Mailinglist Archive: opensuse-factory (914 mails)

< Previous Next >
Re: [opensuse-factory] snapd for openSUSE
Le vendredi 02 juin 2017 à 07:13 +0200, Simon Fels a écrit :
Hey everyone,

we're going to submit the snapd package to the openSUSE Factory
branch
soon. snapd is the central component of the snap ecosystem. See
https://snapcraft.io/ for more details about snap & snapd. The
package
is available through the system:snappy:snapd repository on OBS
(https://build.opensuse.org/package/show/system:snappy/snapd) for
quite
some time and went through various iterations.

There are a few things we need to solve before we can sent the
package
review request:

* Passing the security review on #9860501
(https://bugzilla.opensuse.org/show_bug.cgi?id=986050) to get the
snap-confine utility added to the setsuid whitelist in openSUSE.

  - There were a few things found in the security review of the
snap-confine code @zyga is currently working through and will push
PRs
to the upstream snap project real soon. We will backport those
changes
to the packaging tree in order to get them included as part of a
stable
snapd release.

 - Right now the package ships with an override for the setsuid bit
for
snap-confine until we have it hadded to the distro wide whitelist.
This
is a blocker for the merge into openSUSE Factory.

IIRC the snaps talk at osc'17 last week ( https://www.slideshare.net/zk
rynicki/snaps-on-open-suse/41), there are also some apparmor patches
(which have been sent to upstream) which are needed to have proper
security. Is it on your todo list ?
 
--
Frederic Crozat
Enterprise Desktop Release Manager
SUSE

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References