group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #11718
[Bug 1626359] Re: Cannot authorise quotactl syscall for Q_GETQUOTA
This bug was fixed in the package snapd - 2.23.1
---------------
snapd (2.23.1) xenial; urgency=medium
* New upstream release, LP: #1665608
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- interfaces: fix default content attribute value
- tests: do not nuke the entire snapd.conf.d dir when changing
store settings
- hookstate: run the right "snap" command in the hookmanager
- snapstate: revert PR#2958, run configure hook again everywhere
snapd (2.23) xenial; urgency=medium
* New upstream release, LP: #1665608
- overlord: phase 2 with 2nd setup-profiles and hook done after
restart for core installation
- data: re-add snapd.refresh.{timer,service} with weekly schedule
- interfaces: allow 'getent' by default with some missing dbs to
various interfaces
- overlord/snapstate: drop forced devmode
- snapstate: disable running the configure hook on classic for the
core snap
- ifacestate: re-generate apparmor in InterfaceManager.initialize()
- daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
- interfaces/bluez,network-manager: implement ConnectedSlot policy
- cmd: add helpers for mounting / unmounting
- snapstate: error in LinkSnap() if revision is unset
- release: add linuxmint 18 to the non-devmode distros
- cmd: fixes to run correctly on opensuse
- interfaces: consistently use 'const' instead of 'var' for security
policy
- interfaces: miscellaneous policy updates for unity7, udisks2 and
browser-support
- interfaces/apparmor: compensate for kernel behavior change
- many: only tweak core config if hook exists
- overlord/hookstate: don't report a run hook output error without
any context
- cmd/snap-update-ns: move test data and helpers to new module
- vet: fix vet error on mount test.
- tests: empty init (systemd) failover test
- cmd: add .indent.pro file to the tree
- interfaces: specs for apparmor, seccomp, udev
- wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
cmds
- tests: several improvements to the nested suite
- tests: do not use core for "All snaps up to date" check
- cmd/snap-update-ns: add function for sorting mount entries
- httputil: copy some headers over redirects
- data/selinux: merge SELinux policy module
- kmod: added Specification for kmod security backend
- tests: failover test for rc.local crash
- debian/tests: map snapd deb pockets to core snap channels for
autopkgtest
- many: switch channels on refresh if needed
- interfaces/builtin: add /boot/uboot/config.txt access to core-
support
- release: assume higher version of supported distros will still
work
- cmd/snap-update-ns: add compare function for mount entries
- tests: enable docker test
- tests: bail out if core snap is not installed
- interfaces: use mount.Entry instead of string snippets.
- osutil: trivial tweaks to build ID support
- many: display kernel version in 'snap version'
- osutil: add package for reading Build-ID
- snap: error when `snap list foo` is run and no snap is installed
- cmd/snap-confine: don't crash if nvidia module is loaded but
drivers are not available
- tests: update listing test for latest core snap version update
- overlord/hookstate/ctlcmd: helper function for creating a deep
copy of interface attributes
- interfaces: add a linux framebuffer interface
- cmd/snap, store: change error messages to reflect latest UX doc
- interfaces: initial unity8 interface
- asserts: improved information about assertions format in the
Decode doc comment
- snapstate: ensure snapstate.CanAutoRefresh is nil in tests
- mkversion.sh: Add support for taking the version as a parameter
- interfaces: add an interface for use by thumbnailer
- cmd/snap-confine: ensure that hostfs is root owned.
- screen-inhibit-control: add methods for delaying screensavers
- overlord: optional device registration and gadget support on
classic
- overlord: make seeding work also on classic, optionally
- image,cmd/snap: refactoring and initial envvar support to use
stores needing auth
- tests: add libvirt interface spread test
- cmd/libsnap: add helper for dropping permissions
- interfaces: misc updates for network-control, firewall-control,
unity7 and default policy
- interfaces: allow recv* and send* by default, accept4 with accept
and other cleanups
- interfaces/builtin: add classic-support interface
- store: use xdelta3 from core if available and not on the regular
system
- snap: add contact: line in `snap info`
- interfaces/builtin: add network-setup-control which allows rw
access to netplan
- unity7: support missing signals and methods for status icons
- cmd: autoconf for RHEL
- cmd/snap-confine: look for PROCFS_SUPER_MAGIC
- dirs: use the right snap mount dir for the distribution
- many: differentiate between "distro" and "core" libexecdir
- cmd: don't reexec on RHEL family
- config: make helpers reusable
- snap-exec: support nested environment variables in environment
- release: add galliumos support
- interfaces/builtin: more path options for serial
- i18n: look into core snaps when checking for translations
- tests: nested image testing
- tests: add basic test for docker
- hookstate,ifacestate: support snapctl set/get slot and plug attrs
(step 3)
- cmd/snap: add shell completion to connect
- cmd: add functions to load/save fstab-like files
- snap run: create "current" symlink in user data dir
- cmd: autoconf for centos
- tests: add more debug if ubuntu-core-upgrade fails
- tests: increase service retries
- packaging/ubuntu-14.04: inform user how to extend PATH with
/snap/bin.
- cmd: add helpers for working with mount/umount commands
- overlord/snapstate: prepare for using snap-update-ns
- cmd: use per-snap mount profile to populate the mount namespace
- overlord/ifacestate: setup seccomp security on startup
- interface/seccomp: sort combined snippets
- release: don't force devmode on LinuxMint "serena"
- tests: filter ubuntu-core systems for authenticated find-private
test
- interfaces/builtin/core-support: Allow modifying logind
configuration from the core snap
- tests: fix "snap managed" output check and suppress output from
expect in the authenticated login tests
- interfaces: shutdown: also allow shutdown/reboot/suspend via
logind
- cmd/snap-confine-tests: reformat test to pass shellcheck
- cmd: add sc_is_debug_enabled
- interfaces/mount: add dedicated mount entry type
- interfaces/core-support: allow modifying systemd-timesyncd and
sysctl configuration
- snap: improve message after `snap refresh pkg1 pkg2`
- tests: improve snap-env test
- interfaces/io-ports-control: use /dev/port, not /dev/ports
- interfaces/mount-observe: add quotactl with arg filtering (LP:
#1626359)
- interfaces/mount: generate per-snap mount profile
- tests: add spread test for delta downloads
- daemon: show "$snapname (delta)" in progress when downloading
deltas
- cmd: use safer functions in sc_mount_opt2str
- asserts: introduce a variant of model assertions for classic
systems
- interfaces/core-support: allow modifying snap rsyslog
configuration
- interfaces: remove some syscalls already in the default policy
plus comment cleanups
- interfaces: miscellaneous updates for hardware-observe, kernel-
module-control, unity7 and default
- snap-confine: add the key for which hsearch_r fails
- snap: improve the error message for `snap try`
- tests: fix pattern and use MATCH in find-private
- tests: stop tying setting up staging store access to the setup of
the state tarball
- tests: add regression spread test for #1660941
- interfaces/default: don't allow TIOCSTI ioctl
- interfaces: allow nice/setpriority to 0-19 values for calling
process by default
- tests: improve debug when the core transition test hangs
- tests: disable ubuntu-core->core transition on ppc64el (its just
too slow)
- snapstate: move refresh from a systemd timer to the internal
snapstate Ensure()
- tests/lib/fakestore/refresh: some more info when we fail to copy
asserts
- overlord/devicestate: backoff between retries if the server seems
to have refused the serial-request
- image: check kernel/gadget publisher vs model brand, warn on store
disconnected snaps
- vendor: move gettext.go back to github.com/ojii/gettext.go
- store: retry on 502 http response as well
- tests: increase snap-service kill-timeout
- store,osutil: use new osutil.ExecutableExists(exe) check to only
use deltas if xdelta3 is present
- cmd: fix autogen.sh on fedora
- overlord/devicemgr: fix test: setup account-key before using the
key for signing
- cmd: add /usr/local/* to PATH
- cmd: add sc_string_append
- asserts: support for correctly suggesting format 2 for snap-
declaration
- interfaces: port mount backend to new APIs, unify content of per
app/hook profiles
- overlord/devicestate: implement policy about gadget and kernel
matching the model
- interfaces: allow sched_setscheduler again by default
- debian: update breaks/replaces for snap-confine->snapd
- debian: move the snap-confine packaging into snapd
- 14.04/integrationtests: rely on upstart to restart ssh.
- store: enable download deltas on classic by default
- spread: add unit suite
- snapctl: add config in client to disable auth and use it in
snapctl
- overlord/ifacestate: register all security backends with the
repository
- overlord,tests: have enable/disable affect security profiles
- tests: install ubuntu-core from the same channel as core
- overlord: move configstate.Transaction into config package
- seccomp-support.c: add PF_* domains which can be used instead of
AF_*
- store: always log retry summary when SNAPD_DEBUG is set
- tests: parameterize kernel snap channel
- snapenv: do not append ":" to the SNAP_LIBRARY_PATH
- interfaces/builtin: refine the content interface rules using $SLOT
- asserts,interfaces/policy: add support for
$SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
constraints in plugs and slots rules in snap-declarations:
- cmd/snap-confine: add snap-confine command line parser module
- tests: remove (some) garbage files found by restore cleanup
analysis
- cmd: fix issues uncovered by valgrind
- tests: fix typo in systems name
- cmd: collect string utilities in one module, add missing tests
- cmd: rename mountinfo to sc_mountinfo
- tests: allow to install snapd debs from a ppa instead of building
them
- spread: remove state tar on project restore
-- Michael Vogt <michael.vogt@xxxxxxxxxx> Wed, 08 Mar 2017 14:29:56
+0100
** Changed in: snapd (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** Changed in: snapd (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1626359
Title:
Cannot authorise quotactl syscall for Q_GETQUOTA
Status in Snappy:
In Progress
Status in snapd package in Ubuntu:
Triaged
Status in snapd source package in Trusty:
Fix Released
Status in snapd source package in Xenial:
Fix Released
Status in snapd source package in Yakkety:
Fix Released
Bug description:
While debugging a snap I get this security error
```
= Seccomp =
Time: Sep 22 03:54:47
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=12869 comm="transmission-da" exe="/snap/transmission/x1/bin/transmission-daemon" sig=31 arch=c000003e 179(quotactl) compat=0 ip=0x7fa06ab2d3fa code=0x0
Syscall: quotactl
```
There is no workaround given, so I've added a security override, but
it doesn't do anything.
```
transmission-daemon:
command: transmission-init start
stop-command: transmission-init stop
daemon: forking
plugs: [network, network-bind, quotactl]
...
plugs:
quotactl:
command: binary
security-override:
syscalls: [quotactl]
```
There doesn't seem to be a ready-made interface loaded at install time
which would include that syscall, so I can't find a solution for that
problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1626359/+subscriptions