy to update?  having t oupdate it after every snap refresh is better than nothing
[16:02] <hallyn> i can script that :)
[16:03] <jjohansen> /var/lib/snapd/apparmor/profiles/
[16:04] <sbeattie> hallyn: you're hired! (I wish)
[16:04] <hallyn> thanks jjohansen 
[16:04] <hallyn> sbeattie: hirenapping is illegal
[16:05] <sbeattie> hallyn: uh-hunh, sure, if you say so.
[16:06] <hallyn> "laws are subject to interpretation"
[17:01] <sarnold> look if you just want to do the work without being paid, that's fine by us too...
[17:27] <hallyn> :)    deal!
[17:27] <hallyn> ok so i need to go find snap help i guess
[17:36] <hallyn> ugh this is a pain.  maybe i should just move to the apt package
[17:36] <jjohansen> yeah, that is what I have done for the moment
[17:37] <hallyn> otherwise it looks like i need to learn what 'stage' and 'prime' mean.  (I need to bind in /usr/bin/vim into the chroot)
[17:45] <hallyn> wow.  i did "snap remove firefox", and it removed my profile from my homedir!
[17:45] <jjohansen> O_o
[17:45] <hallyn> Now I"m very angry.  Maybe it's time to move to void linux
[18:09] <sarnold> I do keep hearing good things about void
[18:10] <sarnold> snap remove firefox killing your user profile is vastly uncool
[18:13] <hallyn> and i didn't have a backup :(
[18:13] <sarnold> :(
[18:14] <hallyn> well, i'm taking the opportunity to clear my bookmarks and make sure my extensions haven't gotten a long-lived trojan over time :)
[18:14] <sarnold> losing firefox history would be a huge blow..
[18:15] <hallyn> i don't like leaving anything but small easily verifiable text files when i switch systems (which i just did last week), but i'd cheated and rsynced my old .mozilla
[18:15] <hallyn> yeah, but OTOH having stuff in history leads me to fogetting how to find it :)  i'm juts gonna look on the bright side
[18:18] <sarnold> I wonder how moz does their firefox binary publishing; I wonder if they repurpose an existing binary for the snap, or if the snap is the "right" place to get an ubuntu firefox binary
[18:20] <hallyn> this morning i did an xprop on firefox (bc the WM_NAME had changed, as it turns out to 'Navigator' , which threw off my wm), i noticed that one of the variables said something about Arch linux.
[18:20] <hallyn> i didnt' keep the info around.
[18:22] <sarnold> *navigator*, wow. that's a blast from the past.
[18:25] <hallyn> I KNOW RITE
[18:25] <hallyn> i'm curious how that snuck in :)
[18:25] <hallyn> it wasn't there yesterday
[18:27] <sarnold> is it april? heh
[18:29]  * hallyn checks
[21:57] <jdstrand> hallyn: iirc, snapd keeps backups
[21:58]  * jdstrand tries to find it
[21:58] <jdstrand> hallyn: https://snapcraft.io/docs/snapshots - "Snapshots are generated manually with the snap save command and automatically when a snap is removed."
[22:33] <hallyn> orly
[22:36] <hallyn> i see a zipfile...  will it actually have my homedir stuff?  let's see
[22:38] <hallyn> yeah i see it.  thanks - i'll just encrypt and keep a cpy of htat in case i absolutely need something back :)
[22:57] <sdeziel> hallyn: update kernels are available now
[22:58] <sdeziel> those patching CVE-2022-0847 that is
[23:00] <hallyn> (seems to have dropped, but in case he checks the logs) thanks sdeziel,  updated a few hours ago and tested that the poc stopped working :) \o/
[23:20] <jdstrand> hallyn: \o/ :)