snapd
snapd copied to clipboard
snapcore
many: update vendored apparmor to 4.0.1
Thanks for helping us make a better snapd! Have you signed the license agreement and read the contribution guide?
Codecov Report
Attention: Patch coverage is 85.00000% with 3 lines in your changes are missing coverage. Please review.
Project coverage is 78.90%. Comparing base (
a5a6458) to head (2d417ac). Report is 7 commits behind head on master.
| Files | Patch % | Lines |
|---|---|---|
| sandbox/apparmor/apparmor.go | 85.00% | 2 Missing and 1 partial :warning: |
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@ Coverage Diff @@
## master #13354 +/- ##
=======================================
Coverage 78.90% 78.90%
=======================================
Files 1043 1043
Lines 134337 134361 +24
=======================================
+ Hits 106004 106024 +20
- Misses 21721 21723 +2
- Partials 6612 6614 +2
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 78.90% <85.00%> (+<0.01%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Yes :) - I think I need to rebase it on master though so will try freshen it up again soon.
Updated to use the new 4.0.0 beta3 upstream release of apparmor and rebased on current snapd master.
There is at least one real spread test failure due to this PR - tests/main/snapd-homedirs-vendored - which downloads the current snapd snap, and repacks it with the contents of the snapd deb built from this PR - this fails since the repacked snap now has a snapd which expects the vendored apparmor to be version 4.0 (and hence to contain the 4.0 abi definition) but the snap downloaded from edge only has apparmor 3.0 as the vendored version. I can't think of a good way to fix this and so this test will always fail when upgrading to new apparmor major versions like this. Thought @pedronis @zyga @bboozzoo?
Marking this PR as ready for review now though since this is the only spread failure that looks legitimate - the rest appear to be transient issues or already failing on master.
Removing this from 2.63 ( see https://github.com/snapcore/snapd/pull/13354#issuecomment-2011904861)
@ernestl When is the deadline for 2.63? It is possible there will be a fixed version of apparmor before then.
@ernestl When is the deadline for 2.63? It is possible there will be a fixed version of apparmor before then.
We do not have 100% certainty yet, but likely between 5 and 12 April.
@ernestl any chance we can target this for 2.64? Also @pedronis @zyga @bboozzoo any chance you could weigh in on my question above^^^ https://github.com/snapcore/snapd/pull/13354#issuecomment-2011246767 re the failing spread tests?
Agreed strategy:
- Wait for security SRU to Noble to conclude (likely approx 2 weeks)
- Wait to gauge performance/feedback (2 weeks?)
- Aim to release this as part of 2.64 with preliminary release process kick-off start July.
I've rebased this and pushed as a draft to https://github.com/snapcore/snapd/pull/14150 to see test results and keep rebasing without breaking what you did here. I want to be able to compare the results in the end.
Thanks for the heads up @zyga - let me know if you need me to do anything.
I've dismissed my review request since I've opened https://github.com/snapcore/snapd/pull/14150 with some additional changes.