New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

snap-confine: add workaround for snap-confine on 4.13/upstream #4256

Merged
merged 5 commits into from Nov 22, 2017

Conversation

Projects
None yet
4 participants
@mvo5
Copy link
Collaborator

mvo5 commented Nov 20, 2017

There is a apparmor failure on linux 4.13/upstream that is showing
in Debian. Adding a apparmor rule as a workaround to unblock the
this.

See also https://forum.snapcraft.io/t/2813

snap-confine: add workaround for snap-confine on 4.13/upstream
There is a apparmor failure on linux 4.13/upstream that is showing
in Debian. Adding a apparmor rule as a workaround to unblock the
this.

See also https://forum.snapcraft.io/t/2813

@mvo5 mvo5 added this to the 2.29 milestone Nov 20, 2017

@mvo5 mvo5 requested a review from zyga Nov 20, 2017

@zyga

zyga approved these changes Nov 20, 2017

Copy link
Contributor

zyga left a comment

+1

@jdstrand
Copy link
Contributor

jdstrand left a comment

I would've preferred this be in a snippet I think, but won't block on that. This rule is ok as a workaround as the ptrace is only for snap-confine itself (ptracing oneself does allow breaking out of the seccomp sandbox on Linux <4.8, but snap-confine isn't confined by the seccomp sandbox, so it's ok).

@codecov-io

This comment has been minimized.

Copy link

codecov-io commented Nov 20, 2017

Codecov Report

Merging #4256 into master will increase coverage by <.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4256      +/-   ##
==========================================
+ Coverage   75.96%   75.96%   +<.01%     
==========================================
  Files         440      440              
  Lines       38428    38428              
==========================================
+ Hits        29190    29191       +1     
+ Misses       7224     7223       -1     
  Partials     2014     2014
Impacted Files Coverage Δ
cmd/snap/cmd_aliases.go 95% <0%> (+1.66%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f3a6c2c...9604acc. Read the comment docs.

@mvo5 mvo5 force-pushed the mvo5:debian-apparmor-workaround branch from fb9dc0f to a4f515b Nov 20, 2017

@zyga zyga merged commit 69c2f9c into snapcore:master Nov 22, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment