mborzecki | morning | 06:15 |
---|---|---|
mup | PR snapd#11788 closed: secboot/keymgr: extend unit tests, add helper for identify keyslot used error <Simple 😃> <factory reset 🔌> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11788> | 06:23 |
pstolowski | morning | 07:10 |
mardy | pstolowski, mborzecki, hi! | 07:33 |
mardy | mborzecki: that issue with sshfs and getting the current directory, maybe it's not such a corner case. I'm starting to think that this autofs bug hits the same issue https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1784774. | 07:34 |
mup | Bug #1784774: snapd is not autofs aware and fails with nfs home dir <snapd:Fix Released by zyga> <firefox (Ubuntu):Confirmed> <snapd (Ubuntu):Incomplete> <https://launchpad.net/bugs/1784774> | 07:34 |
mardy | at least the logs provided by Andrew, show that after a snapd restart, NFS is detected and there are no network denials; but still running a snap fails | 07:35 |
mardy | (and no apparmor denials are reported) | 07:35 |
mborzecki | mardy: about https://bugs.launchpad.net/snapd/+bug/1973321 it's probably itenntional that the current dir fd is set up early, but maybe it's ok to do it as the user, i.e. switching to real uid/gid before? | 08:08 |
mup | Bug #1973321: snaps dont't start when current working directory is on sshfs <snapd:New> <https://launchpad.net/bugs/1973321> | 08:08 |
mardy | mborzecki: yes. On the other hand, we can move it a bit below, I'm preparing a PR now | 09:26 |
mup | PR snapd#11792 opened: many: structured startup timings <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11792> | 09:49 |
mardy | wierd, unless I'm doing something terribly stupid, dropping permissions is not enough (see the commit message): https://github.com/mardy/snapd/commit/7e3a58b5e41f3f64aec54106aa2eeff6d1addcd4 | 10:39 |
mborzecki | mardy: and cwd is on a fuse mounted fs? | 10:45 |
diddledani | I think I have caught the tests modifications needed now, so hopefully spread will pass https://github.com/snapcore/snapd/pull/11785 | 10:47 |
mup | PR #11785: snap-confine: add WSL2 GPU support to strict confinement <Created by diddledani> <https://github.com/snapcore/snapd/pull/11785> | 10:47 |
mardy | mborzecki: yes | 10:48 |
mup | PR snapd#11768 closed: o/snapshotstate: add ~/Snap to snapshots <Created by MiguelPires> <Closed by MiguelPires> <https://github.com/snapcore/snapd/pull/11768> | 11:09 |
mardy | mborzecki: bad news, it seems that the FUSE kernel module checks not only for the effective user ID, but also for the real one: https://github.com/torvalds/linux/blob/master/fs/fuse/dir.c#L1223-L1240 | 11:31 |
mardy | ("uid" is the real one) | 11:32 |
mborzecki | mardy: heh, so looks like there's no way to get it working | 11:37 |
diddledani | mborzecki: not from snapd's side, methinks - it requires the right mount option to allow_root | 11:57 |
mup | PR snapd#11781 closed: o/snapstate: remove deadcode breaking static checks <Simple 😃> <Created by MiguelPires> <Merged by MiguelPires> <https://github.com/snapcore/snapd/pull/11781> | 12:05 |
mborzecki | diddledani: yeah, mardy was trying to find a way without needing to tweak the mount flags, but it looks like that may be no way around it | 12:12 |
diddledani | :'( | 12:13 |
mardy | mborzecki, diddledani: I added a comment in https://bugs.launchpad.net/snapd/+bug/1973321, I think there is a way, but it would require quite some changes to snap-confine | 12:34 |
mup | Bug #1973321: snaps dont't start when current working directory is on sshfs <snapd:New> <https://launchpad.net/bugs/1973321> | 12:34 |
mborzecki | mardy: hm not sure about the caps, we would need to talk to security, caps are too easy to get wrong 🙂 and i think you still need CAP_SYS_ADMIN, but then you wouldn't be able to drop that until the end, would you? | 12:53 |
mborzecki | or at least not until unshare() | 12:54 |
mborzecki | and then CAP_BPF, for a while longer? | 12:54 |
mup | PR snapd#11771 closed: tests: spread test for uc20 preseeding covering snap prepare-image <Preseeding 🍞> <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11771> | 13:50 |
mup | PR snapd#11733 closed: snap/quota: add values for journal quotas (journal quota 2/n) <Simple 😃> <Created by Meulengracht> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11733> | 15:51 |
mup | PR snapd#11793 opened: tests: fix auto-refresh-gating test forcing reset-failed before restart <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11793> | 17:16 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!