[01:14] <mup> PR snapcraft#3788 closed: parts: correct spelling of build-base in yaml_utils.load <Created by jhenstridge> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3788>
[02:34] <mup> PR snapcraft#3789 opened: store: support login --with <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3789>
[02:40] <tmpm697> hi all, just ask in #ubuntu but i just found this channel is more accurate to post issue related to snapd
[02:40] <tmpm697> i had snap version here: https://0x0.st/ouPT.txt
[02:41] <tmpm697> basically i use microk8s via snapd and microk8s enable dns and then microk8s reset, but after reset k get all -A still show resources there (old pods spawned by 'microk8s enable dns' command), why?
[02:42] <tmpm697> i expect soemhow microk8s.reset will remove all resources, but it didn't
[05:45] <mborzecki> morning
[06:08] <zyga[m]> hello
[06:22] <mardy> hi mborzecki, zyga[m]!
[06:22] <zyga[m]> hey guys
[06:23] <zyga[m]> any news on refresh-allowed?
[06:23] <mborzecki> heya
[06:24] <mborzecki> zyga: no, i don't think pedronis has looked at it yet
[06:25] <zyga[m]> okay, in case I miss it please ping me once there's some idea on what's next
[06:59] <mardy> mborzecki: I've got a meeting starting now, so I'll ping you later about your comment on https://github.com/snapcore/snapd/pull/11665
[06:59] <mup> PR #11665: cmd/snap-confine: be compatible with a snap rootfs built as a tmpfs <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11665>
[06:59] <mardy> mborzecki: do I understand it correctly, that the issue is that when you request a layout inside a read-only fs, snapd creates a full mimic over a tmpfs?
[07:01] <mborzecki> mardy: no, when I added a layout under say /usr/foo, it creates a mimic on /usr, which then will have major:minor of a tmpfs device rather than the base snap
[07:01] <mborzecki> so the stale base check would compare different dev_t now
[07:02] <mborzecki> does this make sense? 🙂
[07:16] <mup> PR snapd#11477 closed: usersession/userd: ask the user whether to open the URL by given app <⛔ Blocked> <Needs security review> <Created by bboozzoo> <Closed by bboozzoo> <https://github.com/snapcore/snapd/pull/11477>
[07:32] <mardy> mborzecki: yes, it does. I'll rework the branch a bit; I guess all what I can do in that case, is to discard the namespace, right? Because in that case I'm not sure what I could check to determine whether the NS is stale...
[07:34] <mardy> mborzecki: the whole point of the should_discard_current_ns() function is to determine if the base snap changed, right? Or is there more?
[07:41] <mup> PR snapd#11842 closed: o/ifacestate: warn if the snapd.apparmor service is disabled <Created by mardy> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11842>
[07:54] <zyga[m]> @mardy:libera.chat: yeah, that's roughly it
[07:57] <mardy> zyga[m]: thanks. I've got another question, that digging into the git history didn't help to answer: do you know if this die() line could be just replaced with a "return true"? https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/ns-support.c#L303
[07:57] <zyga[m]> perhaps but the general desire was to avoid error handling and just die die die
[07:58] <zyga[m]> this is harder to attack at the cost of some ux in edge cases
[07:58] <mardy> I see
[07:58] <mardy> though in this case (if the namespace was messed up), we would just discard it, so it should be rather safe
[07:59] <mborzecki> mardy: yup, that's the crux of the check, whether that's useful well 🙂
[07:59] <mborzecki> mardy: i wait for the day when we drop the preserved mount ns and really just create everythign from scratch each time
[08:01] <zyga[m]> yeah, that might be easier
[08:03] <zyga[m]> although I think it's not easy to say it's safe :)
[08:37] <mup> PR snapd#11689 closed: tests/nested/manual/core20-early-config: revert changes that disable netplan checks <Simple 😃> <Run nested> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11689>
[08:37] <mup> PR snapd#11861 closed: interfaces/system-packages-doc: allow read-only access to /usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/ <Created by lissyx> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/11861>
[09:10] <mardy> mborzecki: I replied to your comment on https://github.com/snapcore/snapd/pull/11665, your feedback on how to proceed is highly welcome :-)
[09:10] <mup> PR #11665: cmd/snap-confine: be compatible with a snap rootfs built as a tmpfs <Needs Samuele review> <Created by mardy> <https://github.com/snapcore/snapd/pull/11665>
[09:17] <mborzecki> mardy: looks reasonable, remember to run make fmt on the code though 🙂
[10:02] <mup> PR snapd#11874 opened: gadget: check also mbr type when testing for implicit data partition <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/11874>
[12:02] <mup> PR snapd#11875 opened: o/assertstate: support multiple extra validation sets in EnforcedValidationSets <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/11875>
[14:20] <mup> PR snapcraft#3789 closed: store: support login --with <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3789>
[16:54] <mup> PR snapd#11876 opened: tests: add support for uc22 in listing test <Simple 😃> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11876>
[21:00] <mup> PR snapd#11877 opened: tests: enable mount-order-regression test for arm devices <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11877>
[23:06] <mup> PR snapcraft#3790 opened: lifecyle: root level build-packages and build-snaps <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3790>
[23:21] <mup> PR snapcraft#3791 opened: packaging: ignore craftctl python environment variables <Created by cmatsuoka> <https://github.com/snapcore/snapcraft/pull/3791>