[06:07] morning [07:07] morning [08:16] PR snapd#11765 opened: deps: bump libseccomp to include build fixes, run unit tests using CC=clang [08:36] PR snapd#11766 opened: wrappers: refactor EnsureSnapServices [10:02] PR snapd#11767 opened: osutil/disks: partition UUID lookup [11:02] PR snapd#11768 opened: o/snapshotstate: add ~/Snap to snapshots [15:08] PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths [15:23] PR snapd#11761 opened: image/preseed: umount the base snap last after writable paths [19:29] PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths [22:24] hi snapcrafters! i'd like to modify the firefox snap apparmor profile to allow it to access USB security keys [22:25] i've found a set of modifications that seem to work, at https://askubuntu.com/questions/1175950/apparmor-enforce-mode-prevents-firefox-from-reading-u2f-security-key [22:25] and i can make the changes manually, but every time the snap refreshes it overwrites my changes [22:25] is there a) any chance of getting these changes merged into the actual snap itself and b) a way to keep these changes between refreshes? [23:04] MrConorAE, if you have an USB key that is not working, you shuld rater get it added to the u2f interface https://forum.snapcraft.io/t/the-u2f-devices-interface/9722 ... [23:04] MrConorAE, i.e. it should likely be added to the list at https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go#L44 [23:05] just to clarify: this is a new interface that I would connect Firefox to (with snap connect)? [23:05] it is an old interface that firefox auto-connects already ... but unknown keys will be ignored [23:06] hm [23:06] problem is that i'm using WearAuthn, an app that lets you use a WearOS watch as a security key [23:06] meaning that each watch model will appear differently [23:06] https://github.com/fmeum/WearAuthn [23:07] then you should open a thread on forum.snapcraft.io in the snapd category [23:07] it's mentioned in their README [23:07] like this? https://forum.snapcraft.io/t/modify-firefox-apparmor-to-access-usb-security-keys/29915 [23:08] i'll modify it in a moment to add the WearAuthn bit [23:08] err, no [23:09] ok, withdrew it [23:09] pretty much the opposite 🙂 start a discussion how to get your wearOS stuff integrated properly instead of promoting a hack to work around confinement [23:10] if it shows up as hidraw device there is perhaps a common udev criteria or whatnot that makes it possible to identify such devices and grant them permissions [23:11] the u2f interface clearly grants all you need, but wants a way to check the device is known [23:11] that should likely get etended [23:11] *extended [23:17] ah ok [23:17] i've opened an issue on WearAuthn to ask what vendor/id it uses [23:17] if it's one consistent one, then i can ask for that to be added to the u2f list [23:18] 👍 [23:19] if not - e.g. it uses the id of your bluetooth adapter, or it is actually different for each watch model - then could we ask u2f to add that? or is that not gonna happen [23:19] that's something you should start a discussion about on the forum 😉 [23:19] ok :) [23:19] thanks a lot for your help [23:20] np [23:20] getting it integrated into the snap is definetly a better solution than hacking it around the confinement [23:20] yep [23:28] quick question [23:28] i just checked, and it does show up as a hidraw device [23:28] how do i check what the id is for that? [23:29] it's not in lsusb