/srv/irclogs.ubuntu.com/2022/05/19/#snappy.txt

mup	PR snapcraft#3738 closed: extensions/desktop: preload bindtextdomain from snap first if it exists <Created by mmtrt> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3738>	00:30
mup	PR snapcraft#3744 closed: cli: enable craft-store logging <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3744>	00:40
mup	PR snapd#11804 opened: interfaces/modem-manager: Only generate DBus plug policy on Core <Created by alexmurray> <https://github.com/snapcore/snapd/pull/11804>	05:38
mardy	amurray: hi! When you have some time, can you go over https://github.com/snapcore/snapd/pulls/mardy and have a look at the PRs which need security review (just not that one in Draft mode)?	05:50
mborzecki	morning	05:53
mardy	mborzecki: hi!	06:23
amurray	mardy: sure - sorry for the delay in getting to some of these - I've not had a lot of bandwidth to devote to snapd reviews lately - is there any which are higher priority than others?	06:27
mardy	amurray: not really, but https://github.com/snapcore/snapd/pull/11786 and https://github.com/snapcore/snapd/pull/11686 already have approvals, so they could be merged (and incidentally they are also the simplest ones to review :-) )	06:31
mup	PR #11786: cmd/snap-confine: mount support cleanups <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11786>	06:31
mup	PR #11686: interfaces/udev: refactor handling of udevadm triggers for input <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11686>	06:31
amurray	yep I am just looking at 11686 now - will do 11786 after - cheers	06:32
mardy	amurray: thanks!!	06:34
mardy	mborzecki: I'm fighting with cgroup file permissions (see https://github.com/snapcore/snapd/runs/6492169759?check_suite_focus=true). I got half of the permissions fixed, but there are a few files that are left	06:35
mardy	mborzecki: like notify_on_release; it does not look like we are creating it	06:35
mardy	(at least, "git grep" does not find anything)	06:36
mborzecki	mardy: no, it's something that's part of the cgroups (filesystem)	06:36
mborzecki	mardy: hm you probably weren't root when the device cgroup was created, remember that we create it ourselves rather than through systemd	06:37
mardy	mborzecki: now the question is, if the parent directory is 0700, and is owned by root, maybe we can agree to not care about the permissions of the leaf files?	06:37
mborzecki	mardy: oh, so you're saying that the directory is owned by root already, but the pseudo files aren't?	06:38
mardy	mborzecki: not exactly, I'm working on it. So, I have this: https://github.com/snapcore/snapd/pull/11803	06:39
mup	PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803>	06:39
mardy	mborzecki: I now fixed the permissions on the parent directory	06:39
mardy	(still unpushed)	06:39
mardy	but the leaf files created by systemd/kernel are still owned by root.<user> (we are still setuid, in that branch -- just not setgid)	06:40
mborzecki	mardy: was the fix just a chown(, 0, 0)?	06:44
pstolowski	morning	07:05
nitin	Hello , May i know, where i can find instruction to compile/install snapd locally from source ? Sorry for this basic question .. I am using Ubuntu 20.04 .. Thank you in advance	07:11
pstolowski	nitin: https://github.com/snapcore/snapd/blob/master/HACKING.md	07:14
nitin	pstolowski: Noted and Thank you	07:19
pstolowski	yw	07:20
mup	PR snapd#11787 closed: portal-info: Add CommonID Field <Created by 3v1n0> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11787>	07:29
mup	PR snapd#11805 opened: release: 2.56 <Squash-merge> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11805>	07:59
mardy	mborzecki: for the parent directory and for the files we create, yes. But those "automatic" files still have the wrong group permissions	08:29
mborzecki	mardy: heh, yeah that's what you get by messing with cgroups directly instead of though systemd 😕 can you temporarily switch uid/gid when creating that directory in the hierarchy?	08:35
mup	PR snapd#11784 closed: secboot: support for changing encryption keys via keymgr <factory reset 🔌> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11784>	09:14
mup	PR snapd#11686 closed: interfaces/udev: refactor handling of udevadm triggers for input <Created by mardy> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11686>	09:29
mardy	mborzecki: I could, but then it won't work once we switch to a cap-only process	09:30
mardy	mborzecki: here's the latest version: it's working, but notice the spread test change: https://github.com/snapcore/snapd/pull/11803	09:31
mup	PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803>	09:31
mup	PR snapd#11800 closed: cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11800>	09:34
mup	PR snapcraft#3745 opened: Fix/core20 ros plugin build failure should stop snapcraft <Created by Guillaumebeuzeboc> <https://github.com/snapcore/snapcraft/pull/3745>	09:56
mup	PR snapd#11806 opened: tests: import spread shellcheck changes <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11806>	10:39
mborzecki	mardy: if we have cap_data_override it should still be fine	11:43
mup	PR snapd#11805 closed: release: 2.56 <Squash-merge> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11805>	13:25
mup	PR snapd#11807 opened: snapcraft.yaml: bump stable branch to release/2.56 <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11807>	13:30
mup	PR snapd#11806 closed: tests: import spread shellcheck changes <Created by sergiocazzolato> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/11806>	14:05

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!