Public bug reported:
snappy in 16.04 used to compare /usr/share/snappy/security-policy-
version and /var/lib/snappy/security-policy-version on boot to see if
the apparmor package changed and therefore if it needed to regenerate
all snap policy. This functionality was recently removed with nothing
added to replace it.
snapd must have a means to detect changes to the parser or the
abstractions which the snap may #include, otherwise we cannot deliver
parser and policy fixes from apparmor to installed snaps. It is fine to
use a different method than what we had before, but we need to have
something.
** Affects: snappy
Importance: High
Status: New
** Affects: snapd (Ubuntu)
Importance: High
Status: New
** Changed in: snapd (Ubuntu)
Importance: Undecided => High
** Also affects: snappy
Importance: Undecided
Status: New
** Changed in: snappy
Importance: Undecided => High
** Description changed:
snappy in 16.04 used to compare /usr/share/snappy/security-policy-
version and /var/lib/snappy/security-policy-version on boot to see if
the apparmor package changed and therefore if it needed to regenerate
all snap policy. This functionality was recently removed with nothing
added to replace it.
snapd must have a means to detect changes to the parser or the
abstractions which the snap may #include, otherwise we cannot deliver
- parser and policy fixes from apparmor to installed snaps.
+ parser and policy fixes from apparmor to installed snaps. It is fine to
+ use a different method than what we had before, but we need to have
+ something.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569581
Title:
snapd no longer detects apparmor changes on upgrade
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1569581/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
