16 files changed, 120 insertions, 101 deletions
diff --git a/HACKING.md b/HACKING.md
index 03e83a8955..59ca14a964 100644
--- a/HACKING.md
+++ b/HACKING.md
@@ -1,6 +1,6 @@
 # Hacking on snapd
 
-Hacking on snapd is fun and straightfoward. The code is extensively
+Hacking on snapd is fun and straightforward. The code is extensively
 unit tested and we use the [spread](https://github.com/snapcore/spread)
 integration test framework for the integration/system level tests.
 
@@ -105,7 +105,7 @@ Similarly, to build the `snapd` REST API daemon, you can run
 ### Contributing
 
 Contributions are always welcome! Please make sure that you sign the
-Canonical contributor licence agreement at
+Canonical contributor license agreement at
 http://www.ubuntu.com/legal/contributors
 
 Snapd can be found on Github, so in order to fork the source and contribute,
diff --git a/cmd/libsnap-confine-private/locking-test.c b/cmd/libsnap-confine-private/locking-test.c
index 6f603eb04e..641b7c6f54 100644
--- a/cmd/libsnap-confine-private/locking-test.c
+++ b/cmd/libsnap-confine-private/locking-test.c
@@ -32,6 +32,12 @@ static void sc_set_lock_dir(const char *dir)
 	sc_lock_dir = dir;
 }
 
+// A variant of unsetenv that is compatible with GDestroyNotify
+static void my_unsetenv(const char *k)
+{
+	unsetenv(k);
+}
+
 // Use temporary directory for locking.
 //
 // The directory is automatically reset to the real value at the end of the
@@ -50,7 +56,7 @@ static const char *sc_test_use_fake_lock_dir(void)
 	g_test_queue_free(lock_dir);
 	g_assert_cmpint(setenv("SNAP_CONFINE_LOCK_DIR", lock_dir, 0),
 	==, 0);
-	g_test_queue_destroy((GDestroyNotify) unsetenv,
+	g_test_queue_destroy((GDestroyNotify) my_unsetenv,
 "SNAP_CONFINE_LOCK_DIR");
 	g_test_queue_destroy((GDestroyNotify) rm_rf_tmp, lock_dir);
 	}
diff --git a/cmd/libsnap-confine-private/snap-test.c b/cmd/libsnap-confine-private/snap-test.c
index 09cd804c17..220dc19da5 100644
--- a/cmd/libsnap-confine-private/snap-test.c
+++ b/cmd/libsnap-confine-private/snap-test.c
@@ -188,10 +188,10 @@ static void test_sc_snap_name_validate(void)
 	g_assert_null(err);
 
 	// In case we switch to a regex, here's a test that could break things.
-	const char *good_bad_name = "u-94903713687486543234157734673284536758";
-	char varname[41] = { 0 };
-	for (int i = 3; i <= 40; i++) {
-	g_assert_nonnull(strncpy(varname, good_bad_name, i));
+	const char good_bad_name[] = "u-94903713687486543234157734673284536758";
+	char varname[sizeof good_bad_name] = { 0 };
+	for (size_t i = 3; i <= sizeof varname - 1; i++) {
+	g_assert_nonnull(memcpy(varname, good_bad_name, i));
 	varname[i] = 0;
 	g_test_message("checking valid snap name: >%s<", varname);
 	sc_snap_name_validate(varname, &err);
diff --git a/cmd/libsnap-confine-private/utils-test.c b/cmd/libsnap-confine-private/utils-test.c
index e878260622..83364801e9 100644
--- a/cmd/libsnap-confine-private/utils-test.c
+++ b/cmd/libsnap-confine-private/utils-test.c
@@ -99,6 +99,22 @@ static void test_die_with_errno(void)
 	g_test_trap_assert_stderr("death message: Operation not permitted\n");
 }
 
+// A variant of rmdir that is compatible with GDestroyNotify
+static void my_rmdir(const char *path)
+{
+	if (rmdir(path) != 0) {
+	die("cannot rmdir %s", path);
+	}
+}
+
+// A variant of chdir that is compatible with GDestroyNotify
+static void my_chdir(const char *path)
+{
+	if (chdir(path) != 0) {
+	die("cannot change dir to %s", path);
+	}
+}
+
 /**
 * Perform the rest of testing in a ephemeral directory.
 *
@@ -114,9 +130,9 @@ static void g_test_in_ephemeral_dir(void)
 	g_assert_cmpint(err, ==, 0);
 
 	g_test_queue_free(temp_dir);
-	g_test_queue_destroy((GDestroyNotify) rmdir, temp_dir);
+	g_test_queue_destroy((GDestroyNotify) my_rmdir, temp_dir);
 	g_test_queue_free(orig_dir);
-	g_test_queue_destroy((GDestroyNotify) chdir, orig_dir);
+	g_test_queue_destroy((GDestroyNotify) my_chdir, orig_dir);
 }
 
 /**
@@ -130,7 +146,7 @@ static void _test_sc_nonfatal_mkpath(const gchar * dirname,
 G_FILE_TEST_IS_DIR));
 	// Use sc_nonfatal_mkpath to create the directory and ensure that it worked
 	// as expected.
-	g_test_queue_destroy((GDestroyNotify) rmdir, (char *)dirname);
+	g_test_queue_destroy((GDestroyNotify) my_rmdir, (char *)dirname);
 	int err = sc_nonfatal_mkpath(dirname, 0755);
 	g_assert_cmpint(err, ==, 0);
 	g_assert_cmpint(errno, ==, 0);
@@ -143,7 +159,7 @@ static void _test_sc_nonfatal_mkpath(const gchar * dirname,
 	g_assert_cmpint(errno, ==, EEXIST);
 	// Now create a sub-directory of the original directory and observe the
 	// results. We should no longer see errno of EEXIST!
-	g_test_queue_destroy((GDestroyNotify) rmdir, (char *)subdirname);
+	g_test_queue_destroy((GDestroyNotify) my_rmdir, (char *)subdirname);
 	err = sc_nonfatal_mkpath(subdirname, 0755);
 	g_assert_cmpint(err, ==, 0);
 	g_assert_cmpint(errno, ==, 0);
diff --git a/cmd/snap-confine/ns-support-test.c b/cmd/snap-confine/ns-support-test.c
index 542136cfb4..c67c69be7c 100644
--- a/cmd/snap-confine/ns-support-test.c
+++ b/cmd/snap-confine/ns-support-test.c
@@ -35,6 +35,12 @@ static void sc_set_ns_dir(const char *dir)
 	sc_ns_dir = dir;
 }
 
+// A variant of unsetenv that is compatible with GDestroyNotify
+static void my_unsetenv(const char *k)
+{
+	unsetenv(k);
+}
+
 // Use temporary directory for namespace groups.
 //
 // The directory is automatically reset to the real value at the end of the
@@ -53,7 +59,7 @@ static const char *sc_test_use_fake_ns_dir(void)
 	g_test_queue_free(ns_dir);
 	g_assert_cmpint(setenv("SNAP_CONFINE_NS_DIR", ns_dir, 0), ==,
 	0);
-	g_test_queue_destroy((GDestroyNotify) unsetenv,
+	g_test_queue_destroy((GDestroyNotify) my_unsetenv,
 "SNAP_CONFINE_NS_DIR");
 	g_test_queue_destroy((GDestroyNotify) rm_rf_tmp, ns_dir);
 	}
diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in
index 186c361d60..e043797423 100644
--- a/cmd/snap-confine/snap-confine.apparmor.in
+++ b/cmd/snap-confine/snap-confine.apparmor.in
@@ -198,7 +198,7 @@
 mount options=(rw slave) -> /tmp/snap.rootfs_*/usr/bin/snapctl,
 
 # /etc/alternatives (classic)
- mount options=(rw bind) @SNAP_MOUNT_DIR@/{,ubuntu-}core/*/etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/,
+ mount options=(rw bind) @SNAP_MOUNT_DIR@/*/*/etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/,
 mount options=(rw bind) @SNAP_MOUNT_DIR@/*/*/etc/ssl/ -> /tmp/snap.rootfs_*/etc/ssl/,
 mount options=(rw bind) @SNAP_MOUNT_DIR@/*/*/etc/nsswitch.conf -> /tmp/snap.rootfs_*/etc/nsswitch.conf,
 # /etc/alternatives (core)
diff --git a/docs/MOVED.md b/docs/MOVED.md
index 24305ce24e..ef597723fb 100644
--- a/docs/MOVED.md
+++ b/docs/MOVED.md
@@ -1 +1 @@
-### Moved to https://github.com/snapcore/snapd/wiki
+### Moved to https://forum.snapcraft.io/t/documentation-outline/3781
diff --git a/interfaces/apparmor/template.go b/interfaces/apparmor/template.go
index e25eb4832c..75a40f3f82 100644
--- a/interfaces/apparmor/template.go
+++ b/interfaces/apparmor/template.go
@@ -92,8 +92,8 @@ var defaultTemplate = `
 
 # for bash 'binaries' (do *not* use abstractions/bash)
 # user-specific bash files
- /bin/bash ixr,
- /bin/dash ixr,
+ /{,usr/}bin/bash ixr,
+ /{,usr/}bin/dash ixr,
 /etc/bash.bashrc r,
 /etc/{passwd,group,nsswitch.conf} r, # very common
 /etc/default/nss r,
diff --git a/overlord/configstate/configcore/corecfg.go b/overlord/configstate/configcore/corecfg.go
index 3692719639..d29c22d73c 100644
--- a/overlord/configstate/configcore/corecfg.go
+++ b/overlord/configstate/configcore/corecfg.go
@@ -50,6 +50,19 @@ func coreCfg(tr Conf, key string) (result string, err error) {
 	return fmt.Sprintf("%v", v), nil
 }
 
+func validateExperimentalSettings(tr Conf) error {
+	layoutsEnabled, err := coreCfg(tr, "experimental.layouts")
+	if err != nil {
+	return err
+	}
+	switch layoutsEnabled {
+	case "", "true", "false":
+	return nil
+	default:
+	return fmt.Errorf("experimental.layouts can only be set to 'true' or 'false'")
+	}
+}
+
 func Run(tr Conf) error {
 	if err := validateProxyStore(tr); err != nil {
 	return err
@@ -57,6 +70,9 @@ func Run(tr Conf) error {
 	if err := validateRefreshSchedule(tr); err != nil {
 	return err
 	}
+	if err := validateExperimentalSettings(tr); err != nil {
+	return err
+	}
 
 	// capture cloud information
 	if err := setCloudInfoWhenSeeding(tr); err != nil {
diff --git a/overlord/configstate/configcore/corecfg_test.go b/overlord/configstate/configcore/corecfg_test.go
index 499372364e..df12349657 100644
--- a/overlord/configstate/configcore/corecfg_test.go
+++ b/overlord/configstate/configcore/corecfg_test.go
@@ -26,6 +26,7 @@ import (
 
 	. "gopkg.in/check.v1"
 
+	"github.com/snapcore/snapd/overlord/configstate/configcore"
 	"github.com/snapcore/snapd/overlord/state"
 	"github.com/snapcore/snapd/systemd"
 )
@@ -95,3 +96,31 @@ func (s *configcoreSuite) SetUpTest(c *C) {
 type runCfgSuite struct {
 	configcoreSuite
 }
+
+var _ = Suite(&runCfgSuite{})
+
+func (r *runCfgSuite) TestConfigureExperimentalSettingsInvalid(c *C) {
+	conf := &mockConf{
+	state: r.state,
+	conf: map[string]interface{}{
+	"experimental.layouts": "foo",
+	},
+	}
+
+	err := configcore.Run(conf)
+	c.Check(err, ErrorMatches, `experimental.layouts can only be set to 'true' or 'false'`)
+}
+
+func (r *runCfgSuite) TestConfigureExperimentalSettingsHappy(c *C) {
+	for _, t := range []string{"true", "false"} {
+	conf := &mockConf{
+	state: r.state,
+	conf: map[string]interface{}{
+	"experimental.layouts": t,
+	},
+	}
+
+	err := configcore.Run(conf)
+	c.Check(err, IsNil)
+	}
+}
diff --git a/overlord/ifacestate/handlers.go b/overlord/ifacestate/handlers.go
index 2359ff3978..49e98005d0 100644
--- a/overlord/ifacestate/handlers.go
+++ b/overlord/ifacestate/handlers.go
@@ -687,21 +687,7 @@ func (m *InterfaceManager) doAutoConnect(task *state.Task, _ *tomb.Tomb) error {
 
 	task.SetStatus(state.DoneStatus)
 
-	lanes := task.Lanes()
-	if len(lanes) == 1 && lanes[0] == 0 {
-	lanes = nil
-	}
-	ht := task.HaltTasks()
-
-	// add all connect tasks to the change of main "auto-connect" task and to the same lane.
-	for _, l := range lanes {
-	autots.JoinLane(l)
-	}
-	chg.AddAll(autots)
-	// make all halt tasks of the main 'auto-connect' task wait on connect tasks
-	for _, t := range ht {
-	t.WaitAll(autots)
-	}
+	snapstate.InjectTasks(task, autots)
 
 	st.EnsureBefore(0)
 	return nil
diff --git a/overlord/ifacestate/ifacestate_test.go b/overlord/ifacestate/ifacestate_test.go
index b49b43ddcd..cd2006425e 100644
--- a/overlord/ifacestate/ifacestate_test.go
+++ b/overlord/ifacestate/ifacestate_test.go
@@ -2522,68 +2522,6 @@ slots:
 	c.Check(tConnectPlug.Status(), Equals, state.DoneStatus)
 }
 
-/*
-func (s *interfaceManagerSuite) TestSetupProfilesInjectsAutoConnectIfMissing(c *C) {
-	mgr := s.manager(c)
-
-	si1 := &snap.SideInfo{
-	RealName: "snap1",
-	Revision: snap.R(1),
-	}
-	sup1 := &snapstate.SnapSetup{SideInfo: si1}
-	_ = snaptest.MockSnap(c, sampleSnapYaml, si1)
-
-	si2 := &snap.SideInfo{
-	RealName: "snap2",
-	Revision: snap.R(1),
-	}
-	sup2 := &snapstate.SnapSetup{SideInfo: si2}
-	_ = snaptest.MockSnap(c, consumerYaml, si2)
-
-	s.state.Lock()
-	defer s.state.Unlock()
-
-	task1 := s.state.NewTask("setup-profiles", "")
-	task1.Set("snap-setup", sup1)
-
-	task2 := s.state.NewTask("setup-profiles", "")
-	task2.Set("snap-setup", sup2)
-
-	chg := s.state.NewChange("test", "")
-	chg.AddTask(task1)
-	task2.WaitFor(task1)
-	chg.AddTask(task2)
-
-	s.state.Unlock()
-
-	defer mgr.Stop()
-	s.settle(c)
-	s.state.Lock()
-
-	// ensure all our tasks ran
-	c.Assert(chg.Err(), IsNil)
-	c.Assert(chg.Tasks(), HasLen, 4)
-
-	// sanity checks
-	t := chg.Tasks()[0]
-	c.Assert(t.Kind(), Equals, "setup-profiles")
-	t = chg.Tasks()[1]
-	c.Assert(t.Kind(), Equals, "setup-profiles")
-
-	// check that auto-connect tasks were added and have snap-setup
-	var autoconnectSup snapstate.SnapSetup
-	t = chg.Tasks()[2]
-	c.Assert(t.Kind(), Equals, "auto-connect")
-	c.Assert(t.Get("snap-setup", &autoconnectSup), IsNil)
-	c.Assert(autoconnectSup.Name(), Equals, "snap1")
-
-	t = chg.Tasks()[3]
-	c.Assert(t.Kind(), Equals, "auto-connect")
-	c.Assert(t.Get("snap-setup", &autoconnectSup), IsNil)
-	c.Assert(autoconnectSup.Name(), Equals, "snap2")
-}
-*/
-
 func (s *interfaceManagerSuite) TestSetupProfilesInjectsAutoConnectIfCore(c *C) {
 	mgr := s.manager(c)
 
diff --git a/spread.yaml b/spread.yaml
index f76cbde3e9..a55a480f11 100644
--- a/spread.yaml
+++ b/spread.yaml
@@ -142,6 +142,12 @@ backends:
 - ubuntu-18.04-32:
 username: ubuntu
 password: ubuntu
+ - ubuntu-18.10-64:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-32:
+ username: ubuntu
+ password: ubuntu
 - debian-sid-64:
 username: debian
 password: debian
@@ -228,6 +234,25 @@ backends:
 - ubuntu-18.04-arm64:
 username: ubuntu
 password: ubuntu
+ # Cosmic
+ - ubuntu-18.10-amd64:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-i386:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-ppc64el:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-armhf:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-s390x:
+ username: ubuntu
+ password: ubuntu
+ - ubuntu-18.10-arm64:
+ username: ubuntu
+ password: ubuntu
 external:
 type: adhoc
 environment:
diff --git a/tests/lib/pkgdb.sh b/tests/lib/pkgdb.sh
index a245230881..b64c49ae35 100755
--- a/tests/lib/pkgdb.sh
+++ b/tests/lib/pkgdb.sh
@@ -492,14 +492,9 @@ pkg_dependencies_ubuntu_classic(){
 linux-image-extra-4.13.0-16-generic
 "
 ;;
- ubuntu-18.04-64)
- echo "
- squashfs-tools
- "
- ;;
 ubuntu-*)
 echo "
- linux-image-extra-$(uname -r)
+ squashfs-tools
 "
 ;;
 debian-*)
diff --git a/tests/main/interfaces-network/task.yaml b/tests/main/interfaces-network/task.yaml
index 7ef553e021..3293f85d6f 100644
--- a/tests/main/interfaces-network/task.yaml
+++ b/tests/main/interfaces-network/task.yaml
@@ -48,6 +48,10 @@ execute: |
 echo "Then the snap is able to access a network service"
 network-consumer http://127.0.0.1:$PORT | grep -Pqz "ok\n"
 
+ if [ "$(snap debug confinement)" = partial ] ; then
+ exit 0
+ fi
+
 echo "When the plug is disconnected"
 snap disconnect $SNAP_NAME:network
 
diff --git a/tests/regression/lp-1721518/task.yaml b/tests/regression/lp-1721518/task.yaml
index aa27b5bbb9..5039231a23 100644
--- a/tests/regression/lp-1721518/task.yaml
+++ b/tests/regression/lp-1721518/task.yaml
@@ -4,8 +4,6 @@ summary: Check that interfaces are listed after reboot the machine
 # not support our reboot logic
 backends: [-autopkgtest]
 
-systems: [-arch-linux-*]
-
 details: |
 This test checks if the interfaces are listed after the machine
 is rebooted. The test is also checking the interfaces after a