mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
2d78693a5b
* sandbox/apparmor: don't let vendored apparmor conflict with system Don't enable the vendored apparmor if the system installed apparmor will try and load policy that would be generated by the vendored apparmor and hence may conflict with that by using newer features not supported by the system installed apparmor (LP: 2024637) Signed-off-by: Alex Murray <alex.murray@canonical.com> * apparmor: add unit testing for SystemAppArmorLoadsSnapPolicy() * tests: add test that checks regression in lp-2024637 * apparmor: only log non ENOENT errors in systemAppArmorLoadsSnapPolicy * tests: fix snapd-snap test on 14.04-18.04 This commit will skip apparmor vendor testing if /lib/apparmor/functions still references /var/lib/snapd/apparmor/. See LP:2024637 * tests: fix typo in snapd-snap test Signed-off-by: Alex Murray <alex.murray@canonical.com> * i/apparmor: allow read of /lib/apparmor/functions in snap-update-ns Snapd at startup will inspect this file now to ensure that the vendored apparmor can be used. So the snap-update-ns profile also needs to get updated as this happens during an early init(). --------- Signed-off-by: Alex Murray <alex.murray@canonical.com> Co-authored-by: Michael Vogt <mvo@ubuntu.com>