UbuntuUpdates.org

Package "snap-confine"

Name: snap-confine

Description:

Transitional package for snapd

Latest version: 2.39.2
Release: xenial (16.04)
Level: updates
Repository: main
Head package: snapd
Homepage: https://github.com/snapcore/snapd

Links

Save this URL for the latest version of "snap-confine": https://www.ubuntuupdates.org/snap-confine


Download "snap-confine"


Other versions of "snap-confine" in Xenial

Repository Area Version
security main 2.37.4ubuntu0.1

Changelog

Version: 2.39.2 2019-06-24 15:07:03 UTC

  snapd (2.39.2) xenial; urgency=medium

  * New upstream release, LP: #1827495
    - debian: rework how we run autopkgtests
    - interfaces/docker-support: add overlayfs accesses for ubuntu core
    - data/selinux: permit init_t to remount snappy_snap_t
    - strutil/shlex: fix ineffassign
    - packaging: fix build-depends on powerpc

 -- Michael Vogt <email address hidden> Wed, 05 Jun 2019 08:41:21 +0200

Source diff to previous version
1827495 [SRU] 2.39

Version: 2.38 2019-04-15 18:06:37 UTC

  snapd (2.38) xenial; urgency=medium

  * New upstream release, LP: #1818648
    - overlord/snapstate,: retry less for auto-stuff
    - cmd/snap: fix regression of snap saved command
    - interfaces/builtin: add dev/pts/ptmx access to docker_support
    - overlord/snapstate, store: set a header when auto-refreshing
    - interfaces/builtin: add add exec "/" to docker-support
    - cmd/snap, client, daemon, ifacestate: show a leading attribute of
      a connection
    - interface: avahi-observe: Fixing socket permissions on 4.15
      kernels
    - tests: check that apt works before using it
    - apparmor: support AppArmor 2.13
    - snapstate: restart into the snapd snap on classic
    - overlord/snapstate: during refresh, re-refresh on epoch bump
    - cmd, daemon: split out the common bits of mapLocal and mapRemote
    - cmd/snap-confine: chown private /tmp to root.root
    - cmd/snap-confine: drop uid from random /tmp name
    - overlord/hookstate: apply pending transaction changes onto
      temporary configuration for snapctl get
    - cmd/snap: `snap connections` command
    - interfaces/greengrass_support: update accesses for GGC 1.8
    - cmd/snap, daemon: make the connectivity check use GET
    - interfaces/builtin,/udev: add spec support to disable udev +
      device cgroup and use it for greengrass
    - interfaces/intel-mei: small follow up tweaks
    - ifacestate/tests: fix/improve udev mon test
    - interfaces: add multipass-support interface
    - tests/main/high-user-handling: fix the test for Go 1.12
    - interfaces: add new intel-mei interface
    - systemd: decrease the checker counter before unlocking otherwise
      we can get spurious panics
    - daemon/tests: fix race in the disconnect conflict test
    - cmd/snap-confine: allow moving tasks to pids cgroup
    - tests: enable opensuse tumbleweed on spread
    - cmd/snap: fix `snap services` completion
    - ifacestate/hotplug: integration with udev monitor
    - packaging: build snapctl as a static binary
    - packaging/opensuse: move most logic to snapd.mk
    - overlord: fix ensure before slowness on Retry
    - overlord/ifacestate: fix migration of connections on upgrade from
      ubuntu-core
    - daemon, client, cmd/snap: debug GETs ask aspects, not actions
    - tests/main/desktop-portal-*: fix handling of python dependencies
    - interfaces/wayland: allow wayland server snaps function on classic
      too
    - daemon, client, cmd/snap: snap debug base-declaration
    - tests: run tests on opensuse leap 15.0 instead of 42.3
    - cmd/snap: fix error messages for snapshots commands if ID is not
      uint
    - interfaces/seccomp: increase filter precision
    - interfaces/network-manager: no peer label check for hostname1
    - tests: add a tests for xdg-desktop-portal integration
    - tests: not checking 'tracking channel' after refresh core on
      nested execution
    - tests: remove snapweb from tests
    - snap, wrappers: support StartTimeout
    - wrappers: Add an X-SnapInstanceName field to desktop files
    - cmd/snap: produce better output for help on subcommands
    - tests/main/nfs-support: use archive mode for creating fstab backup
    - many: collect time each task runs and display it with `snap debug
      timings <id>`
    - tests: add attribution to helper script
    - daemon: make ucrednetGet not loop
    - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
    - features,cmd/libsnap: add new feature "refresh-app-awareness"
    - overlord: fix random typos
    - interfaces/seccomp: generate global seccomp profile
    - daemon/api: fix error case for disconnect conflict
    - overlord/snapstate: add some randomness to the catalog refresh
    - tests: disable trusty-proposed for now
    - tests: fix upgrade-from-2.15 with kernel 4.15
    - interfaces/apparmor: allow sending and receiving signals from
      ourselves
    - tests: split the test interfaces-many in 2 and remove snaps on
      restore
    - tests: use snap which takes 15 seconds to install on retryable-
      error test
    - packaging: avoid race in snapd.postinst
    - overlord/snapstate: discard mount namespace when undoing 1st link
      snap
    - cmd/snap-confine: allow writes to /var/lib/**
    - tests: stop catalog-update test for now
    - tests/main/auto-refresh-private: make sure to actually download
      with the expired macaroon
    - many: save media info when installing, show it when listing
    - userd: handle help urls which requires prepending XDG_DATA_DIRS
    - tests: fix NFS home mocking
    - tests: improve snaps-system-env test
    - tests: pre-cache core on core18 systems
    - interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
      removed Specification
    - debian: ensure leftover usr.lib.snapd.snap-confine is gone
    - image,cmd/snap,tests: introduce support for modern prepare-image
      --snap <snap>[=<channel>]
    - overlord/ifacestate: tweak logic for generating unique slot names
    - packaging: import debian salsa packaging work, add sbuild test and
      use in spead
    - overlord/ifacestate: hotplug-add-slot handler
    - image,cmd/snap: simplify --classic-arch to --arch, expose
      prepare-image
    - tests: run test snap as user in the smoke test
    - cmd/snap: tweak man output to have no doubled up .TP lines
    - cmd/snap, overlord/snapstate: silently ignore classic flag when a
      snap is strictly confined
    - snap-confine: remove special handling of /var/lib/jenkins
    - cmd/snap-confine: handle death of helper process
    - packaging: disable systemd environment generator on 18.04
    - snap-confine: fix classic snaps for users with /var/lib/* homedirs
    - tests/prepare: prevent console-conf from running
    - image: bootstrapToRootDir => setupSeed
    - image,cmd/snap,tests: introduce prepare-image --classic
    - tests: update smoke/sandbox test for armhf
    - client, daemon: introduce helper for querying snapd API

Source diff to previous version
1818648 [SRU] 2.38

Version: 2.37.4ubuntu0.1 2019-03-21 22:06:24 UTC

  snapd (2.37.4ubuntu0.1) xenial-security; urgency=medium

  * No change rebuild for xenial-security (LP: #1812973)
    - CVE-2019-7303

 -- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:56:59 +0000

Source diff to previous version
CVE-2019-7303 RESERVED

Version: 2.37.4 2019-03-14 11:06:21 UTC

  snapd (2.37.4) xenial; urgency=medium

  * New upstream release, LP: #1817949
    - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
    - overlord/ifacestate: fix migration of connections on upgrade from
      ubuntu-core
    - tests: fix upgrade-from-2.15 with kernel 4.15
    - interfaces/seccomp: increase filter precision
    - tests: remove snapweb from tests

 -- Michael Vogt <email address hidden> Wed, 27 Feb 2019 19:53:36 +0100

Source diff to previous version
1817949 [SRU] 2.37.4

Version: 2.34.2ubuntu0.1 2019-02-12 19:07:25 UTC

  snapd (2.34.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via improper input validation
    of socket peer credential (LP: #1813365)
    - daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
      Patch thanks to John Lenton
    - CVE-YYYY-NNNN

 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:54:00 +0000

1813365 Local privilege escalation via snapd socket



About   -   Send Feedback to @ubuntu_updates