** Also affects: snap-confine (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: snap-confine (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: snap-confine (Ubuntu)
       Status: New => Fix Released

** Changed in: snap-confine (Ubuntu Xenial)
       Status: New => In Progress

You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs

  Add support for capability-based permissions

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  In Progress

Bug description:

  snap-confine relies on being a setuid root executable to perform
  privileged operations. This bug is about using linux capabilities
  stored in extended filesysystem attributes. The patch was essentially
  moved from the Fedora package where it was crated to the mainline
  branch. It consists of a build-time decision that does the required
  build system changes.

  [Test Case]

  snap-confine can be used as a non-setuid root executable (e.g. using
  the current code in the fedora package from which this patch

  [Regression Potential]

  This change does not affect the Ubuntu package.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see

  == # Pre-SRU bug description follows # ==

  Fedora has moved away from setuid executables and instead relies on
  extended attributes to grant additional permissions to applications
  that require this.

  The 1.0.39 release has been patched in Fedora to use CAP_SYS_ADMIN
  instead of the setuid bit without (so far) any adverse effects. This
  patch should be a compile-time option.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to