cmd/snap-seccomp/main.go | 5 1 + 4 - 0 !
cmd/snap-seccomp/main_test.go | 2 1 + 1 - 0 !
cmd/snap-seccomp/versioninfo.go | 2 1 + 1 - 0 !
cmd/snap-seccomp/versioninfo_test.go | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 7 deletions(-)

 [patch 1/9] cmd/snap-seccomp: use upstream seccomp package

Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.

The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>

cmd/snap-seccomp/main_test.go | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch 2/9] cmd/snap-seccomp: skip tests that fail on 4.19

It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

cmd/snap-seccomp/main_test.go | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 [patch 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

	multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
	cannot build multi-lib syscall runner: exit status 1
	In file included from /usr/include/errno.h:25,
			 from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
	/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
	 #  include <sys/cdefs.h>
		    ^~~~~~~~~~~~~
	compilation terminated.
	OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

cmd/snap/cmd_alias_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_connect_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_disconnect_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_info_test.go | 2 2 + 0 - 0 !
cmd/snap/cmd_interface_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_list_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_prefer_test.go | 1 1 + 0 - 0 !
cmd/snap/cmd_unalias_test.go | 1 1 + 0 - 0 !
8 files changed, 9 insertions(+)

 [patch 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

advisor/backend.go | 2 1 + 1 - 0 !
errtracker/errtracker.go | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 [patch 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

systemd/systemd.go | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 [patch 6/9] systemd: disable snapfuse system

Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

i18n/i18n.go | 97 6 + 91 - 0 !
i18n/i18n_test.go | 125 5 + 120 - 0 !
2 files changed, 11 insertions(+), 211 deletions(-)

 [patch 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>

cmd/snap-discard-ns/snap-discard-ns.rst | 2 1 + 1 - 0 !
cmd/snapd-env-generator/snapd-env-generator.rst | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---

interfaces/apparmor/backend.go | 38 0 + 38 - 0 !
interfaces/apparmor/backend_test.go | 80 1 + 79 - 0 !
interfaces/apparmor/export_test.go | 1 0 + 1 - 0 !
3 files changed, 1 insertion(+), 118 deletions(-)

---

cmd/libsnap-confine-private/apparmor-support.c | 32 20 + 12 - 0 !
cmd/libsnap-confine-private/tool.c | 13 10 + 3 - 0 !
cmd/libsnap-confine-private/utils-test.c | 32 32 + 0 - 0 !
cmd/libsnap-confine-private/utils.c | 13 13 + 0 - 0 !
cmd/libsnap-confine-private/utils.h | 6 6 + 0 - 0 !
cmd/snap-confine/mount-support-test.c | 41 41 + 0 - 0 !
cmd/snap-confine/mount-support.c | 122 94 + 28 - 0 !
cmd/snap-confine/snap-confine.apparmor.in | 15 13 + 2 - 0 !
interfaces/apparmor/apparmor.go | 11 0 + 11 - 0 !
interfaces/apparmor/apparmor_test.go | 16 0 + 16 - 0 !
interfaces/apparmor/backend.go | 170 166 + 4 - 0 !
interfaces/apparmor/backend_test.go | 34 21 + 13 - 0 !
interfaces/apparmor/spec.go | 68 34 + 34 - 0 !
interfaces/apparmor/spec_test.go | 248 124 + 124 - 0 !
interfaces/apparmor/template.go | 3 3 + 0 - 0 !
interfaces/backend.go | 6 6 + 0 - 0 !
interfaces/builtin/common_files.go | 3 2 + 1 - 0 !
interfaces/builtin/content.go | 39 25 + 14 - 0 !
interfaces/builtin/content_test.go | 543 287 + 256 - 0 !
interfaces/builtin/daemon_notify.go | 3 2 + 1 - 0 !
interfaces/ifacetest/backendtest.go | 8 8 + 0 - 0 !
interfaces/seccomp/backend_test.go | 2 1 + 1 - 0 !
overlord/devicestate/firstboot_test.go | 6 6 + 0 - 0 !
overlord/ifacestate/helpers.go | 34 33 + 1 - 0 !
overlord/managers_test.go | 6 6 + 0 - 0 !
packaging/ubuntu-16.04/tests/integrationtests | 3 3 + 0 - 0 !
sandbox/apparmor/apparmor.go | 13 13 + 0 - 0 !
sandbox/apparmor/apparmor_test.go | 16 16 + 0 - 0 !
snap/validate.go | 12 12 + 0 - 0 !
snap/validate_test.go | 34 34 + 0 - 0 !
spread.yaml | 4 4 + 0 - 0 !
tests/lib/state.sh | 6 6 + 0 - 0 !
tests/main/docker-smoke/task.yaml | 2 2 + 0 - 0 !
tests/main/snap-confine-tmp-mount/task.yaml | 59 59 + 0 - 0 !
tests/main/snap-confine-unexpected-path/task.yaml | 35 35 + 0 - 0 !
tests/main/snap-run-devmode-classic/task.yaml | 202 202 + 0 - 0 !
tests/nested/manual/core-seeding-devmode/task.yaml | 22 22 + 0 - 0 !
tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml | 220 220 + 0 - 0 !
tests/regression/lp-1949368/bad-layout/meta/snap.yaml | 5 5 + 0 - 0 !
tests/regression/lp-1949368/content-consumer/bin/sh | 3 3 + 0 - 0 !
tests/regression/lp-1949368/content-consumer/meta/snap.yaml | 12 12 + 0 - 0 !
tests/regression/lp-1949368/content-provider/meta/snap.yaml | 9 9 + 0 - 0 !
tests/regression/lp-1949368/task.yaml | 35 35 + 0 - 0 !
43 files changed, 1645 insertions(+), 521 deletions(-)

---

overlord/devicestate/firstboot_test.go | 9 8 + 1 - 0 !
overlord/managers_test.go | 21 19 + 2 - 0 !
overlord/snapstate/snapmgr.go | 118 118 + 0 - 0 !
overlord/snapstate/snapstate_config_defaults_test.go | 2 1 + 1 - 0 !
overlord/snapstate/snapstate_test.go | 244 241 + 3 - 0 !
tests/nested/manual/snapd-removes-vulnerable-snap-confine-revs/task.yaml | 110 110 + 0 - 0 !
6 files changed, 497 insertions(+), 7 deletions(-)

---

data/Makefile | 1 1 + 0 - 0 !
data/systemd-tmpfiles/Makefile | 31 31 + 0 - 0 !
data/systemd-tmpfiles/snapd.conf | 1 1 + 0 - 0 !
packaging/fedora/snapd.spec | 3 3 + 0 - 0 !
packaging/opensuse/snapd.spec | 3 3 + 0 - 0 !
5 files changed, 39 insertions(+)

 [patch 1/4] data: add systemd-tmpfiles configuration to create
 private tmp dir

Use systemd-tmpfiles to create the private tmp mount namespace root
dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive
permissions. We can use this as a known location to then create per-snap
private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE)
etc.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

cmd/snap-confine/mount-support-test.c | 40 0 + 40 - 0 !
cmd/snap-confine/mount-support.c | 168 64 + 104 - 0 !
cmd/snap-confine/snap-confine.apparmor.in | 8 5 + 3 - 0 !
cmd/snap-update-ns/system.go | 6 3 + 3 - 0 !
cmd/snap-update-ns/system_test.go | 8 4 + 4 - 0 !
interfaces/builtin/x11.go | 6 3 + 3 - 0 !
interfaces/builtin/x11_test.go | 4 2 + 2 - 0 !
tests/lib/reset.sh | 4 2 + 2 - 0 !
tests/main/cgroup-tracking/task.yaml | 6 3 + 3 - 0 !
tests/main/interfaces-x11-unix-socket/task.yaml | 2 1 + 1 - 0 !
tests/main/security-private-tmp/task.yaml | 2 1 + 1 - 0 !
tests/main/snap-confine-tmp-mount/task.yaml | 37 8 + 29 - 0 !
tests/main/snap-confine-undesired-mode-group/task.yaml | 6 3 + 3 - 0 !
13 files changed, 99 insertions(+), 198 deletions(-)

 [patch 2/4] many: use /tmp/snap-private-tmp for per-snap private tmps

To avoid unprivileged users being able to interfere with the creation of the
private snap mount namespace, instead of creating this as /tmp/snap.$SNAP_NAME/
we can now use the systemd-tmpfiles configuration to do this for us
at boot with a known fixed name (/tmp/snap-private-tmp/) and then use that as
the base dir for creating per-snap private tmp mount
namespaces (eg. /tmp/snap-private-tmp/snap.$SNAP_INSTANCE/tmp) etc.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

overlord/snapstate/snapmgr.go | 8 4 + 4 - 0 !
overlord/snapstate/snapstate_test.go | 12 6 + 6 - 0 !
2 files changed, 10 insertions(+), 10 deletions(-)

 [patch 4/4] overlord/snapmgr: bump vulnerable snap version check

This should ensure that any older versions of snapd that are vulnerable to this
new CVE-2022-3328 are uninstalled on upgrade to the fixed version.

Signed-off-by: Alex Murray <alex.murray@canonical.com>