mup | PR snapcraft#3738 closed: extensions/desktop: preload bindtextdomain from snap first if it exists <Created by mmtrt> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3738> | 00:30 |
---|---|---|
mup | PR snapcraft#3744 closed: cli: enable craft-store logging <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3744> | 00:40 |
mup | PR snapd#11804 opened: interfaces/modem-manager: Only generate DBus plug policy on Core <Created by alexmurray> <https://github.com/snapcore/snapd/pull/11804> | 05:38 |
mardy | amurray: hi! When you have some time, can you go over https://github.com/snapcore/snapd/pulls/mardy and have a look at the PRs which need security review (just not that one in Draft mode)? | 05:50 |
mborzecki | morning | 05:53 |
mardy | mborzecki: hi! | 06:23 |
amurray | mardy: sure - sorry for the delay in getting to some of these - I've not had a lot of bandwidth to devote to snapd reviews lately - is there any which are higher priority than others? | 06:27 |
mardy | amurray: not really, but https://github.com/snapcore/snapd/pull/11786 and https://github.com/snapcore/snapd/pull/11686 already have approvals, so they could be merged (and incidentally they are also the simplest ones to review :-) ) | 06:31 |
mup | PR #11786: cmd/snap-confine: mount support cleanups <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11786> | 06:31 |
mup | PR #11686: interfaces/udev: refactor handling of udevadm triggers for input <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11686> | 06:31 |
amurray | yep I am just looking at 11686 now - will do 11786 after - cheers | 06:32 |
mardy | amurray: thanks!! | 06:34 |
mardy | mborzecki: I'm fighting with cgroup file permissions (see https://github.com/snapcore/snapd/runs/6492169759?check_suite_focus=true). I got half of the permissions fixed, but there are a few files that are left | 06:35 |
mardy | mborzecki: like notify_on_release; it does not look like we are creating it | 06:35 |
mardy | (at least, "git grep" does not find anything) | 06:36 |
mborzecki | mardy: no, it's something that's part of the cgroups (filesystem) | 06:36 |
mborzecki | mardy: hm you probably weren't root when the device cgroup was created, remember that we create it ourselves rather than through systemd | 06:37 |
mardy | mborzecki: now the question is, if the parent directory is 0700, and is owned by root, maybe we can agree to not care about the permissions of the leaf files? | 06:37 |
mborzecki | mardy: oh, so you're saying that the directory is owned by root already, but the pseudo files aren't? | 06:38 |
mardy | mborzecki: not exactly, I'm working on it. So, I have this: https://github.com/snapcore/snapd/pull/11803 | 06:39 |
mup | PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803> | 06:39 |
mardy | mborzecki: I now fixed the permissions on the parent directory | 06:39 |
mardy | (still unpushed) | 06:39 |
mardy | but the leaf files created by systemd/kernel are still owned by root.<user> (we are still setuid, in that branch -- just not setgid) | 06:40 |
mborzecki | mardy: was the fix just a chown(, 0, 0)? | 06:44 |
pstolowski | morning | 07:05 |
nitin | Hello , May i know, where i can find instruction to compile/install snapd locally from source ? Sorry for this basic question .. I am using Ubuntu 20.04 .. Thank you in advance | 07:11 |
pstolowski | nitin: https://github.com/snapcore/snapd/blob/master/HACKING.md | 07:14 |
nitin | pstolowski: Noted and Thank you | 07:19 |
pstolowski | yw | 07:20 |
mup | PR snapd#11787 closed: portal-info: Add CommonID Field <Created by 3v1n0> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11787> | 07:29 |
mup | PR snapd#11805 opened: release: 2.56 <Squash-merge> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11805> | 07:59 |
mardy | mborzecki: for the parent directory and for the files we create, yes. But those "automatic" files still have the wrong group permissions | 08:29 |
mborzecki | mardy: heh, yeah that's what you get by messing with cgroups directly instead of though systemd 😕 can you temporarily switch uid/gid when creating that directory in the hierarchy? | 08:35 |
mup | PR snapd#11784 closed: secboot: support for changing encryption keys via keymgr <factory reset 🔌> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11784> | 09:14 |
mup | PR snapd#11686 closed: interfaces/udev: refactor handling of udevadm triggers for input <Created by mardy> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11686> | 09:29 |
mardy | mborzecki: I could, but then it won't work once we switch to a cap-only process | 09:30 |
mardy | mborzecki: here's the latest version: it's working, but notice the spread test change: https://github.com/snapcore/snapd/pull/11803 | 09:31 |
mup | PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803> | 09:31 |
mup | PR snapd#11800 closed: cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11800> | 09:34 |
mup | PR snapcraft#3745 opened: Fix/core20 ros plugin build failure should stop snapcraft <Created by Guillaumebeuzeboc> <https://github.com/snapcore/snapcraft/pull/3745> | 09:56 |
mup | PR snapd#11806 opened: tests: import spread shellcheck changes <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11806> | 10:39 |
mborzecki | mardy: if we have cap_data_override it should still be fine | 11:43 |
mup | PR snapd#11805 closed: release: 2.56 <Squash-merge> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11805> | 13:25 |
mup | PR snapd#11807 opened: snapcraft.yaml: bump stable branch to release/2.56 <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11807> | 13:30 |
mup | PR snapd#11806 closed: tests: import spread shellcheck changes <Created by sergiocazzolato> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/11806> | 14:05 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!