Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

interfaces/many: misc updates for default, browser-support, opengl, desktop, unity7, x11 #4359

Merged
merged 7 commits into from Dec 6, 2017
Merged

interfaces/many: misc updates for default, browser-support, opengl, desktop, unity7, x11 #4359

merged 7 commits into from Dec 6, 2017

Conversation

jdstrand
Copy link

@jdstrand jdstrand commented Dec 5, 2017

  • interfaces/{desktop,unity7}: allow receiving ActionInvoked notification signal
  • interfaces/{desktop,unity7,x11}: allow reading fonts in ~/.local/share/fonts
  • interfaces: allow reads on /etc/default/nss (NSS configuration) by default
  • interfaces/opengl: allow read on /etc/vdpau_wrapper.cfg
  • remove leading whitespace in apparmor policy in opengl interface
  • interfaces/browser-support: allow mknod() syscall for chromium nividiactl

Note the opengl changes look larger than they are: the first commit just removes leading whitespace and was confirmed to do nothing else with git diff -w. The individual commit at 6b8f3ee shows that better, with 4b996f4 showing the real change.

Jamie Strandboge added 7 commits December 5, 2017 16:40
interfaces/browser-support: allow mknod() syscall for chromium nividi…
61a6c53 
…actl

Since snapd still uses SECCOMP_RET_KILL, we have added a seccomp workaround
rule to allow mknod on character devices because chromium unconditionally
performs a mknod() to create the /dev/nvidiactl device, regardless of if it
exists or not or if the process has CAP_MKNOD or not. Since we don't want to
actually grant the ability to create character devices, explicitly deny the
capability. When snapd uses SECCOMP_RET_ERRNO, we can remove these rules.

References:
https://forum.snapcraft.io/t/call-for-testing-chromium-62-0-3202-62/2569/46
interfaces/joystick: allow checking supported event reports for input…
82616ef 
… devices

References:
https://www.kernel.org/doc/Documentation/input/event-codes.txt
https://forum.snapcraft.io/t/joysick-access-for-sdl2-apps/3027
remove leading whitespace in apparmor policy in opengl interface
6b8f3ee
interfaces/opengl: allow read on /etc/vdpau_wrapper.cfg
4b996f4
interfaces: allow reads on /etc/default/nss (NSS configuration) by de…
f203206 
…fault
interfaces/{desktop,unity7,x11}: allow reading fonts in ~/.local/shar…
6150dd8 
…e/fonts

References:
ubuntu/snapcraft-desktop-helpers#85
interfaces/{desktop,unity7}: allow receiving ActionInvoked notificati…
9695288 
…on signal

References:
https://forum.snapcraft.io/t/call-for-testing-mailspring/2849/26
@jdstrand jdstrand mentioned this pull request Dec 5, 2017
Open
@mvo5 mvo5 added this to the 2.30 milestone Dec 5, 2017
@jdstrand jdstrand mentioned this pull request Dec 5, 2017
Merged
@jdstrand jdstrand removed this from the 2.30 milestone Dec 5, 2017
mvo5
mvo5 approved these changes Dec 5, 2017
View reviewed changes
Copy link
Collaborator

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bboozzoo
Copy link
Collaborator

bboozzoo commented Dec 6, 2017

ubuntu-14.04 prepare failed with:

# cd .; git clone https://go.googlesource.com/crypto /home/gopath/.cache/govendor/golang.org/x/crypto
Cloning into '/home/gopath/.cache/govendor/golang.org/x/crypto'...
fatal: unable to access 'https://go.googlesource.com/crypto/': The requested URL returned error: 502
Error: Remotes failed for:
	Failed for "golang.org/x/crypto/cast5" (failed to clone repo): exit status 128

I've restarted the build.

@codecov-io
Copy link

Codecov Report

Merging #4359 into master will increase coverage by 0.05%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4359      +/-   ##
==========================================
+ Coverage   77.91%   77.96%   +0.05%     
==========================================
  Files         446      446              
  Lines       30820    30816       -4     
==========================================
+ Hits        24014    24027      +13     
+ Misses       4797     4780      -17     
  Partials     2009     2009
Impacted Files Coverage Δ
interfaces/builtin/unity7.go 68.18% <ø> (ø) ⬆️
interfaces/builtin/opengl.go 100% <ø> (ø) ⬆️
interfaces/builtin/browser_support.go 75% <ø> (ø) ⬆️
interfaces/builtin/joystick.go 100% <ø> (ø) ⬆️
interfaces/builtin/x11.go 100% <ø> (ø) ⬆️
interfaces/builtin/desktop.go 87.5% <ø> (ø) ⬆️
userd/userd.go 0% <0%> (ø) ⬆️
userd/launcher.go 68.42% <0%> (+68.42%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update caf7d6d...9695288. Read the comment docs.

@mvo5 mvo5 merged commit 2a25a36 into snapcore:master Dec 6, 2017
@jdstrand jdstrand deleted the policy-updates-xxxiii branch December 7, 2017 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bboozzoo bboozzoo bboozzoo approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@jdstrand @bboozzoo @codecov-io @mvo5