a) Can you please elaborate on this d/rules change: +# Decision to not support optee (arm64, armhf only) on debs because focal build +# fails due to missing build time dependency optee-client-dev. +# TODO: The intention is to split control files for different releases, after +# which point this build dependency can be enabled where its available. +_TAGS := $(_TAGS),nooptee +_SNAP_TAGS := $(_SNAP_TAGS),nooptee
This is now passing the "nooptee" flag to the build, and presumably this is disabling a feature that was enabled before. And this SRU is not targeting focal. b) non-suid snap-confine + - Non-suid snap-confine: first phase to replace snap-confine suid + with capabilities to achieve the required permissions I see that snapd.postinst now does this: + # ensure required caps on snap-confine + setcap -q - /usr/lib/snapd/snap-confine < /usr/lib/snapd/snap-confine.caps But the suid root bit is not removed or changed. When the changelog says "first phase", do you mean to keep both the capabilities AND the SUID root bit set in this phase? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2118396 Title: [SRU] 2.71 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2118396/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
