[ubuntu/jammy-proposed] snapd 2.67.1+22.04 (Accepted)
Ernest Lotter
ernest.lotter at canonical.com
Wed Feb 12 19:20:40 UTC 2025
snapd (2.67.1+22.04) jammy; urgency=medium
* New upstream release, LP: #2089691
- Fix apparmor permissions to allow snaps access to kernel modules
and firmware on UC24, which also fixes the kernel-modules-control
interface on UC24
- AppArmor prompting (experimental): disallow /./ and /../ in path
patterns
- LP: #2090938 Fix 'snap run' getent based user lookup in case of bad PATH
- Fix snapd using the incorrect AppArmor version during undo of an
refresh for regenerating snap profiles
- Add new syscalls to base templates
- hardware-observe interface: allow riscv_hwprobe syscall
- mount-observe interface: allow listmount and statmount syscalls
snapd (2.67+22.04) jammy; urgency=medium
- AppArmor prompting (experimental): allow overlapping rules
- Registry view (experimental): Changes to registry data (from both
users and snaps) can be validated and saved by custodian snaps
- Registry view (experimental): Support 'snapctl get --pristine' to
read the registry data excluding staged transaction changes
- Registry view (experimental): Put registry commands behind
experimental feature flag
- Components: Make modules shipped/created by kernel-modules
components available right after reboot
- Components: Add tab completion for local component files
- Components: Allow installing snaps and components from local files
jointly on the CLI
- Components: Allow 'snapctl model' command for gadget and kernel
snaps
- Components: Add 'snap components' command
- Components: Bug fixes
- eMMC gadget updates (WIP): add syntax support in gadget.yaml for
eMMC schema
- Support for ephemeral recovery mode on hybrid systems
- Support for dm-verity options in snap-bootstrap
- Support for overlayfs options and allow empty what argument for
tmpfs
- Enable ubuntu-image to determine the size of the disk image to
create
- Expose 'snap debug' commands 'validate-seed' and 'seeding'
- Add debug API option to use dedicated snap socket /run/snapd-
snap.socket
- Hide experimental features that are no longer required
(accepted/rejected)
- Mount ubuntu-save partition with no{exec,dev,suid} at install, run
and factory-reset
- Improve memory controller support with cgroup v2
- Support ssh socket activation configurations (used by ubuntu
22.10+)
- Fix generation of AppArmor profile with incorrect revision during
multi snap refresh
- LP: #2084730 Fix refresh app awareness related deadlock edge case
- Fix not caching delta updated snap download
- Fix passing non root uid, guid to initial tmpfs mount
- Fix ignoring snaps in try mode when amending
- LP: #2083961 Fix reloading of service activation units to avoid systemd errors
- Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
updates PPA
- Make killing of snap apps best effort to avoid possibility of
malicious failure loop
- Alleviate impact of auto-refresh failure loop with progressive
delay
- LP: #2085535 Dropped timedatex in selinux-policy to avoid runtime issue
- Fix missing syscalls in seccomp profile
- Modify AppArmor template to allow using SNAP_REEXEC on arch
systems
- Modify AppArmor template to allow using vim.tiny (available in
base snaps)
- Modify AppArmor template to add read-access to debian_version
- Modify AppArmor template to allow owner to read
@{PROC}/@{pid}/sessionid
- {common,personal,system}-files interface: prohibit trailing @ in
filepaths
- {desktop,shutdown,system-observe,upower-observe} interface:
improve for Ubuntu Core Desktop
- custom-device interface: allow @ in custom-device filepaths
- desktop interface: improve launch entry and systray integration
with session
- desktop-legacy interface: allow DBus access to
com.canonical.dbusmenu
- fwupd interface: allow access to nvmem for thunderbolt plugin
- mpris interface: add plasmashell as label
- mount-control interface: add support for nfs mounts
- LP: #2086203 network-{control,manager} interface: add missing dbus link rules
- network-manager-observe interface: add getDevices methods
- opengl interface: add Kernel Fusion Driver access to opengl
- screen-inhibit-control interface: improve screen inhibit control
for use on core
- udisks2 interface: allow ping of the UDisks2 service
- u2f-devices interface: add Nitrokey Passkey
Date: Wed, 15 Jan 2025 22:02:37 +0200
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.67.1+22.04
-------------- next part --------------
Format: 1.8
Date: Wed, 15 Jan 2025 22:02:37 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.67.1+22.04
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Launchpad-Bugs-Fixed: 2083961 2084730 2085535 2086203 2089691 2090938
Changes:
snapd (2.67.1+22.04) jammy; urgency=medium
.
* New upstream release, LP: #2089691
- Fix apparmor permissions to allow snaps access to kernel modules
and firmware on UC24, which also fixes the kernel-modules-control
interface on UC24
- AppArmor prompting (experimental): disallow /./ and /../ in path
patterns
- LP: #2090938 Fix 'snap run' getent based user lookup in case of bad PATH
- Fix snapd using the incorrect AppArmor version during undo of an
refresh for regenerating snap profiles
- Add new syscalls to base templates
- hardware-observe interface: allow riscv_hwprobe syscall
- mount-observe interface: allow listmount and statmount syscalls
.
snapd (2.67+22.04) jammy; urgency=medium
.
- AppArmor prompting (experimental): allow overlapping rules
- Registry view (experimental): Changes to registry data (from both
users and snaps) can be validated and saved by custodian snaps
- Registry view (experimental): Support 'snapctl get --pristine' to
read the registry data excluding staged transaction changes
- Registry view (experimental): Put registry commands behind
experimental feature flag
- Components: Make modules shipped/created by kernel-modules
components available right after reboot
- Components: Add tab completion for local component files
- Components: Allow installing snaps and components from local files
jointly on the CLI
- Components: Allow 'snapctl model' command for gadget and kernel
snaps
- Components: Add 'snap components' command
- Components: Bug fixes
- eMMC gadget updates (WIP): add syntax support in gadget.yaml for
eMMC schema
- Support for ephemeral recovery mode on hybrid systems
- Support for dm-verity options in snap-bootstrap
- Support for overlayfs options and allow empty what argument for
tmpfs
- Enable ubuntu-image to determine the size of the disk image to
create
- Expose 'snap debug' commands 'validate-seed' and 'seeding'
- Add debug API option to use dedicated snap socket /run/snapd-
snap.socket
- Hide experimental features that are no longer required
(accepted/rejected)
- Mount ubuntu-save partition with no{exec,dev,suid} at install, run
and factory-reset
- Improve memory controller support with cgroup v2
- Support ssh socket activation configurations (used by ubuntu
22.10+)
- Fix generation of AppArmor profile with incorrect revision during
multi snap refresh
- LP: #2084730 Fix refresh app awareness related deadlock edge case
- Fix not caching delta updated snap download
- Fix passing non root uid, guid to initial tmpfs mount
- Fix ignoring snaps in try mode when amending
- LP: #2083961 Fix reloading of service activation units to avoid systemd errors
- Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
updates PPA
- Make killing of snap apps best effort to avoid possibility of
malicious failure loop
- Alleviate impact of auto-refresh failure loop with progressive
delay
- LP: #2085535 Dropped timedatex in selinux-policy to avoid runtime issue
- Fix missing syscalls in seccomp profile
- Modify AppArmor template to allow using SNAP_REEXEC on arch
systems
- Modify AppArmor template to allow using vim.tiny (available in
base snaps)
- Modify AppArmor template to add read-access to debian_version
- Modify AppArmor template to allow owner to read
@{PROC}/@{pid}/sessionid
- {common,personal,system}-files interface: prohibit trailing @ in
filepaths
- {desktop,shutdown,system-observe,upower-observe} interface:
improve for Ubuntu Core Desktop
- custom-device interface: allow @ in custom-device filepaths
- desktop interface: improve launch entry and systray integration
with session
- desktop-legacy interface: allow DBus access to
com.canonical.dbusmenu
- fwupd interface: allow access to nvmem for thunderbolt plugin
- mpris interface: add plasmashell as label
- mount-control interface: add support for nfs mounts
- LP: #2086203 network-{control,manager} interface: add missing dbus link rules
- network-manager-observe interface: add getDevices methods
- opengl interface: add Kernel Fusion Driver access to opengl
- screen-inhibit-control interface: improve screen inhibit control
for use on core
- udisks2 interface: allow ping of the UDisks2 service
- u2f-devices interface: add Nitrokey Passkey
Checksums-Sha1:
8996f15de1fa24244bbbc1958f7e501eefe91072 2983 snapd_2.67.1+22.04.dsc
076cfd43c1dc5fc76fed42956f881eaa1e7d2b85 10069884 snapd_2.67.1+22.04.tar.xz
90acbd84c5fb0e17cd0f4d26962c1b5d135de4c5 11406 snapd_2.67.1+22.04_source.buildinfo
Checksums-Sha256:
a9a33c09e8adb0eaa897470e6d9c8d6ed1028bace5b010083d6f19d03275ada7 2983 snapd_2.67.1+22.04.dsc
c27b316dae84fd109892a50ceacfa1be08174809491844fe2a7c3b3d306bc55e 10069884 snapd_2.67.1+22.04.tar.xz
7e3d868bb9da00ad9a2edebffa00e42135245997b748b7faa0ee3072f4b36172 11406 snapd_2.67.1+22.04_source.buildinfo
Files:
f8a393c13eee52d959b843a00ead32fd 2983 devel optional snapd_2.67.1+22.04.dsc
edf2547e35f6ee21534b3bec44442c7a 10069884 devel optional snapd_2.67.1+22.04.tar.xz
875e03f374be5b25c234fc80de9f901f 11406 devel optional snapd_2.67.1+22.04_source.buildinfo
More information about the jammy-changes
mailing list