snapd

Wrong snapd error message when /root/snap folder has invalid permissions

Bug #2117558 reported by Pierre Ducroquet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Undecided
Unassigned
snapd 2.72
snapd (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned
Plucky
Fix Released
Undecided
Unassigned
Questing
Fix Released
Undecided
Unassigned

Bug Description

[SRU] 2.72: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2124239

[ Impact ]

Misleading error message: "home directories outside of /home needs configuration" when /root/snap is not accessible (e.g. wrong permissions such as 0660)

[ Test Plan ]

1. Reproduce with snapd snap < 2.72

- change /root/snap permissions to 0660
- run snap application as root
- expect: "home directories outside of /home needs configuration"

2. Prove fixed with snapd snap 2.72

- change /root/snap permissions to 0660
- run snap application as root
- expect: "cannot create user data directory:..."

---original---

After a mistake with a script on my laptop, the /root/snap folder was given wrong permissions (660 instead of 700). This lead to the following completely misleading error message that made the issue much harder to discover and fix: "Sorry, home directories outside of /home needs configuration."
The code in snapd indeed has the following check:

    if (sc_nonfatal_mkpath(user_data, 0755, -1, -1) < 0) {
        if ((errno == EROFS || errno == EACCES) && !sc_startswith(user_data, "/home/")) {
            // clear errno or it will be displayed in die()
            errno = 0;
            // XXX: may point to the right config option here?
            die("Sorry, home directories outside of /home needs configuration.\nSee https://forum.snapcraft.io/t/11209 "
                "for details.");
        }
        die("cannot create user data directory: %s", user_data);
    };

It should also check for "/root" in order to display the proper error message.

See original description
Revision history for this message
Maciej Borzecki (maciek-borzecki) wrote :

PR: https://github.com/canonical/snapd/pull/15729

Changed in snapd:
milestone: none → 2.72
Ernest Lotter (ernestl)
description: updated
Ernest Lotter (ernestl)
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote : Please test proposed package

Hello Pierre, or anyone else affected,

Accepted snapd into questing-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.72+ubuntu25.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-questing to verification-done-questing. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-questing. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Questing):
status: New → Fix Committed
tags: added: verification-needed verification-needed-questing
Changed in snapd (Ubuntu Plucky):
status: New → Fix Committed
tags: added: verification-needed-plucky
Revision history for this message
Julian Andres Klode (juliank) wrote :

Hello Pierre, or anyone else affected,

Accepted snapd into plucky-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.72+ubuntu25.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-plucky to verification-done-plucky. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-plucky. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Noble):
status: New → Fix Committed
tags: added: verification-needed-noble
Revision history for this message
Julian Andres Klode (juliank) wrote :

Hello Pierre, or anyone else affected,

Accepted snapd into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.72+ubuntu24.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Julian Andres Klode (juliank) wrote :

Hello Pierre, or anyone else affected,

Accepted snapd into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.72+ubuntu22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (snapd/2.72+ubuntu24.04)

All autopkgtests for the newly accepted snapd (2.72+ubuntu24.04) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

docker.io-app/28.2.2-0ubuntu1~24.04.1 (amd64, arm64, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (snapd/2.72+ubuntu22.04)

All autopkgtests for the newly accepted snapd (2.72+ubuntu22.04) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

docker.io-app/28.2.2-0ubuntu1~22.04.1 (amd64, ppc64el, s390x)
livecd-rootfs/2.765.55 (amd64)
systemd/249.11-0ubuntu3.17 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (snapd/2.72+ubuntu25.10.2)

All autopkgtests for the newly accepted snapd (2.72+ubuntu25.10.2) for questing have finished running.
The following regressions have been reported in tests triggered by the package:

linux-realtime/6.17.0-1002.3 (amd64)
livecd-rootfs/25.10.24 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/questing/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (snapd/2.72+ubuntu25.04)

All autopkgtests for the newly accepted snapd (2.72+ubuntu25.04) for plucky have finished running.
The following regressions have been reported in tests triggered by the package:

docker.io-app/28.2.2-0ubuntu1~25.04.1 (amd64, arm64, ppc64el, s390x)
systemd/257.4-1ubuntu3.2 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/plucky/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package snapd - 2.72+ubuntu26.04.1

---------------
snapd (2.72+ubuntu26.04.1) resolute; urgency=medium

  * New upstream release, LP: #2124239
    - FDE: support replacing TPM protected keys at runtime via the
      /v2/system-volumes endpoint
    - FDE: support secboot preinstall check fix actions for 25.10+
      hybrid installs via the /v2/system/{label} endpoint
    - FDE: tweak polkit message to remove jargon
    - FDE: ensure proper sealing with kernel command line defaults
    - FDE: provide generic reseal function
    - FDE: support using OPTEE for protecting keys, as an alternative to
      existing fde-setup hooks (Ubuntu Core only)
    - Confdb: 'snapctl get --view' supports passing default values
    - Confdb: content sub-rules in confdb-schemas inherit their parent
      rule's "access"
    - Confdb: make confdb error kinds used in API more generic
    - Confdb: fully support lists and indexed paths (including unset)
    - Prompting: add notice backend for prompting types (unused for now)
    - Prompting: include request cgroup in prompt
    - Prompting: handle unsupported xattrs
    - Prompting: add permission mapping for the camera interface
    - Notices: read notices from state without state lock
    - Notices: add methods to get notice fields and create, reoccur, and
      deepcopy notice
    - Notices: add notice manager to coordinate separate notice backends
    - Notices: support draining notices from state when notice backend
      registered as producer of a particular notice type
    - Notices: query notice manager from daemon instead of querying
      state for notices directly
    - Packaging: Ubuntu | ignore .git directory
    - Packaging: FIPS | bump deb Go FIPS to 1.23
    - Packaging: snap | bump FIPS toolchain to 1.23
    - Packaging: debian | sync most upstream changes
    - Packaging: debian-sid | depends on libcap2-bin for postint
    - Packaging: Fedora | drop fakeroot
    - Packaging: snap | modify snapd.mk to pass build tags when running
      unit tests
    - Packaging: snap | modify snapd.mk to pass nooptee build tag
    - Packaging: modify Makefile.am to fix snap-confine install profile
      with 'make hack'
    - Packaging: modify Makefile.am to fix out-of-tree use of 'make
      hack'
    - LP: #2122054 Snap installation: skip snap icon download when
      running in a cloud or using a proxy store
    - Snap installation: add timeout to http client when downloading
      snap icon
    - Snap installation: use http(s) proxy for icon downloads
    - LP: #2117558 snap-confine: fix error message with /root/snap not
      accessible
    - snap-confine: fix non-suid limitation by switching to root:root to
      operate v1 freezer
    - core-initrd: do not use writable-paths when not available
    - core-initrd: remove debian folder
    - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
      interface now with the more robust gpio-aggregator configfs kernel
      interface
    - Interfaces: gpio-chardev | exclusive snap connections, raise a
      conflict when both gpio-chardev and gpio are connected
    - Interfaces: gpio-chardev | fix gpio-aggregator module lo...

Read more...

Changed in snapd (Ubuntu):
status: New → Fix Released
Revision history for this message
Ernest Lotter (ernestl) wrote :

Verification on Plucky
======================

1. Reproduce with snapd snap < 2.72

snap 2.71+ubuntu25.04
snapd 2.71+ubuntu25.04
series 16
ubuntu 25.04
kernel 6.14.0-35-generic

sudo SNAP_REEXEC=0 hello-world
Sorry, home directories outside of /home needs configuration.
See https://forum.snapcraft.io/t/11209 for details.

2. Prove fixed with snapd snap 2.72

snap 2.72+ubuntu25.04
snapd 2.72+ubuntu25.04
series 16
ubuntu 25.04
kernel 6.14.0-35-generic
architecture amd64

sudo SNAP_REEXEC=0 hello-world
cannot create user data directory: /root/snap/hello-world/29: Permission denied

Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

Verification for Jammy
======================

1. Reproduce with snapd snap < 2.72

snap 2.71+ubuntu22.04
snapd 2.71+ubuntu22.04
series 16
ubuntu 22.04
kernel 5.15.0-160-generic

sudo hello-world
Sorry, home directories outside of /home needs configuration.
See https://forum.snapcraft.io/t/11209 for details.

2. Prove fixed with snapd snap 2.72

snap 2.72+ubuntu22.04
snapd 2.72+ubuntu22.04
series 16
ubuntu 22.04
kernel 5.15.0-160-generic
architecture amd64

sudo hello-world
cannot create user data directory: /root/snap/hello-world/29: Permission denied

Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

Verification for Noble
======================

1. Reproduce with snapd snap < 2.72

snap 2.71+ubuntu24.04
snapd 2.71+ubuntu24.04
series 16
ubuntu 24.04
kernel 6.8.0-87-generic

sudo SNAP_REEXEC=0 hello-world
Sorry, home directories outside of /home needs configuration.
See https://forum.snapcraft.io/t/11209 for details

2. Prove fixed with snapd snap 2.72

snap 2.72+ubuntu24.04
snapd 2.72+ubuntu24.04
series 16
ubuntu 24.04
kernel 6.8.0-87-generic
architecture amd64

sudo SNAP_REEXEC=0 hello-world
cannot create user data directory: /root/snap/hello-world/29: Permission denied

Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

Verification for Questing
=========================

1. Reproduce with snapd snap < 2.72

snap 2.71.1+ubuntu25.10.1
snapd 2.71.1+ubuntu25.10.1
series 16
ubuntu 25.10
kernel 6.17.0-6-generic

sudo SNAP_REEXEC=0 hello-world
Sorry, home directories outside of /home needs configuration.
See https://forum.snapcraft.io/t/11209 for details.

2. Prove fixed with snapd snap 2.72

snap 2.72+ubuntu25.10.2
snapd 2.72+ubuntu25.10.2
series 16
ubuntu 25.10
kernel 6.17.0-6-generic
architecture amd6

sudo hello-world
cannot create user data directory: /root/snap/hello-world/29: Permission denied

Ernest Lotter (ernestl)
tags: added: verification-done verification-done-jammy verification-done-noble verification-done-plucky verification-done-questing
removed: verification-needed verification-needed-jammy verification-needed-noble verification-needed-plucky verification-needed-questing
Changed in snapd:
status: New → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

note to self: SRU ok for release

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for snapd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package snapd - 2.72+ubuntu25.04

---------------
snapd (2.72+ubuntu25.04) plucky; urgency=medium

  * New upstream release, LP: #2124239
    - FDE: support replacing TPM protected keys at runtime via the
      /v2/system-volumes endpoint
    - FDE: support secboot preinstall check fix actions for 25.10+
      hybrid installs via the /v2/system/{label} endpoint
    - FDE: tweak polkit message to remove jargon
    - FDE: ensure proper sealing with kernel command line defaults
    - FDE: provide generic reseal function
    - FDE: support using OPTEE for protecting keys, as an alternative to
      existing fde-setup hooks (Ubuntu Core only)
    - Confdb: 'snapctl get --view' supports passing default values
    - Confdb: content sub-rules in confdb-schemas inherit their parent
      rule's "access"
    - Confdb: make confdb error kinds used in API more generic
    - Confdb: fully support lists and indexed paths (including unset)
    - Prompting: add notice backend for prompting types (unused for now)
    - Prompting: include request cgroup in prompt
    - Prompting: handle unsupported xattrs
    - Prompting: add permission mapping for the camera interface
    - Notices: read notices from state without state lock
    - Notices: add methods to get notice fields and create, reoccur, and
      deepcopy notice
    - Notices: add notice manager to coordinate separate notice backends
    - Notices: support draining notices from state when notice backend
      registered as producer of a particular notice type
    - Notices: query notice manager from daemon instead of querying
      state for notices directly
    - Packaging: Ubuntu | ignore .git directory
    - Packaging: FIPS | bump deb Go FIPS to 1.23
    - Packaging: snap | bump FIPS toolchain to 1.23
    - Packaging: debian | sync most upstream changes
    - Packaging: debian-sid | depends on libcap2-bin for postint
    - Packaging: Fedora | drop fakeroot
    - Packaging: snap | modify snapd.mk to pass build tags when running
      unit tests
    - Packaging: snap | modify snapd.mk to pass nooptee build tag
    - Packaging: modify Makefile.am to fix snap-confine install profile
      with 'make hack'
    - Packaging: modify Makefile.am to fix out-of-tree use of 'make
      hack'
    - LP: #2122054 Snap installation: skip snap icon download when
      running in a cloud or using a proxy store
    - Snap installation: add timeout to http client when downloading
      snap icon
    - Snap installation: use http(s) proxy for icon downloads
    - LP: #2117558 snap-confine: fix error message with /root/snap not
      accessible
    - snap-confine: fix non-suid limitation by switching to root:root to
      operate v1 freezer
    - core-initrd: do not use writable-paths when not available
    - core-initrd: remove debian folder
    - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
      interface now with the more robust gpio-aggregator configfs kernel
      interface
    - Interfaces: gpio-chardev | exclusive snap connections, raise a
      conflict when both gpio-chardev and gpio are connected
    - Interfaces: gpio-chardev | fix gpio-aggregator module load ord...

Read more...

Changed in snapd (Ubuntu Plucky):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package snapd - 2.72+ubuntu24.04

---------------
snapd (2.72+ubuntu24.04) noble; urgency=medium

  * New upstream release, LP: #2124239
    - FDE: support replacing TPM protected keys at runtime via the
      /v2/system-volumes endpoint
    - FDE: support secboot preinstall check fix actions for 25.10+
      hybrid installs via the /v2/system/{label} endpoint
    - FDE: tweak polkit message to remove jargon
    - FDE: ensure proper sealing with kernel command line defaults
    - FDE: provide generic reseal function
    - FDE: support using OPTEE for protecting keys, as an alternative to
      existing fde-setup hooks (Ubuntu Core only)
    - Confdb: 'snapctl get --view' supports passing default values
    - Confdb: content sub-rules in confdb-schemas inherit their parent
      rule's "access"
    - Confdb: make confdb error kinds used in API more generic
    - Confdb: fully support lists and indexed paths (including unset)
    - Prompting: add notice backend for prompting types (unused for now)
    - Prompting: include request cgroup in prompt
    - Prompting: handle unsupported xattrs
    - Prompting: add permission mapping for the camera interface
    - Notices: read notices from state without state lock
    - Notices: add methods to get notice fields and create, reoccur, and
      deepcopy notice
    - Notices: add notice manager to coordinate separate notice backends
    - Notices: support draining notices from state when notice backend
      registered as producer of a particular notice type
    - Notices: query notice manager from daemon instead of querying
      state for notices directly
    - Packaging: Ubuntu | ignore .git directory
    - Packaging: FIPS | bump deb Go FIPS to 1.23
    - Packaging: snap | bump FIPS toolchain to 1.23
    - Packaging: debian | sync most upstream changes
    - Packaging: debian-sid | depends on libcap2-bin for postint
    - Packaging: Fedora | drop fakeroot
    - Packaging: snap | modify snapd.mk to pass build tags when running
      unit tests
    - Packaging: snap | modify snapd.mk to pass nooptee build tag
    - Packaging: modify Makefile.am to fix snap-confine install profile
      with 'make hack'
    - Packaging: modify Makefile.am to fix out-of-tree use of 'make
      hack'
    - LP: #2122054 Snap installation: skip snap icon download when
      running in a cloud or using a proxy store
    - Snap installation: add timeout to http client when downloading
      snap icon
    - Snap installation: use http(s) proxy for icon downloads
    - LP: #2117558 snap-confine: fix error message with /root/snap not
      accessible
    - snap-confine: fix non-suid limitation by switching to root:root to
      operate v1 freezer
    - core-initrd: do not use writable-paths when not available
    - core-initrd: remove debian folder
    - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
      interface now with the more robust gpio-aggregator configfs kernel
      interface
    - Interfaces: gpio-chardev | exclusive snap connections, raise a
      conflict when both gpio-chardev and gpio are connected
    - Interfaces: gpio-chardev | fix gpio-aggregator module load orde...

Read more...

Changed in snapd (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package snapd - 2.72+ubuntu22.04

---------------
snapd (2.72+ubuntu22.04) jammy; urgency=medium

  * New upstream release, LP: #2124239
    - FDE: support replacing TPM protected keys at runtime via the
      /v2/system-volumes endpoint
    - FDE: support secboot preinstall check fix actions for 25.10+
      hybrid installs via the /v2/system/{label} endpoint
    - FDE: tweak polkit message to remove jargon
    - FDE: ensure proper sealing with kernel command line defaults
    - FDE: provide generic reseal function
    - FDE: support using OPTEE for protecting keys, as an alternative to
      existing fde-setup hooks (Ubuntu Core only)
    - Confdb: 'snapctl get --view' supports passing default values
    - Confdb: content sub-rules in confdb-schemas inherit their parent
      rule's "access"
    - Confdb: make confdb error kinds used in API more generic
    - Confdb: fully support lists and indexed paths (including unset)
    - Prompting: add notice backend for prompting types (unused for now)
    - Prompting: include request cgroup in prompt
    - Prompting: handle unsupported xattrs
    - Prompting: add permission mapping for the camera interface
    - Notices: read notices from state without state lock
    - Notices: add methods to get notice fields and create, reoccur, and
      deepcopy notice
    - Notices: add notice manager to coordinate separate notice backends
    - Notices: support draining notices from state when notice backend
      registered as producer of a particular notice type
    - Notices: query notice manager from daemon instead of querying
      state for notices directly
    - Packaging: Ubuntu | ignore .git directory
    - Packaging: FIPS | bump deb Go FIPS to 1.23
    - Packaging: snap | bump FIPS toolchain to 1.23
    - Packaging: debian | sync most upstream changes
    - Packaging: debian-sid | depends on libcap2-bin for postint
    - Packaging: Fedora | drop fakeroot
    - Packaging: snap | modify snapd.mk to pass build tags when running
      unit tests
    - Packaging: snap | modify snapd.mk to pass nooptee build tag
    - Packaging: modify Makefile.am to fix snap-confine install profile
      with 'make hack'
    - Packaging: modify Makefile.am to fix out-of-tree use of 'make
      hack'
    - LP: #2122054 Snap installation: skip snap icon download when
      running in a cloud or using a proxy store
    - Snap installation: add timeout to http client when downloading
      snap icon
    - Snap installation: use http(s) proxy for icon downloads
    - LP: #2117558 snap-confine: fix error message with /root/snap not
      accessible
    - snap-confine: fix non-suid limitation by switching to root:root to
      operate v1 freezer
    - core-initrd: do not use writable-paths when not available
    - core-initrd: remove debian folder
    - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
      interface now with the more robust gpio-aggregator configfs kernel
      interface
    - Interfaces: gpio-chardev | exclusive snap connections, raise a
      conflict when both gpio-chardev and gpio are connected
    - Interfaces: gpio-chardev | fix gpio-aggregator module load orde...

Read more...

Changed in snapd (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package snapd - 2.72+ubuntu25.10.2

---------------
snapd (2.72+ubuntu25.10.2) questing; urgency=medium

  * New upstream release, LP: #2124239
    - FDE: support replacing TPM protected keys at runtime via the
      /v2/system-volumes endpoint
    - FDE: support secboot preinstall check fix actions for 25.10+
      hybrid installs via the /v2/system/{label} endpoint
    - FDE: tweak polkit message to remove jargon
    - FDE: ensure proper sealing with kernel command line defaults
    - FDE: provide generic reseal function
    - FDE: support using OPTEE for protecting keys, as an alternative to
      existing fde-setup hooks (Ubuntu Core only)
    - Confdb: 'snapctl get --view' supports passing default values
    - Confdb: content sub-rules in confdb-schemas inherit their parent
      rule's "access"
    - Confdb: make confdb error kinds used in API more generic
    - Confdb: fully support lists and indexed paths (including unset)
    - Prompting: add notice backend for prompting types (unused for now)
    - Prompting: include request cgroup in prompt
    - Prompting: handle unsupported xattrs
    - Prompting: add permission mapping for the camera interface
    - Notices: read notices from state without state lock
    - Notices: add methods to get notice fields and create, reoccur, and
      deepcopy notice
    - Notices: add notice manager to coordinate separate notice backends
    - Notices: support draining notices from state when notice backend
      registered as producer of a particular notice type
    - Notices: query notice manager from daemon instead of querying
      state for notices directly
    - Packaging: Ubuntu | ignore .git directory
    - Packaging: FIPS | bump deb Go FIPS to 1.23
    - Packaging: snap | bump FIPS toolchain to 1.23
    - Packaging: debian | sync most upstream changes
    - Packaging: debian-sid | depends on libcap2-bin for postint
    - Packaging: Fedora | drop fakeroot
    - Packaging: snap | modify snapd.mk to pass build tags when running
      unit tests
    - Packaging: snap | modify snapd.mk to pass nooptee build tag
    - Packaging: modify Makefile.am to fix snap-confine install profile
      with 'make hack'
    - Packaging: modify Makefile.am to fix out-of-tree use of 'make
      hack'
    - LP: #2122054 Snap installation: skip snap icon download when
      running in a cloud or using a proxy store
    - Snap installation: add timeout to http client when downloading
      snap icon
    - Snap installation: use http(s) proxy for icon downloads
    - LP: #2117558 snap-confine: fix error message with /root/snap not
      accessible
    - snap-confine: fix non-suid limitation by switching to root:root to
      operate v1 freezer
    - core-initrd: do not use writable-paths when not available
    - core-initrd: remove debian folder
    - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
      interface now with the more robust gpio-aggregator configfs kernel
      interface
    - Interfaces: gpio-chardev | exclusive snap connections, raise a
      conflict when both gpio-chardev and gpio are connected
    - Interfaces: gpio-chardev | fix gpio-aggregator module lo...

Read more...

Changed in snapd (Ubuntu Questing):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.