[06:15] morning [06:23] PR snapd#11788 closed: secboot/keymgr: extend unit tests, add helper for identify keyslot used error [07:10] morning [07:33] pstolowski, mborzecki, hi! [07:34] mborzecki: that issue with sshfs and getting the current directory, maybe it's not such a corner case. I'm starting to think that this autofs bug hits the same issue https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1784774. [07:34] Bug #1784774: snapd is not autofs aware and fails with nfs home dir [07:35] at least the logs provided by Andrew, show that after a snapd restart, NFS is detected and there are no network denials; but still running a snap fails [07:35] (and no apparmor denials are reported) [08:08] mardy: about https://bugs.launchpad.net/snapd/+bug/1973321 it's probably itenntional that the current dir fd is set up early, but maybe it's ok to do it as the user, i.e. switching to real uid/gid before? [08:08] Bug #1973321: snaps dont't start when current working directory is on sshfs [09:26] mborzecki: yes. On the other hand, we can move it a bit below, I'm preparing a PR now [09:49] PR snapd#11792 opened: many: structured startup timings [10:39] wierd, unless I'm doing something terribly stupid, dropping permissions is not enough (see the commit message): https://github.com/mardy/snapd/commit/7e3a58b5e41f3f64aec54106aa2eeff6d1addcd4 [10:45] mardy: and cwd is on a fuse mounted fs? [10:47] I think I have caught the tests modifications needed now, so hopefully spread will pass https://github.com/snapcore/snapd/pull/11785 [10:47] PR #11785: snap-confine: add WSL2 GPU support to strict confinement [10:48] mborzecki: yes [11:09] PR snapd#11768 closed: o/snapshotstate: add ~/Snap to snapshots [11:31] mborzecki: bad news, it seems that the FUSE kernel module checks not only for the effective user ID, but also for the real one: https://github.com/torvalds/linux/blob/master/fs/fuse/dir.c#L1223-L1240 [11:32] ("uid" is the real one) [11:37] mardy: heh, so looks like there's no way to get it working [11:57] mborzecki: not from snapd's side, methinks - it requires the right mount option to allow_root [12:05] PR snapd#11781 closed: o/snapstate: remove deadcode breaking static checks [12:12] diddledani: yeah, mardy was trying to find a way without needing to tweak the mount flags, but it looks like that may be no way around it [12:13] :'( [12:34] mborzecki, diddledani: I added a comment in https://bugs.launchpad.net/snapd/+bug/1973321, I think there is a way, but it would require quite some changes to snap-confine [12:34] Bug #1973321: snaps dont't start when current working directory is on sshfs [12:53] mardy: hm not sure about the caps, we would need to talk to security, caps are too easy to get wrong 🙂 and i think you still need CAP_SYS_ADMIN, but then you wouldn't be able to drop that until the end, would you? [12:54] or at least not until unshare() [12:54] and then CAP_BPF, for a while longer? [13:50] PR snapd#11771 closed: tests: spread test for uc20 preseeding covering snap prepare-image [15:51] PR snapd#11733 closed: snap/quota: add values for journal quotas (journal quota 2/n) [17:16] PR snapd#11793 opened: tests: fix auto-refresh-gating test forcing reset-failed before restart