[09:50] <schopin> sbeattie: you might want to have a look at https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1964098 :)
[09:50] <ubottu> Launchpad bug 1964098 in rustc (Ubuntu) "[FFe] Versioned packages for Rust toolchain" [Undecided, New]
[14:19] <sbeattie> schopin: thanks!
[15:05] <hallyn> sigh - i'm being lazy here, but is there a way for me to post an extra apparmor profile snipped for a snap (firefox, specifically)?  /etc/dnsmasq.d/ style?  That'll just get appended to the shipped policy?
[15:05] <hallyn> something like https://stackoverflow.com/questions/44174234/apparmor-profile-for-libreoffice-in-a-ubuntu-snap-package
[15:06] <hallyn> I want firefox to be allowed to run /usr/local/bin/st and /usr/bin/vim
[15:44] <hallyn> i'm on impish.  should it have a kernel immune to dirtypipez?
[15:44] <hallyn> (cuase, it doesn't :(  )   
[15:45] <ebarretto> georgiag, ^ 
[15:45] <sdeziel> hallyn: fixed kernels are apparently going to be released in the next 24h
[15:46] <hallyn> :cringe:
[15:46] <hallyn> ok thanks
[15:54] <georgiag> hallyn: I don't think there's currently a way to have a policy on top of the current snap policy for firefox. as a workaround, you can change the snap firefox policy and reload it, but that's temporary - snap will reload the original unchanged policy after a while
[15:58] <hallyn> :(
[15:58] <jjohansen> hallyn: georgiag is right. This is one of those things that is planned for but we just haven't had time to do yet
[15:59] <hallyn> so the 'snap policy' includes 'apparmor policy'?  Where do I find that?
[15:59] <jjohansen> basically there are two things that are wip to do this
[15:59] <jjohansen> 1. being able to "inherit" from a profile
[15:59] <hallyn> will you slap me if i say you should hire someone? :)
[16:00] <jjohansen> 2. Being able to specify an overlay location
[16:00] <jjohansen> hahaha
[16:00] <hallyn> what would inherit from what?  
[16:01] <hallyn> it seems like the notion of "connecting" would be useful...  which ionly mention bc i readsomewhere about snap connect or something
[16:01] <jjohansen> so you could specify a new profile, inheriting from another profile, and then add new rules to that profile
[16:01] <hallyn> ok
[16:02] <hallyn> that would be perfect
[16:02] <hallyn> but so in the meantime where woudl i find the polcy to update?  having t oupdate it after every snap refresh is better than nothing
[16:02] <hallyn> i can script that :)
[16:03] <jjohansen> /var/lib/snapd/apparmor/profiles/
[16:04] <sbeattie> hallyn: you're hired! (I wish)
[16:04] <hallyn> thanks jjohansen 
[16:04] <hallyn> sbeattie: hirenapping is illegal
[16:05] <sbeattie> hallyn: uh-hunh, sure, if you say so.
[16:06] <hallyn> "laws are subject to interpretation"
[17:01] <sarnold> look if you just want to do the work without being paid, that's fine by us too...
[17:27] <hallyn> :)    deal!
[17:27] <hallyn> ok so i need to go find snap help i guess
[17:36] <hallyn> ugh this is a pain.  maybe i should just move to the apt package
[17:36] <jjohansen> yeah, that is what I have done for the moment
[17:37] <hallyn> otherwise it looks like i need to learn what 'stage' and 'prime' mean.  (I need to bind in /usr/bin/vim into the chroot)
[17:45] <hallyn> wow.  i did "snap remove firefox", and it removed my profile from my homedir!
[17:45] <jjohansen> O_o
[17:45] <hallyn> Now I"m very angry.  Maybe it's time to move to void linux
[18:09] <sarnold> I do keep hearing good things about void
[18:10] <sarnold> snap remove firefox killing your user profile is vastly uncool
[18:13] <hallyn> and i didn't have a backup :(
[18:13] <sarnold> :(
[18:14] <hallyn> well, i'm taking the opportunity to clear my bookmarks and make sure my extensions haven't gotten a long-lived trojan over time :)
[18:14] <sarnold> losing firefox history would be a huge blow..
[18:15] <hallyn> i don't like leaving anything but small easily verifiable text files when i switch systems (which i just did last week), but i'd cheated and rsynced my old .mozilla
[18:15] <hallyn> yeah, but OTOH having stuff in history leads me to fogetting how to find it :)  i'm juts gonna look on the bright side
[18:18] <sarnold> I wonder how moz does their firefox binary publishing; I wonder if they repurpose an existing binary for the snap, or if the snap is the "right" place to get an ubuntu firefox binary
[18:20] <hallyn> this morning i did an xprop on firefox (bc the WM_NAME had changed, as it turns out to 'Navigator' , which threw off my wm), i noticed that one of the variables said something about Arch linux.
[18:20] <hallyn> i didnt' keep the info around.
[18:22] <sarnold> *navigator*, wow. that's a blast from the past.
[18:25] <hallyn> I KNOW RITE
[18:25] <hallyn> i'm curious how that snuck in :)
[18:25] <hallyn> it wasn't there yesterday
[18:27] <sarnold> is it april? heh
[18:29]  * hallyn checks
[21:57] <jdstrand> hallyn: iirc, snapd keeps backups
[21:58]  * jdstrand tries to find it
[21:58] <jdstrand> hallyn: https://snapcraft.io/docs/snapshots - "Snapshots are generated manually with the snap save command and automatically when a snap is removed."
[22:33] <hallyn> orly
[22:36] <hallyn> i see a zipfile...  will it actually have my homedir stuff?  let's see
[22:38] <hallyn> yeah i see it.  thanks - i'll just encrypt and keep a cpy of htat in case i absolutely need something back :)
[22:57] <sdeziel> hallyn: update kernels are available now
[22:58] <sdeziel> those patching CVE-2022-0847 that is
[22:58] <ubottu> A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the syste... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847>
[23:00] <hallyn> (seems to have dropped, but in case he checks the logs) thanks sdeziel,  updated a few hours ago and tested that the poc stopped working :) \o/
[23:20] <jdstrand> hallyn: \o/ :)