release: 2.39.1 #6927
Merged
release: 2.39.1 #6927
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will prevent this error in reset.sh like this one: + snap remove ' core16' snap " core16" is not installed To reproduce the error execute: spread -debug -repeat 5 google:ubuntu-core-16-64:tests/main/core16-provided-by-core
This test is using the test-snapd-rsync snap as part of the test. It causes an issue on core18 because as it is included in the SKIP_REMOVE_SNAPS list when the next test calls the reset.sh the snap is not removed but then fails to remove the core snap (now reset.sh fails when it can't remove the base/core snap).
This contains: . Install the snaps to make sure those are cached . Avoid copy the whole cache dir in the state to make it faster on the boards
Completion test failed because now there are more changes and the regex was incorrect. The local-install-w-metadata was failing because it was using the test-snapd-tools test which has been previously installed.
The idea is to download the snap and then move it in the /var/lib/snapd/snaps dir with .partial. So then for any install operation, the partial file will be used for the download.
snapcore#6844) * Special-case "snapd" in sanitizeSlotReservedForOSOrGadget and sanitizeSlotReservedForOS helpers. * Added a minimal test.
The function mount-support.c, sc_make_slave_mount_ns unshared the per-user mount namespace again, even though it is explicitly done in snap-confine.c, inside enter_non_classic_execution_environment. Both unshare calls are close to each other for clarity but a third one stay unnoticed in mount-support.c The second mount namespace was unshared before any modifications took place so this bug was unobservable apart from the increments in mount namespace allocation numbers. Fixes: https://bugs.launchpad.net/snapd/+bug/1828352 Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Without this, a snap's description could have lines that were indented wider than the terminal, which would cause a panic in snap. As there is no good way of dealing with these, we simply replace any indent bigger than half the terminal width with a fixed two-space indent. This fixes https://bugs.launchpad.net/snapd/+bug/1828425
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
When snap-update-ns mount something it used to special-case bind-mounts vs filesystem mounts but otherwise use a single mount system call for the actual operation. To support configuring mount event propagation we need to perform up to two mount system calls: one that establishes the mount point and another that configures the propagation changes. This patch changes the low-level mount change perform function to do this. The mount flags are separated into sets: recursive flag, sharing flags, other flags. Bind mounts are performed with recursive flag + other flags. Non-bind mounts are performed with other flags only. Mount event propagation changes are performed with sharing flags + recursive flag, and only if sharing changes are necessary. This matches the logic documented by the mount(1) utility which performs the same operation as two distinct steps. Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
This allows tests to use MS_SHARED, MS_SLAVE, MS_PRIVATE and MS_UNBINDABLE along with system call testing machinery. Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Unit tests assumed that default snap mount directory is /snap, but did not mock the distro. Stick to whatever is correct for the host, and use proper paths instead. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
Fedora Dist-Git carries changes that should be merged back into the snapd reference packaging files. Conditionals for supporting EOL Fedora releases have been removed. Signed-off-by: Neal Gompa <ngompa13@gmail.com>
The spec file was updated to use snapd_<version>.no-vendor.tar.xz tree. Make sure that we generate one while preparing the tests. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
many: backport fixes to 2.39
…ries
Address a new denial triggered on F30.
type=AVC msg=audit(05/20/19 21:19:40.020:1084) : avc: denied { search } for
pid=14651 comm=snap-confine name=x1 dev="sda1" ino=538212
scontext=system_u:system_r:snappy_confine_t:s0
tcontext=system_u:object_r:snappy_var_t:s0
tclass=dir permissive=1
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
When bringing entries in /etc back from the desired rootfs, make sure that those are either regular files or directories, and do not attempt to mount over anything that is not a file or directory. Otherwise we can break the host mount namespace. This happens on Fedora, where /etc/nsswitch.conf is a symlink to /etc/authselect/nsswitch.conf. Mounting over it breaks the host and the following entries appear: /var/lib/snapd/snaps/core_6818.snap on /etc/authselect/nsswitch.conf type squashfs (ro,nodev,relatime,context=system_u:object_r:snappy_snap_t:s0) /var/lib/snapd/snaps/core_6818.snap on /etc/authselect/nsswitch.conf type squashfs (ro,nodev,relatime,context=system_u:object_r:snappy_snap_t:s0) /var/lib/snapd/snaps/core_6818.snap on /etc/authselect/nsswitch.conf type squashfs (ro,nodev,relatime,context=system_u:object_r:snappy_snap_t:s0) At thispoint, the file in the host mount namespace will also have the SELinux label from the snap's mount context. This seems to go back to Fedora 28. See: https://bugzilla.redhat.com/show_bug.cgi?id=1584461 Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
When picking entries from the rootfs snap, make sure that both source and destination are of the same type. Die early should lstat() fail. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
…estination Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1584461 Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Fedora 29 is set as manual as part of this PR as well
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
… bboozzoo/fedora-30-2.39-tweaks
Fedora 29 is set as manual as part of this PR as well
…9-tweaks cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes to 2.39
spread: enable Fedora 30 (2.39)
zyga
approved these changes
May 29, 2019
bboozzoo
approved these changes
May 29, 2019
The latest version of 2.39.1 in the changelog is missing a revision number. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge the 2.39.1 changelog back into master.