* update cgroup handling for 16.04 (LP: #1564401):
- debian/usr.bin.ubuntu-core-launcher:
+ allow creating cgroups with snap.*
+ allow ixr of 'tr'
+ remove access to /var/lib/apparmor/clicks/
- update README to more fully explain the cgroups implementation
- src/80-snappy-assign.rules: append an app-specific tag instead of
adding a generic tag and snap-specific property
- src/snappy-app-dev: convert the new tag to the directory name
- src/main.c:
+ refactor and simplify control flow to query udev for device assignment
instead of searching apparmor policy for a specific string
+ adjust udev query for app-specific tag
+ raise real_uid after fork() before calling /lib/udev/snappy-app-dev
so non-root app launches work with the device cgroup
[ Michael Vogt ]
* ignore non-existing dirs when doing the overlay mount
* add /lib32, /libx32 to the overlay mounts
[ Jamie Strandboge ]
* add back the use of /usr from the ubuntu-core snap instead of the host
system (LP: #1570581)
* implement @complain as a synonym for @unrestricted since snappy will use
@complain to toggle developer mode. This allows snaps to work in developer
mode while seccomp logging is being developed (LP: #1570578)
This bug was fixed in the package ubuntu- core-launcher - 1.0.25
--------------- core-launcher (1.0.25) xenial; urgency=medium
ubuntu-
* update cgroup handling for 16.04 (LP: #1564401): usr.bin. ubuntu- core-launcher: apparmor/ clicks/ snappy- assign. rules: append an app-specific tag instead of snappy- app-dev
- debian/
+ allow creating cgroups with snap.*
+ allow ixr of 'tr'
+ remove access to /var/lib/
- update README to more fully explain the cgroups implementation
- src/80-
adding a generic tag and snap-specific property
- src/snappy-app-dev: convert the new tag to the directory name
- src/main.c:
+ refactor and simplify control flow to query udev for device assignment
instead of searching apparmor policy for a specific string
+ adjust udev query for app-specific tag
+ raise real_uid after fork() before calling /lib/udev/
so non-root app launches work with the device cgroup
ubuntu- core-launcher (1.0.24) xenial; urgency=medium
[ Michael Vogt ]
* ignore non-existing dirs when doing the overlay mount
* add /lib32, /libx32 to the overlay mounts
[ Jamie Strandboge ]
* add back the use of /usr from the ubuntu-core snap instead of the host
system (LP: #1570581)
* implement @complain as a synonym for @unrestricted since snappy will use
@complain to toggle developer mode. This allows snaps to work in developer
mode while seccomp logging is being developed (LP: #1570578)
-- Jamie Strandboge <email address hidden> Thu, 14 Apr 2016 18:05:57 -0500