[Touch-packages] [Bug 1569581] Re: snapd no longer detects apparmor changes on upgrade

Wed, 04 May 2016 08:11:51 -0700 

Ok, I've added an apparmor task and assigned to me. Leaving the snappy
tasks open for "we will re-load all profiles for a specific snap each
time something in that snap changes *AND* we promise to detect changes
to the internal templates built into snappy" where I understand the
first part is done but the changes to internal templates is not.
Assigning zyga for the time being-- please adjust as necessary.

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snapd (Ubuntu)
       Status: New => Triaged

** Changed in: snapd (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: apparmor (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu Xenial)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu)
       Status: New => Triaged

** Changed in: apparmor (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: snappy
     Assignee: (unassigned) => Zygmunt Krynicki (zyga)

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => High

** Changed in: apparmor (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1569581

Title:
  snapd no longer detects apparmor changes on upgrade

Status in Snappy:
  Triaged
Status in apparmor package in Ubuntu:
  Triaged
Status in snapd package in Ubuntu:
  Triaged
Status in apparmor source package in Xenial:
  Triaged
Status in snapd source package in Xenial:
  Triaged

Bug description:
  snappy in 16.04 used to compare /usr/share/snappy/security-policy-
  version and /var/lib/snappy/security-policy-version on boot to see if
  the apparmor package changed and therefore if it needed to regenerate
  all snap policy. This functionality was recently removed with nothing
  added to replace it.

  snapd must have a means to detect changes to the parser or the
  abstractions which the snap may #include, otherwise we cannot deliver
  parser and policy fixes from apparmor to installed snaps. It is fine
  to use a different method than what we had before, but we need to have
  something.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1569581/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to