[SRU] Dependency on snap-confine too weak
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Trivial SRU of snapd that adds a missing versioned dependency for snap-confine to snapd.
It turns out there is a regression because of this if:
- you use an armhf architecture
- snapd 2.16
- snap-confine < 1.0.43
The reason is that with snapd 2.16 we use the "snap run" to start applications. This is a command written in go. On armhf the auxv vector content is critical for successfully running go commands.
But apparmor cleans that by default because it might be dangerous.
On snap-confine 1.0.43 we added an apparmor rule to relax this.
TEST CASE:
- install snapd 2.16 on an armhf/classic system (e.g. pi2)
- make sure you have snap-confine from xenial (not from xenial-updates): 1.0.38
- snap install hello
- run "hello" and verify it does not run
- install snap-confine from xenial-updates (1.0.43)
- verify that "hello" does run now
summary: |
- [SRU] 2.16.1 + [SRU] Dependency on snap-confine too weak |
description: | updated |
description: | updated |
Changed in snapd (Ubuntu): | |
status: | Confirmed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.