lp://qastaging/~mvo/snap-confine/environment-file
- Get this branch:
- bzr branch lp://qastaging/~mvo/snap-confine/environment-file
Branch merges
- Zygmunt Krynicki: Needs Fixing
-
Diff: 203 lines (+147/-0)6 files modifieddebian/usr.bin.ubuntu-core-launcher (+3/-0)
src/environment.c (+85/-0)
src/environment.h (+23/-0)
src/main.c (+4/-0)
tests/common.sh (+4/-0)
tests/test_environment (+28/-0)
Branch information
Recent revisions
- 135. By Jamie Strandboge
-
debian/
usr.bin. ubuntu- core-launcher: add workaround rules for ecryptfs
until the upcoming kernel fix lands everywhere (LP: #1574556) - 134. By Jamie Strandboge
-
* SECURITY UPDATE: delayed attack snap data theft and privilege escalation
when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
- src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
instead. The glob code both used an improper glob and performed an
incorrect check due to a typo which allowed a snap named ubuntu-core-...
to be bind mounted into application runtimes instead of the ubuntu-core
OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
so the glob can simply be dropped.
- CVE-2016-1580
* debian/usr.bin. ubuntu- core-launcher:
- only allow mounting /snap/ubuntu-core/*/ ... to safeguard against this in
the future
- add lib32 and libx32 to match setup_snappy_os_mounts( ) - 132. By Jamie Strandboge
-
- make whitelist_re strictly follow the 16.04 specification and adjust
testsuite accordingly - 131. By Jamie Strandboge
-
src/main.c: don't prepend snap. or snap_ since snapd is doing that for us
now (LP: #1571048)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/~snappy-dev/snap-confine/trunk