From 45d7199a606c8b1b1ccdcc86270cbec8b9fc62e9 Mon Sep 17 00:00:00 2001 From: Ikey Doherty Date: Wed, 8 Nov 2017 21:58:39 +0000 Subject: [PATCH 1/2] cmd/snap-confine: Ensure snap-confine is allowed to access os-release This dupes the existing rule and fixes a regression on Solus where we see a denial for the os-release file. Signed-off-by: Ikey Doherty --- cmd/snap-confine/snap-confine.apparmor.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in index 2e1681b7a10..88cb344f7ca 100644 --- a/cmd/snap-confine/snap-confine.apparmor.in +++ b/cmd/snap-confine/snap-confine.apparmor.in @@ -213,6 +213,9 @@ umount /var/lib/snapd/hostfs/proc/, mount options=(rw rslave) -> /var/lib/snapd/hostfs/, + # Allow reading the os-release file (possibly a symlink to /usr/lib). + /{etc/,usr/lib/}os-release r, + # set up snap-specific private /tmp dir capability chown, /tmp/ w, From d9444a2a59d718cced4811323f0807ff6c81ea11 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 9 Nov 2017 08:25:28 +0100 Subject: [PATCH 2/2] tests: disable xdg-open-compat test The test relies on the "old" snapd-xdg-open deb package. However with the promotion of snapd 2.28.5 into xenial-updates the pervious snapd-xdg-open version 0.0.0~16.04 is no longer available to download. This means we can not run the test. Disable for now until we find a way to fix it. --- tests/main/xdg-open-compat/task.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/main/xdg-open-compat/task.yaml b/tests/main/xdg-open-compat/task.yaml index 46894e1184d..769ed35285d 100644 --- a/tests/main/xdg-open-compat/task.yaml +++ b/tests/main/xdg-open-compat/task.yaml @@ -11,6 +11,10 @@ description: | # we must have snapd-xdg-open available systems: [ubuntu-16.04-*] +# disabled because the "old" snapd-xdg-open is no longer available in the +# archive +manual: true + environment: DISPLAY: :0 XDG_OPEN_OUTPUT: /tmp/xdg-open-output