~mvo/snapd/+git/snapd-mvo:lazy-umount-on-install

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

Related rock recipes

a531a06... by Michael Vogt on 2023-07-04

install: improve logging on install failure

9a9f4b8... by Michael Vogt on 2023-07-03

install: fix silly typo

541060e... by Michael Vogt on 2023-07-03

install: also lazy unmount in MountVolumes()

85a9f13... by Michael Vogt on 2023-07-03

install: log unmount errors (thanks to Alfonso!)

7bc0272... by Michael Vogt on 2023-07-03

install: lazy unmount() in writeFilesystemContent() if needed

The existing code in writeFilesystemContent() will error when
the filesystem cannot be unmounted. However in practise this
is problematic as the live-system can keep the mount point
busy: https://bugs.launchpad.net/snapd/+bug/2025402

As a pragmatic solution this commit unmounts the filesystem
with the `--lazy` option if a normal unmount does not work.

This is what live-editor is doing:
https://github.com/mwhudson/livefs-editor/pull/26

Alternatively we could do a bunch of retries and wait for
the process that keep the filesystem busy to go away.

9f71ad9... by Sergio Cazzolato on 2023-06-30

tests: enable opensuse leap 15.5 for spread tests (#12931)

* Enable opensuse leap 15.5 for spread tests

Also remove some opensuse leap 15.3

* fix user-session-env test

* Move spread workers to 6

10 was just for local testing

3dfc906... by Sergio Cazzolato on 2023-06-30

tests: adding spread support for ubuntu mantic (#12929)

* Adding spread support for ubuntu mantic

* include mantic in github workflow

* update qemu backend and support mantic on preseed tests helpers

2d2a1fc... by Philip Meulengracht on 2023-05-16

o/snapstate: make snapd downgrading an exclusive change

Block new changes while a snapd downgrade is in progress and block snapd from downgrading while other changes are in-flight

c44b40a... by Alex Murray on 2023-06-29

many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor (#12906)

* many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor

Then when using the internal vendored AppArmor, use a different location for
SnapConfineAppArmorDir so that we don't interfere with the system installed
AppArmor.

In Ubuntu, the snapd deb includes an AppArmor profile for
/usr/lib/snapd/snap-confine that includes any profile snippets from the
hard-coded directory of /var/lib/snapd/apparmor/snap-confine. When we use the
snapd snap with the vendored AppArmor, this may contain newer features and so
would create snippets under /var/lib/snapd/apparmor/snap-confine that then may
not be supported by the system installed AppArmor. When the system installed
apparmor.service would run on boot, it would try and load the snap-confine
AppArmor profile shipped in the snapd deb, which would then try and include
these snippets generated by the newer vendored AppArmor and could fail to load
them as they would use new features not supported by the system AppArmor.

So instead, when using the vendored AppArmor, have snapd use a different
directory for the snap-confine profile snippets and then have the
snapd-generated AppArmor profiles for snap-confine reference this location
instead. This should allow to support both use-cases simultaneously.

Signed-off-by: Alex Murray <email address hidden>

* apparmor: add unit test that ensures that snap-confine include snippet is rewriten

* sandbox/apparmor: add unit test around setupConfCacheDirs()

* tests: add check check in snapd-snap for /v/l/snapd/apparmor/snap-confine.internal path usage

* tests: fix spread test to look at the right profiles

* i/apparmor: allow read of /usr/lib/snapd/info in snap-update-ns profile

---------

Signed-off-by: Alex Murray <email address hidden>
Co-authored-by: Michael Vogt <email address hidden>

659d2d0... by Miguel Pires on 2023-06-28

daemon: use transactions in aspect API

Signed-off-by: Miguel Pires <email address hidden>