[00:30] <mup> PR snapcraft#3738 closed: extensions/desktop: preload bindtextdomain from snap first if it exists <Created by mmtrt> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3738>
[00:40] <mup> PR snapcraft#3744 closed: cli: enable craft-store logging <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3744>
[05:38] <mup> PR snapd#11804 opened: interfaces/modem-manager: Only generate DBus plug policy on Core <Created by alexmurray> <https://github.com/snapcore/snapd/pull/11804>
[05:50] <mardy> amurray: hi! When you have some time, can you go over https://github.com/snapcore/snapd/pulls/mardy and have a look at the PRs which need security review (just not that one in Draft mode)?
[05:53] <mborzecki> morning
[06:23] <mardy> mborzecki: hi!
[06:27] <amurray> mardy: sure - sorry for the delay in getting to some of these - I've not had a lot of bandwidth to devote to snapd reviews lately - is there any which are higher priority than others?
[06:31] <mardy> amurray: not really, but https://github.com/snapcore/snapd/pull/11786 and https://github.com/snapcore/snapd/pull/11686 already have approvals, so they could be merged (and incidentally they are also the simplest ones to review :-) )
[06:31] <mup> PR #11786: cmd/snap-confine: mount support cleanups <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11786>
[06:31] <mup> PR #11686: interfaces/udev: refactor handling of udevadm triggers for input <Needs security review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11686>
[06:32] <amurray> yep I am just looking at 11686 now - will do 11786 after - cheers
[06:34] <mardy> amurray: thanks!!
[06:35] <mardy> mborzecki: I'm fighting with cgroup file permissions (see https://github.com/snapcore/snapd/runs/6492169759?check_suite_focus=true). I got half of the permissions fixed, but there are a few files that are left
[06:35] <mardy> mborzecki: like notify_on_release; it does not look like we are creating it
[06:36] <mardy> (at least, "git grep" does not find anything)
[06:36] <mborzecki> mardy: no, it's something that's part of the cgroups (filesystem)
[06:37] <mborzecki> mardy: hm you probably weren't root when the device cgroup was created, remember that we create it ourselves rather than through systemd
[06:37] <mardy> mborzecki: now the question is, if the parent directory is 0700, and is owned by root, maybe we can agree to not care about the permissions of the leaf files?
[06:38] <mborzecki> mardy: oh, so you're saying that the directory is owned by root already, but the pseudo files aren't?
[06:39] <mardy> mborzecki: not exactly, I'm working on it. So, I have this: https://github.com/snapcore/snapd/pull/11803
[06:39] <mup> PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803>
[06:39] <mardy> mborzecki: I now fixed the permissions on the parent directory
[06:39] <mardy> (still unpushed)
[06:40] <mardy> but the leaf files created by systemd/kernel are still owned by root.<user> (we are still setuid, in that branch -- just not setgid)
[06:44] <mborzecki> mardy: was the fix just a chown(, 0, 0)?
[07:05] <pstolowski> morning
[07:11] <nitin> Hello ,  May i know, where i can find instruction to compile/install snapd locally from source ? Sorry for this basic question .. I am using Ubuntu 20.04 .. Thank you in advance
[07:14] <pstolowski> nitin: https://github.com/snapcore/snapd/blob/master/HACKING.md
[07:19] <nitin> pstolowski: Noted and Thank you 
[07:20] <pstolowski> yw
[07:29] <mup> PR snapd#11787 closed: portal-info: Add CommonID Field <Created by 3v1n0> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11787>
[07:59] <mup> PR snapd#11805 opened: release: 2.56 <Squash-merge> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11805>
[08:29] <mardy> mborzecki: for the parent directory and for the files we create, yes. But those "automatic" files still have the wrong group permissions
[08:35] <mborzecki> mardy: heh, yeah that's what you get by messing with cgroups directly instead of though systemd 😕 can you temporarily switch uid/gid when creating that directory in the hierarchy?
[09:14] <mup> PR snapd#11784 closed: secboot: support for changing encryption keys via keymgr <factory reset 🔌> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11784>
[09:29] <mup> PR snapd#11686 closed: interfaces/udev: refactor handling of udevadm triggers for input <Created by mardy> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11686>
[09:30] <mardy> mborzecki: I could, but then it won't work once we switch to a cap-only process
[09:31] <mardy> mborzecki: here's the latest version: it's working, but notice the spread test change: https://github.com/snapcore/snapd/pull/11803
[09:31] <mup> PR #11803: cmd/snap-confine: remove setuid calls from cgroup init code <Created by mardy> <https://github.com/snapcore/snapd/pull/11803>
[09:34] <mup> PR snapd#11800 closed: cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11800>
[09:56] <mup> PR snapcraft#3745 opened: Fix/core20 ros plugin build failure should stop snapcraft <Created by Guillaumebeuzeboc> <https://github.com/snapcore/snapcraft/pull/3745>
[10:39] <mup> PR snapd#11806 opened: tests: import spread shellcheck changes <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11806>
[11:43] <mborzecki> mardy: if we have cap_data_override it should still be fine
[13:25] <mup> PR snapd#11805 closed: release: 2.56 <Squash-merge> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11805>
[13:30] <mup> PR snapd#11807 opened: snapcraft.yaml: bump stable branch to release/2.56 <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/11807>
[14:05] <mup> PR snapd#11806 closed: tests: import spread shellcheck changes <Created by sergiocazzolato> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/11806>