mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
d0f5e9c411
8537ba5b28for PR 7779 added read-only access to /run/uuidd/request to the snap-update-ns profile. This was meant to be added to the default template, so in PR 8232 in commit2049f2c824, the read-only access was added to the default template. This access was not enough since libuuid actually must also write the UUID_OP_* value before reading from the socket. Remove the unnecessary access from snap-update-ns (which should pose no regression risk since the rule was only for read-only and thus ineffective) and add 'w' to the access in the default template. Also remove the now unneeded apparmor rule from openvswitch-support. References: https://forum.snapcraft.io/t/uuidd-apparmor-denial/160138537ba5b282049f2c824https://launchpad.net/bugs/1867571 https://github.com/karelzak/util-linux/blob/master/libuuid/src/uuidd.h#L43-L49 https://github.com/karelzak/util-linux/blob/master/libuuid/src/gen_uuid.c#L371
44 lines
1.3 KiB
Go
44 lines
1.3 KiB
Go
// -*- Mode: Go; indent-tabs-mode: t -*-
|
|
|
|
/*
|
|
* Copyright (C) 2016 Canonical Ltd
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 3 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
package builtin
|
|
|
|
const openvswitchSupportSummary = `allows operating as the openvswitch service`
|
|
|
|
const openvswitchSupportBaseDeclarationSlots = `
|
|
openvswitch-support:
|
|
allow-installation:
|
|
slot-snap-type:
|
|
- core
|
|
deny-auto-connection: true
|
|
`
|
|
|
|
var openvswitchSupportConnectedPlugKmod = []string{`openvswitch`}
|
|
|
|
func init() {
|
|
registerIface(&commonInterface{
|
|
name: "openvswitch-support",
|
|
summary: openvswitchSupportSummary,
|
|
implicitOnCore: true,
|
|
implicitOnClassic: true,
|
|
baseDeclarationSlots: openvswitchSupportBaseDeclarationSlots,
|
|
connectedPlugKModModules: openvswitchSupportConnectedPlugKmod,
|
|
})
|
|
}
|