revert removal of /usr bind mount in 1.0.23

Bug #1570581 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-core-launcher (Ubuntu)
Critical
Jamie Strandboge

Bug Description

1.0.23 accidentally removed bind mounting ubuntu-core's /usr on /usr on snap launch which results in snap's seeing the host's /usr.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is in ubuntu-core-launcher trunk.

Changed in ubuntu-core-launcher (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-core-launcher - 1.0.25

---------------
ubuntu-core-launcher (1.0.25) xenial; urgency=medium

  * update cgroup handling for 16.04 (LP: #1564401):
    - debian/usr.bin.ubuntu-core-launcher:
      + allow creating cgroups with snap.*
      + allow ixr of 'tr'
      + remove access to /var/lib/apparmor/clicks/
    - update README to more fully explain the cgroups implementation
    - src/80-snappy-assign.rules: append an app-specific tag instead of
      adding a generic tag and snap-specific property
    - src/snappy-app-dev: convert the new tag to the directory name
    - src/main.c:
      + refactor and simplify control flow to query udev for device assignment
        instead of searching apparmor policy for a specific string
      + adjust udev query for app-specific tag
      + raise real_uid after fork() before calling /lib/udev/snappy-app-dev
        so non-root app launches work with the device cgroup

ubuntu-core-launcher (1.0.24) xenial; urgency=medium

  [ Michael Vogt ]
  * ignore non-existing dirs when doing the overlay mount
  * add /lib32, /libx32 to the overlay mounts

  [ Jamie Strandboge ]
  * add back the use of /usr from the ubuntu-core snap instead of the host
    system (LP: #1570581)
  * implement @complain as a synonym for @unrestricted since snappy will use
    @complain to toggle developer mode. This allows snaps to work in developer
    mode while seccomp logging is being developed (LP: #1570578)

 -- Jamie Strandboge <email address hidden> Thu, 14 Apr 2016 18:05:57 -0500

Changed in ubuntu-core-launcher (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers