Skip to content

Commit

Permalink
Revert "snapcraft.yaml: enable unconfined mode in lxd-support interface"
Browse files Browse the repository at this point in the history
This reverts commit 2f0fcab.

There are currently multiple issues with landing this change:

 * The snap store is not allowing uploads of snaps using this plug. See https://git.launchpad.net/review-tools/commit/reviewtools/sr_common.py?id=08e83bf8d0b36eb8ff82ae74e774f00d56493d5f
 * The Ubuntu kernel and/or the apparmor parser in Noble has a bug that is incorrectly confining LXD rather than providing unconfinement. See https://bugs.launchpad.net/apparmor/+bug/2067900

There are currently various proposals on the table on how to resolve this, but with no clear timeline.

Once it is resolved we can try and land this again.

Signed-off-by: Thomas Parrott <[email protected]>
  • Loading branch information
tomponline committed Jul 2, 2024
1 parent fc5284c commit 8d0c9a4
Showing 1 changed file with 16 additions and 19 deletions.
35 changes: 16 additions & 19 deletions snapcraft.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: lxd
base: core24
assumes:
- snapd2.62
- snapd2.39
version: git
grade: devel
summary: LXD - container and VM manager
Expand Down Expand Up @@ -71,17 +71,14 @@ plugs:
ovn-chassis:
interface: content
target: "$SNAP_DATA/microovn/chassis"
lxd-support-with-unconfined-mode:
interface: lxd-support
enable-unconfined-mode: true

apps:
# Main commands
activate:
command: commands/daemon.activate
daemon: oneshot
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe

daemon:
Expand All @@ -94,7 +91,7 @@ apps:
slots:
- lxd
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- network-bind
- system-observe
sockets:
Expand All @@ -108,7 +105,7 @@ apps:
restart-condition: on-failure
daemon: simple
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- network-bind
- system-observe
sockets:
Expand All @@ -120,60 +117,60 @@ apps:
command: commands/lxc
completer: etc/bash_completion.d/snap.lxd.lxc
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe

lxd:
command: commands/lxd
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe

# Sub-commands
buginfo:
command: commands/buginfo
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
check-kernel:
command: commands/lxd-check-kernel
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe

hooks:
connect-plug-ceph-conf:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
disconnect-plug-ceph-conf:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
connect-plug-ovn-certificates:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
disconnect-plug-ovn-certificates:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
connect-plug-ovn-chassis:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
disconnect-plug-ovn-chassis:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe
configure:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- network
- system-observe
remove:
plugs:
- lxd-support-with-unconfined-mode
- lxd-support
- system-observe

parts:
Expand Down

0 comments on commit 8d0c9a4

Please sign in to comment.