[06:15] <mborzecki> morning
[06:23] <mup> PR snapd#11788 closed: secboot/keymgr: extend unit tests, add helper for identify keyslot used error <Simple 😃> <factory reset 🔌> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11788>
[07:10] <pstolowski> morning
[07:33] <mardy> pstolowski, mborzecki, hi!
[07:34] <mardy> mborzecki: that issue with sshfs and getting the current directory, maybe it's not such a corner case. I'm starting to think that this autofs bug hits the same issue https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1784774.
[07:34] <mup> Bug #1784774: snapd is not autofs aware and fails with nfs home dir <snapd:Fix Released by zyga> <firefox (Ubuntu):Confirmed> <snapd (Ubuntu):Incomplete> <https://launchpad.net/bugs/1784774>
[07:35] <mardy> at least the logs provided by Andrew, show that after a snapd restart, NFS is detected and there are no network denials; but still running a snap fails
[07:35] <mardy> (and no apparmor denials are reported)
[08:08] <mborzecki> mardy: about https://bugs.launchpad.net/snapd/+bug/1973321 it's probably itenntional that the current dir fd is set up early, but maybe it's ok to do it as the user, i.e. switching to real uid/gid before?
[08:08] <mup> Bug #1973321: snaps dont't start when current working directory is on sshfs <snapd:New> <https://launchpad.net/bugs/1973321>
[09:26] <mardy> mborzecki: yes. On the other hand, we can move it a bit below, I'm preparing a PR now
[09:49] <mup> PR snapd#11792 opened: many: structured startup timings <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11792>
[10:39] <mardy> wierd, unless I'm doing something terribly stupid, dropping permissions is not enough (see the commit message): https://github.com/mardy/snapd/commit/7e3a58b5e41f3f64aec54106aa2eeff6d1addcd4
[10:45] <mborzecki> mardy: and cwd is on a fuse mounted fs?
[10:47] <diddledani> I think I have caught the tests modifications needed now, so hopefully spread will pass https://github.com/snapcore/snapd/pull/11785
[10:47] <mup> PR #11785: snap-confine: add WSL2 GPU support to strict confinement <Created by diddledani> <https://github.com/snapcore/snapd/pull/11785>
[10:48] <mardy> mborzecki: yes
[11:09] <mup> PR snapd#11768 closed: o/snapshotstate: add ~/Snap to snapshots <Created by MiguelPires> <Closed by MiguelPires> <https://github.com/snapcore/snapd/pull/11768>
[11:31] <mardy> mborzecki: bad news, it seems that the FUSE kernel module checks not only for the effective user ID, but also for the real one: https://github.com/torvalds/linux/blob/master/fs/fuse/dir.c#L1223-L1240
[11:32] <mardy> ("uid" is the real one)
[11:37] <mborzecki> mardy: heh, so looks like there's no way to get it working
[11:57] <diddledani> mborzecki: not from snapd's side, methinks - it requires the right mount option to allow_root
[12:05] <mup> PR snapd#11781 closed: o/snapstate: remove deadcode breaking static checks <Simple 😃> <Created by MiguelPires> <Merged by MiguelPires> <https://github.com/snapcore/snapd/pull/11781>
[12:12] <mborzecki> diddledani: yeah, mardy was trying to find a way without needing to tweak the mount flags, but it looks like that may be no way around it
[12:13] <diddledani> :'(
[12:34] <mardy> mborzecki, diddledani: I added a comment in https://bugs.launchpad.net/snapd/+bug/1973321, I think there is a way, but it would require quite some changes to snap-confine
[12:34] <mup> Bug #1973321: snaps dont't start when current working directory is on sshfs <snapd:New> <https://launchpad.net/bugs/1973321>
[12:53] <mborzecki> mardy: hm not sure about the caps, we would need to talk to security, caps are too easy to get wrong 🙂 and i think you still need CAP_SYS_ADMIN, but then you wouldn't be able to drop that until the end, would you?
[12:54] <mborzecki> or at least not until unshare()
[12:54] <mborzecki> and then CAP_BPF, for a while longer?
[13:50] <mup> PR snapd#11771 closed: tests: spread test for uc20 preseeding covering snap prepare-image <Preseeding 🍞> <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11771>
[15:51] <mup> PR snapd#11733 closed: snap/quota: add values for journal quotas (journal quota 2/n) <Simple 😃> <Created by Meulengracht> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11733>
[17:16] <mup> PR snapd#11793 opened: tests: fix auto-refresh-gating test forcing reset-failed before restart <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11793>