Merge lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 into lp://qastaging/~snappy-dev/snap-confine/trunk
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 125 | ||||
Proposed branch: | lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 | ||||
Merge into: | lp://qastaging/~snappy-dev/snap-confine/trunk | ||||
Diff against target: |
437 lines (+181/-109) 6 files modified
README (+26/-3) debian/changelog (+21/-0) debian/usr.bin.ubuntu-core-launcher (+4/-6) src/80-snappy-assign.rules (+1/-1) src/main.c (+127/-98) src/snappy-app-dev (+2/-1) |
||||
To merge this branch: | bzr merge lp://qastaging/~jdstrand/snap-confine/fix-udev-for-1604 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tyler Hicks (community) | Needs Fixing | ||
Review via email: mp+291028@code.qastaging.launchpad.net |
Description of the change
* update cgroup handling for 16.04 (LP: #1564401):
- debian/
+ allow creating cgroups with snap.*
+ allow ixr of 'tr'
+ remove access to /var/lib/
- update README to more fully explain the cgroups implementation
- src/80-
adding a generic tag and snap-specific property
- src/snappy-app-dev: convert the new tag to the directory name
- src/main.c:
+ refactor and simplify control flow to query udev for device assignment
instead of searching apparmor policy for a specific string
+ adjust udev query for app-specific tag
+ raise real_uid after fork() before calling /lib/udev/
so non-root app launches work with the device cgroup
Thanks Leo, pushed in r123.