snapd (2.65.1+22.04) jammy; urgency=medium
* New upstream release, LP: #2077473
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to latest 4.0.2 release
- AppArmor: enable using ABI 4.0 from host parser
- AppArmor: fix parser lookup
- AppArmor: support AppArmor snippet priorities
- AppArmor: allow reading cgroup memory.max file
- AppArmor: allow using snap-exec coming from the snapd snap when
starting a confined process with jailmode
- AppArmor prompting (experimental): add checks for prompting
support, include prompting status in system key, and restart snapd
if prompting flag changes
- AppArmor prompting (experimental): include prompt prefix in
AppArmor rules if prompting is supported and enabled
- AppArmor prompting (experimental): add common types, constraints,
and mappings from AppArmor permissions to abstract permissions
- AppArmor prompting (experimental): add path pattern parsing and
matching
- AppArmor prompting (experimental): add path pattern precedence
based on specificity
- AppArmor prompting (experimental): add packages to manage
outstanding request prompts and rules
- AppArmor prompting (experimental): add prompting API and notice
types, which require snap-interfaces-requests-control interface
- AppArmor prompting (experimental): feature flag can only be
enabled if prompting is supported, handler service connected, and
the service can be started
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views and
setting/unsetting registry data using snapctl
- Registry views (experimental): fetch and refresh registry
assertions as needed
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store
- Snap components: support removing components individually and
during snap removal
- Snap components: support kernel modules as components
- Snap components: support for component install, pre-refresh and
post-refresh hooks
- Snap components: initial support for building systems that contain
components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Improve snap-confine compatibility with nvidia drivers
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Allow mixing revision and channel on snap install
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug API command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Add options system.coredump.enable and system.coredump.maxuse to
support using systemd-coredump on Ubuntu Core
- Provide documentation URL for 'snap interface '
- Fix snapd riscv64 build
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop se
|