[06:07] <mborzecki> morning
[07:07] <pstolowski> morning
[08:16] <mup> PR snapd#11765 opened: deps: bump libseccomp to include build fixes, run unit tests using CC=clang <Simple 😃> <Needs security review> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11765>
[08:36] <mup> PR snapd#11766 opened: wrappers: refactor EnsureSnapServices <Created by Meulengracht> <https://github.com/snapcore/snapd/pull/11766>
[10:02] <mup> PR snapd#11767 opened: osutil/disks: partition UUID lookup <Simple 😃> <factory reset 🔌> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11767>
[11:02] <mup> PR snapd#11768 opened: o/snapshotstate: add ~/Snap to snapshots <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/11768>
[15:08] <mup> PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <Closed by stolowski> <https://github.com/snapcore/snapd/pull/11761>
[15:23] <mup> PR snapd#11761 opened: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/11761>
[19:29] <mup> PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/11761>
[22:24] <MrConorAE> hi snapcrafters! i'd like to modify the firefox snap apparmor profile to allow it to access USB security keys
[22:25] <MrConorAE> i've found a set of modifications that seem to work, at https://askubuntu.com/questions/1175950/apparmor-enforce-mode-prevents-firefox-from-reading-u2f-security-key
[22:25] <MrConorAE> and i can make the changes manually, but every time the snap refreshes it overwrites my changes
[22:25] <MrConorAE> is there a) any chance of getting these changes merged into the actual snap itself and b) a way to keep these changes between refreshes?
[23:04] <ogra> MrConorAE, if you have an USB key that is not working, you shuld rater get it added to the u2f interface https://forum.snapcraft.io/t/the-u2f-devices-interface/9722 ... 
[23:04] <ogra> MrConorAE, i.e. it should likely be added to the list at https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go#L44
[23:05] <MrConorAE> just to clarify: this is a new interface that I would connect Firefox to (with snap connect)?
[23:05] <ogra> it is an old interface that firefox auto-connects already ... but unknown keys will be ignored
[23:06] <MrConorAE> hm
[23:06] <MrConorAE> problem is that i'm using WearAuthn, an app that lets you use a WearOS watch as a security key
[23:06] <MrConorAE> meaning that each watch model will appear differently
[23:06] <MrConorAE> https://github.com/fmeum/WearAuthn
[23:07] <ogra> then you should open a thread on forum.snapcraft.io in the snapd category 
[23:07] <MrConorAE> it's mentioned in their README
[23:07] <MrConorAE> like this? https://forum.snapcraft.io/t/modify-firefox-apparmor-to-access-usb-security-keys/29915
[23:08] <MrConorAE> i'll modify it in a moment to add the WearAuthn bit
[23:08] <ogra> err, no
[23:09] <MrConorAE> ok, withdrew it
[23:09] <ogra> pretty much the opposite 🙂 start a discussion how to get your wearOS stuff integrated properly instead of promoting a hack to work around confinement 
[23:10] <ogra> if it shows up as hidraw device there is perhaps a common udev criteria or whatnot that makes it possible to identify such devices and grant them permissions
[23:11] <ogra> the u2f interface clearly grants all you need, but wants a way to check the device is known 
[23:11] <ogra> that should likely get etended
[23:11] <ogra> *extended
[23:17] <MrConorAE> ah ok
[23:17] <MrConorAE> i've opened an issue on WearAuthn to ask what vendor/id it uses
[23:17] <MrConorAE> if it's one consistent one, then i can ask for that to be added to the u2f list
[23:18] <ogra> 👍
[23:19] <MrConorAE> if not - e.g. it uses the id of your bluetooth adapter, or it is actually different for each watch model - then could we ask u2f to add that? or is that not gonna happen
[23:19] <ogra> that's something you should start a discussion about on the forum 😉
[23:19] <MrConorAE> ok :)
[23:19] <MrConorAE> thanks a lot for your help
[23:20] <ogra> np
[23:20] <MrConorAE> getting it integrated into the snap is definetly a better solution than hacking it around the confinement
[23:20] <ogra> yep
[23:28] <MrConorAE> quick question
[23:28] <MrConorAE> i just checked, and it does show up as a hidraw device
[23:28] <MrConorAE> how do i check what the id is for that?
[23:29] <MrConorAE> it's not in lsusb