Fedora Packages

snapd-selinux-2.76-0.el8 in Fedora EPEL 8

↵ Return to the main page of snapd-selinux
View build
Search for updates

Package Info
🠗 Changelog
🠗 Provides
🠗 Files

Changelog

Date Author Change
2026-05-28 Ernest Lotter <ernest dot lotter at canonical dot com> - New upstream release 2.76 - assertions: add helper for validating integrity data - assertions: drop incorrect/non-standard Ed25519 support - confdb: allow only API admin read access to confdb secrets - confdb: block concurrent confdb accesses - confdb: block concurrent snapctl accesses to configuration database - confdb: check for ephemeral data when missing save-view hook on commit - confdb: ignore not-found errors in confdb-schema refreshes - confdb: support --wait-for timeouts when accessing confdb - core-initrd: add group referenced in udev rules - core-initrd: add libbpf dependency to initramfs - core-initrd: add missing libbpf dependency in 24.04 packaging - core-initrd: ensure audio is a system group - core-initrd: fix /boot/uboot mount with u-boot env in dedicated partition - core-initrd: increase mount burst from 5 to 128 for faster boot - core-initrd: sync partition udev rules with the ones in core-base - core-initrd: sync with latest upload to snappy-dev PPA - core-initrd: synchronize changelogs with latest PPA upload - core-initrd: update changelog with latest PPA upload - LP: #2150773 core-initrd: add nfnetlink module to fix nf netlink socket speed regression (Ubuntu Core only) - cross-distro: allow snapd to manipulate systemd unit files in SELinux policy - cross-distro: FIPS bootstrap and dispatch via snap-fips-dispatch - desktop: fix common ID selection with multiple desktop plugs - FDE: allow user mode on core in secboot TPM handling - FDE: bump go-efilib dependency - FDE: bump secboot to rev cdcb64992e54 for FDE fixes - FDE: deprecate check-pin/passphrase API endpoints - LP: #2147606 FDE: give inactive state on classic - FDE: improve tracing for OP-TEE probing - FDE: move auto-repair logic to overlord/fdestate and provide state - FDE: update secboot for TPM/FDE bug fixes including Intel HAP and recovery key parsing - FDE: use any primary key matching digest when adding a keyslot - FDE: use ignore action for preinstall check in VM - interfaces: bluez | drop explicit deny send_destination in D-Bus configuration - interfaces: conditionally deny /proc/self/mountinfo to suppress Go 1.25+ denials - interfaces: custom-device | fix for-device validation panic on non-string value - interfaces: disallow auto-connect to parallel installs - interfaces: docker | make plug implicit on classic systems - interfaces: ignore errors in disconnect hooks during explicit snap disconnect - interfaces: mediatek-accel | add plug interface base declaration - interfaces: microceph-support | suppress noisy sudo denial audit logs - interfaces: podman | add new interface for podman socket access - interfaces: pulseaudio | fix security tag syntax inconsistency - interfaces: raw-usb | allow USB device enumeration on Fairphone 5 with NexDock - interfaces: restore auto-connections on failed refresh undo - LP: #2148544 interfaces: bool-file | support deep SoC sysfs paths for LED brightness - LP: #2139213 packaging: make Ubuntu 16.04 packaging dep17 compliant - packaging: add cross-distro build script and instructions - packaging: add openSUSE 16.0 spread support - packaging: Debian build improvements - packaging: default openSUSE to /var/lib/snapd/snap and sync from downstream - packaging: drop transitional packages only for Ubuntu 26.04 (Resolute) - packaging: fix Launchpad FIPS build detection for snapd-fips job - packaging: refactor and clean up snapd.mk, standardize test-data directories - packaging: switch to golang-github-chai2010-gettext-go-dev - packaging: update bundled AppArmor 4.1.7 (snapd snap only) - prompting: escape paths in prompt constraints - prompting: improve API error handling and validation - prompting: improve error message when no handler service is present - prompting: re-enable the prompting notice backend - prompting: respond with full user-allowed permission set - prompting: validate permissions while unmarshalling - remote device management: implement dispatch-mgmt-messages task with sequencing support - LP: #2125344 snap: avoid empty channel forwarding message - LP: #2150683 snap: clarify snap install help text for --classic and --devmode - LP: #2152908 snap: print complex attributes in snap interface --attrs output - snap: add run-inhibit hint and inhibit info when a snap is disabled - snap: allow removing a snap and its base at the same time - snap: display detailed component information in snap info - snap: extend AlreadyInstalledError to multiple snaps and components - snap: extend set-quota command options description with accepted value formats - snap: implement snap delta command for computing snap deltas - snap: improve consistency for snap install when some snaps are already installed - snap: show hint in snap list that a snap has components - snap-confine: allow inheriting unix sockets from snaps - snap-confine: allow linking to libm in AppArmor profile - snap-confine: fix out-of-bounds read in mountinfo parser for partial escape sequences - snap-confine: harden bpffs mount with nosuid, nodev, noexec flags - snap-confine: remove experimental persistent per-user mount namespace feature - snap-confine: set FD_CLOEXEC on file descriptors returned by BPF helpers - snap-confine: support transparent_hugepage in AppArmor profile - snap-confine: use strchr after NUL-terminating in infofile parser - snap-update-ns: switch to a multi-pass process for constructing and updating mount namespaces - RemoveMountUnitFile now unmounts even if mount unit file is missing - Add explicit mount phase during single-reboot refresh to fix undo of kernel refreshes - Add security audit logging subsystem - Add base prioritized AppArmmor snippets for strictly confined or jailed snaps - Allow openshell snap to use experimental daemon-scope: user - Allow configuring mount unit options based on filesystem type - Allow equals signs in uevent values in netlink parser - Also bind-mount directories modified by kmod backend during preseed - Clean up potentially corrupted files during snap download undo - Complete the bootloader environment implementation - Copy integrity data files during snap install - Create hook for seed refresh mode - Create removal tasks for old seed-refresh seeds - Dispatch systemctl commands asynchronously when calling Stop() - Ensure /tmp/.X11-unix created inside mount namespace has correct permissions - Ensure exclusive changes conflict with refresh/revert - Ensure existing snap confinement flags are not dropped when installing or removing components - Export ubuntu-boot-state filename constant from bootloader package - Fix duplicate removal of apps under $SNAP_MOUNT_DIR/bin - Fix integration between prerequisites task and seed-refresh mode - Fix split-refresh overwriting provided lane - Fix use of umask in GetListener for socket activation - Ignore net.ErrClosed during daemon shutdown - Implement ResolveValidationSetsEnforcementError in terms of one call - Improve snapctl install consistency when components are already installed - Inject seed creation tasks into snap refresh flow - Introduce system options for custom certificates on Ubuntu Core - Keep idle services with activation units stopped on reload - List snap components in snap-debug-info via debug-tools - Look at gadget.yaml instead of marker file to determine ubootpart usage - LP: #1966067 Skip redundant xdg-settings confirmation prompt when setting is already correct - LP: #2110368 Fix component installation for private snaps via snapctl - LP: #2110368 Fix download of private snap components by setting UserID - LP: #2144666 Fix mount namespace updates with synthetic bind mounts on same target paths - LP: #2146337 Improve handling of failed downloads and retain partial files for resume - LP: #2147207 Fix snap enable/disable cycle forgetting components - Make run-inhibit hint for kill-snap-apps task based on kill reason - Merge content-provider prerequisite updates into seed-refresh - Move SortServices into Backend.StartServices - Move state to client change conversion to ctlcmd package - Omit misleading "try to refresh snapd" suggestion for ISA-related errors - Only create link-component tasks when needed during refresh to existing revision - Reconfigure piboot bootloader on gadget refreshes to preserve os_prefix - Reduce the number of AppArmor profile regenerations during snap operations - Refactor seed-refresh ownership to devicestate - Regenerate certificate database on remodels - Remove obsolete FIXME comment in VersionCompare - Remove unused GenerateDmVerityData helper from snap/integrity - Rename and document error type for ISA assumes flags - Restart snapd from daemon.Stop to improve restart reliability - Restart stopped services on error in stopSnapServices for transactionality - Simplify certificate-db updates on model-base refresh/installs - Support racing Loop and Stop correctly in overlord - Support sending file descriptors to systemd via sd_notify - Unroll CPU-heavy recursive function in snap state handlers - Update seccomp syscalls list for kernel 7.1.0 - Use change ID to prevent nested seed-refresh spawned by prerequisites - Validate content interface plug target directories exist for core26+ snaps - Validate layout paths exist in snap tree for snaps using bare or core26+
2026-04-17 Katie May <katie dot may at canonical dot com> - New upstream release 2.75.2 See NEWS file for details.
2026-03-31 Zygmunt Krynicki <me at zygoon dot pl> - 2.74.1-2 - Add cap_setgid and cap_setuid to snap-confine to restore support for cgroup-v1 systems.
2026-03-18 Zygmunt Krynicki <me at zygoon dot pl> - 2.74.1-1 - Fix missing cap_sys_resource on snap-confine
2026-03-13 Ernest Lotter <ernest dot lotter at canonical dot com> - New upstream release 2.74.1 - FDE: measure DeployedMode and AuditMode variables if they appear as disabled in the event log to avoid a potential reseal-failure boot loop - LP: #2139611 FDE: fix db updates by allowing multiple payloads - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising memory lock limit when required - LP: #2139099 snap-confine: bump the max element count of the BPF map used to store IDs of allowed/matched devices to 1000 - Interfaces: Added pidfd_open and memfd_secret to seccomp template - Interfaces: camera | add locking permission for /dev/video
2026-02-17 Neal Gompa <ngompa at fedoraproject dot org> - 2.72-4 - Default to vendored Go dependencies in Fedora
2026-02-03 Maxwell G <maxwell at gtmx dot me> - 2.72-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
2026-01-17 Fedora Release Engineering <releng at fedoraproject dot org> - 2.72-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
2025-11-13 Ernest Lotter <ernest dot lotter at canonical dot com> - New upstream release 2.72 - FDE: support replacing TPM protected keys at runtime via the /v2/system-volumes endpoint - FDE: support secboot preinstall check fix actions for 25.10+ hybrid installs via the /v2/system/{label} endpoint - FDE: tweak polkit message to remove jargon - FDE: ensure proper sealing with kernel command line defaults - FDE: provide generic reseal function - FDE: support using OPTEE for protecting keys, as an alternative to existing fde-setup hooks (Ubuntu Core only) - Confdb: 'snapctl get --view' supports passing default values - Confdb: content sub-rules in confdb-schemas inherit their parent rule's "access" - Confdb: make confdb error kinds used in API more generic - Confdb: fully support lists and indexed paths (including unset) - Prompting: add notice backend for prompting types (unused for now) - Prompting: include request cgroup in prompt - Prompting: handle unsupported xattrs - Prompting: add permission mapping for the camera interface - Notices: read notices from state without state lock - Notices: add methods to get notice fields and create, reoccur, and deepcopy notice - Notices: add notice manager to coordinate separate notice backends - Notices: support draining notices from state when notice backend registered as producer of a particular notice type - Notices: query notice manager from daemon instead of querying state for notices directly - Packaging: Ubuntu | ignore .git directory - Packaging: FIPS | bump deb Go FIPS to 1.23 - Packaging: snap | bump FIPS toolchain to 1.23 - Packaging: debian | sync most upstream changes - Packaging: debian-sid | depends on libcap2-bin for postint - Packaging: Fedora | drop fakeroot - Packaging: snap | modify snapd.mk to pass build tags when running unit tests - Packaging: snap | modify snapd.mk to pass nooptee build tag - Packaging: modify Makefile.am to fix snap-confine install profile with 'make hack' - Packaging: modify Makefile.am to fix out-of-tree use of 'make hack' - LP: #2122054 Snap installation: skip snap icon download when running in a cloud or using a proxy store - Snap installation: add timeout to http client when downloading snap icon - Snap installation: use http(s) proxy for icon downloads - LP: #2117558 snap-confine: fix error message with /root/snap not accessible - snap-confine: fix non-suid limitation by switching to root:root to operate v1 freezer - core-initrd: do not use writable-paths when not available - core-initrd: remove debian folder - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev interface now with the more robust gpio-aggregator configfs kernel interface - Interfaces: gpio-chardev | exclusive snap connections, raise a conflict when both gpio-chardev and gpio are connected - Interfaces: gpio-chardev | fix gpio-aggregator module load order - Interfaces: ros-snapd-support | grant access to /v2/changes - Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs, opengl-driver-libs, opengles-driver-libs | new interfaces to support nvidia driver components - Interfaces: microstack-support | allow DPDK (hugepage related permissions) - Interfaces: system-observe | allow reading additional files in /proc, needed by node-exporter - Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key and Kensington VeriMark DT Fingerprint Key to device list - Interfaces: snap-interfaces-requests-control | allow shell API control - Interfaces: fwupd | allow access to Intel CVS sysfs - Interfaces: hardware-observe | allow read access to Kernel Samepage Merging (KSM) - Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP - Interfaces: spi | relax sysfs permission rules to allow access to SPI device node attributes - Interfaces: content | introduce compatibility label - LP: #2121238 Interfaces: do not expose Kerberos tickets for classic snaps - Interfaces: ssh-public-keys | allow ro access to public host keys with ssh-key - Interfaces: Modify AppArmor template to allow listing systemd credentials and invoking systemd-creds - Interfaces: modify AppArmor template with workarounds for Go 1.35 cgroup aware GOMAXPROCS - Interfaces: modify seccomp template to allow landlock_* - Prevent snap hooks from running while relevant snaps are unlinked - Make refreshes wait before unlinking snaps if running hooks can be affected - Fix systemd unit generation by moving "WantedBy=" from section "unit" to "install" - Add opt-in logging support for snap-update-ns - Unhide 'snap help' sign and export-key under Development category - LP: #2117121 Cleanly support socket activation for classic snap - Add architecture to 'snap version' output - Add 'snap debug api' option to disable authentication through auth.json - Show grade in notes for 'snap info --verbose' - Fix preseeding failure due to scan-disk issue on RPi - Support 'snap debug api' queries to user session agents - LP: #2112626 Improve progress reporting for snap install/refresh - Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files - Fix /v2/apps error for root user when user services are present - LP: #2114704 Extend output to indicate when snap data snapshot was created during remove - Improve how we handle emmc volumes - Improve handling of system-user extra assertions
2025-10-10 Alejandro Sáez <asm at redhat dot com> - 2.71-1 - rebuild

Provides

  • snapd-selinux

Files


Sources on Pagure