group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #12757
[Bug 1626359] Re: Cannot authorise quotactl syscall for Q_GETQUOTA
This bug was fixed in the package snapd - 2.24.1
---------------
snapd (2.24.1) xenial; urgency=medium
* New upstream release, LP: #1681799:
- fix autopkgtest failures with stable core snap
- ensure the snap-confine transitional package cleans up
the no-longer-used apparmor profile to fix the kernels
autopkgtest failures
snapd (2.24) xenial; urgency=medium
* New upstream release, LP: #1681799:
- interfaces/mount: add InfoEntry type
- many: fix plug auto-connect during core transition
- interfaces: fold network bind into core support with tests
- .travis.yml: add option to make raw log less noisy
- interfaces: adjust shm accesses to use 'm' for updated mmap kernel
mediation
- many: rename two core plugs that clash with slot names
- snap-confine,browser-support: /dev/tty for snap-confine, misc
browser-support for gnome-shell
- store: add download test with EOF in the middle
- tests: adjust to look for network-bind-plug
- store: make hash error message more accurate
- overlord/snapstate: simplify AliasesStatus down to just an
AutoAliasesDisabled bool flag (aliases v2)
- errtracker: never send errtracker reports when running under
SNAPPY_TESTING
- interfaces/repo: validate slot/plug names
- daemon: Give the snap directories via GET /v2/system-info
- interfaces/unity7: support unity messaging menu
- interfaces/mount: add high-level Profile functions
- git: ignore only the cmd/Makefile{,.in}
- cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
support
- daemon: add desktop file location for app to the API
- overlord,release: disable classic snap support when not possible
- overlord: fix TestEnsureLoopPrune not to be so racy
- many: abstract path to /bin/{true,false}
- data/systemd: tweak data/systemd/Makefile to be slightly simpler
- store: handle EOF via url.Error check
- packaging: use templates for relevant systemd units
- tests: run gccgo only on ubuntu-16.04-64
- .travis.yml: remove travis matrix and do a single sequential run
- overlord/state: make sure that setting to nil a state key is
equivalent to deleting it
- tests: fix incorrect shell expression
- interfaces/mount: add OptsToFlags for converting arguments to
syscall…
- interfaces: add a joystick interface
- tests: enable docker test for more ubuntu-core systems
- tests: download and install additional dependencies when using
prepackaged snapd
- many: add support for partially static builds
- interfaces: allow slot to introspect dbus-daemon in dbus
interface, allow /usr/bin/arch by default
- interfaces/mount: fix golint issues
- interfaces/mount: add function for saving fstab-like file
- osutil: introducing GetenvInt64, like GetenvBool but Int64er.
- interfaces: drop udev tagging from framebuffer interface
- snapstate: more helpers to work with aliases state (aliases
v2)
- interfaces/mount: add function for parsing fstab-like file
- cmd: disable the re-associate fix as requested by jdstrand
- overlord/snapstate: unlock/relock the state less, especially not
across mutating the SnapState of a snap
- interfaces: allow executing ld.so (needed with new AppArmor base
abstraction)
- interfaces/mount: add function for parsing mount entries
- cmd: rework header check for xfs/xqm.h
- cmd: add poky to the list of distros which don't support reexec
- overlord: finish reorg, revert "be more conservative until we have
cut 2.23.x"
- cmd: select what socket to use in cmd/snap{,ctl}
- overlord: remove snap config values when snap is removed
- snapstate: introduce helper to apply to disk a alias states change
for a snap (aliases v2)
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures to the errtracker
- interfaces/seccomp: add bind as part of the default seccomp policy
for hooks
- cmd: discard the C implementation of snap-update-ns
- tests: remove stale apt proxy leftover from cloud-init
- tests: move unity test to nightly suite
- interfaces: add support for location-observe for
dbus::ObjectManager session paths
- boot: log error in KernelOrOsRebootRequired
- interfaces: remove old API
- interfaces: use udev spec
- interfaces: convert systemd backend to new APIs
- osutil: add BootID
- tests: move docker test to new nightly suite
- interfaces/mount: compute mount changes required to transition
mount profiles
- data/selinux: add context definition for snapctl
- overlord: clean up organization under state packages
- overlord: make sure all managers packages have *state.go with the
main state manipulation/query APIs
- interfaces: use spec in the dbus backend
- store: download from authenticated URL if there is a device
session set
- tests: remove core_name variable
- interfaces: rename thumbnailer to thumbnailer-service
- interfaces: add chroot to base templates
- asserts: remove some unused things
- systemd: mount the squashfs with nodev
- overlord: when shutting down assume errors might be due to
cancellation so retry
- cmd: rename all unit tests to $command/unit-test
- cmd/snap: fix help string for version command
- asserts: don't allow revocations with other items for the same
developer
- tests: skip lp-1644439 test on older kernels
- interfaces: allow "sync" to be used by core support
- assertstate,snapstate: have assertstate.AutoAliases use the
"aliases" header
- interfaces: allow writing config.txt.tmp in the core-support
interface
- tests: adjust network-bind test
- interfaces: dbus backend spec
- asserts: introduce a snap-declaration "aliases" header to list
auto aliases with explicit targets
- cmd: enable large file support
- cmd/snap: handle missing snap-confine
- cmd/snap-confine: re-associate with pid-1 mount namespace if
required
- cmd/libsnap: make mountinfo structures public
- tests: fix interfaces-cups-control for zesty
- misc: revert "Log if the system goes into ForceDevMode"
- interfaces: seccomp tests cleanup
- cmd: validate SNAP_NAME
- interfaces: log if the system goes into ForceDevMode
- tests: fix classic-ubuntu-core-transition race
- interfaces: use apparmor spec in the apparmor backend
- interfaces: alphabetize framebuffer in base decl and add it to
all_test.go
- tests: add ubuntu-core-16-32 system to the external backend and
fix docker test
- cmd/libsnap: simplify sc_string_quote default case
- osutil: fix double expand in environment map code and add test
- interfaces: extend location-control out-of-process provider
support
- cmd/snap-update-ns: use bidirectional lists for mount entries
- tests: prevent automatic transition before setting the initial
state of the test
- release: detect if we are in ForcedDevMode by inspecting the
kernel
- tests: add core-snap-refresh test
- interfaces: add maliit input method interface
- interfaces: seccomp spec API tweaks for better tests
- interfaces: updates for mir-kiosk in browser-support, mir, opengl,
unity7
- testutils: address review feedback from PR#2997
- tests: specify the core version to be unsquashfs'ed in the
failover tests
- interfaces: use MockInfo in tests
- cmd/libsnap: add sc_quote_string
- cmd/snap-confine: use sc_do_umount everywhere
- interfaces: add unity8 plug permissions
- timeutil: a few helpers for the recurring events
- asserts: implement snap-developer type
- partition: deal with grub{,2}-editenv in tests
- many: add new (hidden) `snap debug ensure-state-soon` command and
use in tests
- interfaces/builtin: small refactor of dbus tests
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- many: some opensuse patches that are ready to go into master
- packaging: add opensuse permissions files
- client, daemon: move "snap list" name filtering into snapd.
- interfaces: use seccomp specs
- overlord/snapstate: small cleanup of
ensureForceDevmodeDropsDevmodeFromState
- interfaces/builtin/alsa: add read access to alsa state dir
- interfaces: use spec in kmod backend, updated firewall_control,
openvswitch_support, ppp
- cmd/snap-confine: use sc_do_mount everywhere
- tests: remove workaround for docker again, snap-declaration is
fixed now
- interfaces: interface to allow autopilot introspection
-- Michael Vogt <michael.vogt@xxxxxxxxxx> Wed, 19 Apr 2017 11:54:33
+0200
** Changed in: snapd (Ubuntu Trusty)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1626359
Title:
Cannot authorise quotactl syscall for Q_GETQUOTA
Status in Snappy:
In Progress
Status in snapd package in Ubuntu:
Triaged
Status in snapd source package in Trusty:
Fix Released
Status in snapd source package in Xenial:
Fix Released
Status in snapd source package in Yakkety:
Fix Released
Bug description:
While debugging a snap I get this security error
```
= Seccomp =
Time: Sep 22 03:54:47
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=12869 comm="transmission-da" exe="/snap/transmission/x1/bin/transmission-daemon" sig=31 arch=c000003e 179(quotactl) compat=0 ip=0x7fa06ab2d3fa code=0x0
Syscall: quotactl
```
There is no workaround given, so I've added a security override, but
it doesn't do anything.
```
transmission-daemon:
command: transmission-init start
stop-command: transmission-init stop
daemon: forking
plugs: [network, network-bind, quotactl]
...
plugs:
quotactl:
command: binary
security-override:
syscalls: [quotactl]
```
There doesn't seem to be a ready-made interface loaded at install time
which would include that syscall, so I can't find a solution for that
problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1626359/+subscriptions