group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1621127] Re: snap-confine doesn't work with new snap-run/snap-exec flow

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Michael Hudson-Doyle <michael.hudson+lp@xxxxxxxxxxxxx>
Date: Wed, 21 Sep 2016 00:54:54 -0000
Reply-to: Bug 1621127 <1621127@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: snap-confine (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snap-confine (Ubuntu)
       Status: New => Fix Released

** Also affects: snap-confine (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1621127

Title:
  snap-confine doesn't work with new snap-run/snap-exec flow

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  New

Bug description:
  [Impact]

  The architecture changes in snapd that involve the new snap-run ->
  snap-confine -> snap-exec flow require changes to the apparmor profile
  of snap-confine to function.

  This bug was fixed by a member of the security team.

  For more information about the execution environment, please see this
  article http://www.zygoon.pl/2016/08/snap-execution-environment.html

  [Test Case]

  The test case is that snap applications continue to work normally,
  which they do since this change is already in Ubuntu.

  Since this is a fundamental aspect of running snap applications this
  aspect is tested with each and every pull request and release by
  nearly every test (because each test tries to run snap applications).

  [Regression Potential]

   * Regression potential is minimal as the alternative is that snap
  applications cannot start at all.

  * The fix was tested on Ubuntu with spread, successfully.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * This bug was included in an earlier SRU and is now fixed in Ubuntu.
  I am updating the template here to ensure that the process is fully
  documented from 1.0.38 all the way up to the current upstream release
  1.0.41.

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see
  https://wiki.ubuntu.com/SnapdUpdates

  == # Pre-SRU bug description follows # ==

  snap-confine used to be invoked directly to run a set of applications
  under confinement. With the new flow in snapd the actual order of
  execution changed to:

  snap-run -> snap-confine -> snap-exec -> application code

  This requires tweaks to the apparmor policy of snap-confine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1621127/+subscriptions