~mvo/snapd/+git/snapd-mvo:squashfs-no-xattrs

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

Related rock recipes

654d32d... by Michael Vogt on 2023-08-27

squashfs,snapstate: unpack individual files with -no-xattrs

When unpacking individual files in squashfs.go we should do
so with `-no-xattrs` because this call will otherwise break
on fedora systems that use security.selinux xattrs that can
only be modified as root.

This commit fixes unit test failures when running on e.g
Fedora.

051b144... by Miguel Pires on 2023-08-25

i/b/shared-memory: handle "private" plug attribute in shared-memory interface correctly (#13107)

* i/b/shared-memory: error on invalid plug attribute

The isPrivate() method assumes that a plug has been sanitised by
BeforePreparePlug and panics if there's no "private" attribute.
There's been a customer report of this happening and even though the
it's unclear how the attribute is missing/wrong, we should handle it
as gracefully as we can instead of panicking.

Signed-off-by: Miguel Pires <email address hidden>

* i/b/shared-memory: split else/if

Signed-off-by: Miguel Pires <email address hidden>

* interfaces: deal with missing shared-mem `private` attr correctly

The private attribute in the shared-memory interface may be
not in the `isPrivate()` call. This can even happen if
"SanitizePlugsSlots()" is called (which in turn calls
BeforePreparePlug() which will set `private`).

The code-path in which this happens is an upgrade from snapd
2.54.4 where shared-memory did not have the "private" attribute
yet. Then the ConnectedPlug data is written into the
interface repo without this attribute and on regeneration
of security profiles the connectedPlug is loaded from the
interface repository in the state and not from the
snap.yaml so this attribute is missing.

The correct behavior is that `private` is set to false which
is the default when it's not set in snap.yaml as it can only
end up in this state if it was unset.

---------

Signed-off-by: Miguel Pires <email address hidden>
Co-authored-by: Michael Vogt <email address hidden>

b98e4af... by Philip Meulengracht on 2023-08-25

i/apparmor: support for home.d tunables from /etc/ (#13118)

* i/apparmor: support for home.d tunables from /etc/

* tests: update snapd-homedirs-vendored to run on all ubuntu versions

* i/apparmor: add additional unit test

Only enable the spread test for ubuntu 20 and newer as any distro before don't support the neccessary features

---------

Co-authored-by: Michael Vogt <email address hidden>

dcb8ad2... by Alfonso Sanchez-Beato on 2023-08-24

tests: make muinstaller capable of installing Ubuntu Core (#13026)

* tests/muinstaller: allow installing Ubuntu Core images

* tests/muinstaller-core: add test using muinstaller for UC installation

This new test runs muinstaller installing Ubuntu Core images.

* tests/muinstaller: build statically and update deps

* tests: change order of arguments for muinstaller invocations

* tests/muinstaller: use better function names, remove unneeded arg

* tests/muinstaller-core: some minor fixes

c3cd8b4... by Sergio Cazzolato on 2023-08-24

tests: fix cgroup-tracking-failure test on ubuntu mantic (#13069)

* Fic cgroup-tracking-failure test on ubuntu mantic

Ubuntu mantic is using systemd 253 so tests.session is not using busctl
anymore to execute commands

* Fix the case for ubuntu mantic

* Fix test for ubuntu lunar

* tests: fix cgroup-tracking-failure for root tracking too

---------

Co-authored-by: Michael Vogt <email address hidden>

40ec59e... by Valentin David on 2023-08-22

tests/main/uc20-create-partitions: do not check for shim on boot partition

This was never used and then removed in
snapcore/pc-gadget@a6d5e0dabca77663f6a32eb3b089b244ea428978

06ef455... by Oliver Calder on 2023-08-21

sandbox/apparmor/notify: clarified descriptions of Error fields in messages

Signed-off-by: Oliver Calder <email address hidden>

8c8e2ed... by Oliver Calder on 2023-08-19

sandbox/apparmor/notify: renamed `PromptingSupportAvailable` to `SupportAvailable`

Signed-off-by: Oliver Calder <email address hidden>

1d4e565... by Oliver Calder on 2023-08-19

sandbox/apparmor/notify: added tests for `Validate()` and `ResponseForRequest()`

Signed-off-by: Oliver Calder <email address hidden>

9ab0387... by Oliver Calder on 2023-08-19

sandbox/apparmor/notify: moved to protocol version 3

Additionally, clarified some comments about underlying apparmor structs,
fixed the Filter field to be a `[]byte` instead of a `string`, and
renamed the Flags field to NoCache.

Signed-off-by: Oliver Calder <email address hidden>