↵ Return to the main page of snapd-selinux
View build
Search for updates
Package Info
🠗 Changelog
🠗 Provides
🠗 Files
Date | Author | Change |
---|---|---|
2024-11-20 | Zygmunt Krynicki <me at zygoon dot pl> | - Drop only patch, applied upstream. |
2024-10-25 | Zygmunt Krynicki <me at zygoon dot pl> | - Cherry pick fix for SELinux timedatex problem from upstream |
2024-10-11 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.66.1 - AppArmor prompting (experimental): Fix kernel prompting support check - Allow kernel snaps to have content slots - Fix ignoring snaps in try mode when amending |
2024-10-04 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.66 - AppArmor prompting (experimental): expand kernel support checks - AppArmor prompting (experimental): consolidate error messages and add error kinds - AppArmor prompting (experimental): grant /v2/snaps/{name} via snap-interfaces-requests-control - AppArmor prompting (experimental): add checks for duplicate pattern variants - Registry views (experimental): add handlers that commit (and cleanup) registry transactions - Registry views (experimental): add a snapctl fail command for rejecting registry transactions - Registry views (experimental): allow custodian snaps to implement registry hooks that modify and save registry data - Registry views (experimental): run view-changed hooks only for snaps plugging views affected by modified paths - Registry views (experimental): make registry transactions serialisable - Snap components: handle refreshing components to revisions that have been on the system before - Snap components: enable creating Ubuntu Core images that contain components - Snap components: handle refreshing components independently of snaps - Snap components: handle removing components when refreshing a snap that no longer defines them - Snap components: extend snapd Ubuntu Core installation API to allow for picking optional snaps and components to install - Snap components: extend kernel.yaml with "dynamic-modules", allowing kernel to define a location for kmods from component hooks - Snap components: renamed component type "test" to "standard" - Desktop IDs: support installing desktop files with custom names based on desktop-file-ids desktop interface plug attr - Auto-install snapd on classic systems as prerequisite for any non- essential snap install - Support loading AppArmor profiles on WSL2 with non-default kernel and securityfs mounted - Debian/Fedora packaging updates - Add snap debug command for investigating execution aspects of the snap toolchain - Improve snap pack error for easier parsing - Add support for user services when refreshing snaps - Add snap remove --terminate flag for terminating running snap processes - Support building FIPS complaint snapd deb and snap - Fix to not use nss when looking up for users/groups from snapd snap - Fix ordering in which layout changes are saved - Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and related variables - Fix libexec dir for openSUSE Slowroll - Fix handling of the shared snap directory for parallel installs - Allow writing to /run/systemd/journal/dev-log by default - Avoid state lock during snap removal to avoid delaying other snapd operations - Add nomad-support interface to enable running Hashicorp Nomad - Add intel-qat interface - u2f-devices interface: add u2f trustkey t120 product id and fx series fido u2f devices - desktop interface: improve integration with xdg-desktop-portal - desktop interface: add desktop-file-ids plug attr to desktop interface - unity7 interface: support desktop-file-ids in desktop files rule generation - desktop-legacy interface: support desktop-file-ids in desktop files rule generation - desktop-legacy interface: grant access to gcin socket location - login-session-observe interface: allow introspection - custom-device interface: allow to explicitly identify matching device in udev tagging block - system-packages-doc interface: allow reading /usr/share/javascript - modem-manager interface: add new format of WWAN ports - pcscd interface: allow pcscd to read opensc.conf - cpu-control interface: add IRQ affinity control to cpu_control - opengl interface: add support for cuda workloads on Tegra iGPU in opengl interface |
2024-09-12 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.65.3 - Fix missing aux info from store on snap setup |
2024-09-06 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.65.2 - Bump squashfuse from version 0.5.0 to 0.5.2 (used in snapd deb only) |
2024-08-24 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.65.1 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix snapd riscv64 build - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support |
2024-08-23 | Ernest Lotter <ernest dot lotter at canonical dot com> | - New upstream release 2.65 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support |
2024-07-29 | Miroslav Suchý <msuchy at redhat dot com> - 2.63-3 | - convert license to SPDX |
2024-07-26 | Miroslav Suchý <msuchy at redhat dot com> - 2.63-2 | - convert license to SPDX |