Change logs for ubuntu-core-launcher source package in Xenial

  • ubuntu-core-launcher (1.0.27.1) xenial-security; urgency=medium
    
      * SECURITY UPDATE: delayed attack snap data theft and privilege escalation
        when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
        - src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
          instead. The glob code both used an improper glob and performed an
          incorrect check due to a typo which allowed a snap named ubuntu-core-...
          to be bind mounted into application runtimes instead of the ubuntu-core
          OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
          so the glob can simply be dropped.
        - CVE-2016-1580
      * debian/usr.bin.ubuntu-core-launcher:
        - only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
          the future
        - add lib32 and libx32 to match setup_snappy_os_mounts()
    
     -- Jamie Strandboge <email address hidden>  Fri, 29 Apr 2016 10:06:19 -0500
  • ubuntu-core-launcher (1.0.27) xenial; urgency=medium
    
      * src/main.c:
        - don't prepend snap. or snap_ since snapd is doing that for us now
          (LP: #1571048)
        - make whitelist_re strictly follow the 16.04 specification and adjust
          testsuite accordingly
      * debian/usr.bin.ubuntu-core-launcher: add locale and gconv reads for tr
    
    ubuntu-core-launcher (1.0.26) xenial; urgency=medium
    
      * src/main.c: allow caps in appname (LP: #1570914)
    
     -- Jamie Strandboge <email address hidden>  Fri, 15 Apr 2016 15:22:05 -0500
  • ubuntu-core-launcher (1.0.25.1) xenial; urgency=medium
    
      * check for both src and dst mount points when doing the
        ubuntu-core overlay mounts (LP: #1570712)
    
     -- Michael Vogt <email address hidden>  Fri, 15 Apr 2016 08:43:03 +0200
  • ubuntu-core-launcher (1.0.25) xenial; urgency=medium
    
      * update cgroup handling for 16.04 (LP: #1564401):
        - debian/usr.bin.ubuntu-core-launcher:
          + allow creating cgroups with snap.*
          + allow ixr of 'tr'
          + remove access to /var/lib/apparmor/clicks/
        - update README to more fully explain the cgroups implementation
        - src/80-snappy-assign.rules: append an app-specific tag instead of
          adding a generic tag and snap-specific property
        - src/snappy-app-dev: convert the new tag to the directory name
        - src/main.c:
          + refactor and simplify control flow to query udev for device assignment
            instead of searching apparmor policy for a specific string
          + adjust udev query for app-specific tag
          + raise real_uid after fork() before calling /lib/udev/snappy-app-dev
            so non-root app launches work with the device cgroup
    
    ubuntu-core-launcher (1.0.24) xenial; urgency=medium
    
      [ Michael Vogt ]
      * ignore non-existing dirs when doing the overlay mount
      * add /lib32, /libx32 to the overlay mounts
    
      [ Jamie Strandboge ]
      * add back the use of /usr from the ubuntu-core snap instead of the host
        system (LP: #1570581)
      * implement @complain as a synonym for @unrestricted since snappy will use
        @complain to toggle developer mode. This allows snaps to work in developer
        mode while seccomp logging is being developed (LP: #1570578)
    
     -- Jamie Strandboge <email address hidden>  Thu, 14 Apr 2016 18:05:57 -0500
  • ubuntu-core-launcher (1.0.24) xenial; urgency=medium
    
      [ Michael Vogt ]
      * ignore non-existing dirs when doing the overlay mount
      * add /lib32, /libx32 to the overlay mounts
    
      [ Jamie Strandboge ]
      * add back the use of /usr from the ubuntu-core snap instead of the host
        system (LP: #1570581)
      * implement @complain as a synonym for @unrestricted since snappy will use
        @complain to toggle developer mode. This allows snaps to work in developer
        mode while seccomp logging is being developed (LP: #1570578)
    
     -- Jamie Strandboge <email address hidden>  Thu, 14 Apr 2016 15:51:20 -0500
  • ubuntu-core-launcher (1.0.23) xenial; urgency=medium
    
      [ Jamie Strandboge ]
      * update README for devpts
      * add README.syscalls
      * src/seccomp.c: various cleanups from security team audit (also add
        additional tests)
      * don't support obsoleted SNAP_APP_TMPDIR and SNAP_APP_USER_DATA_PATH
      * preprocess the seccomp file for '@' directives
    
      [ Michael Vogt ]
      * update paths /snaps -> /snap
      * update seccomp dir to /var/lib/snapd/seccomp/profiles/
    
     -- Michael Vogt <email address hidden>  Tue, 12 Apr 2016 01:10:11 +0200
  • ubuntu-core-launcher (1.0.22) xenial; urgency=medium
    
      * debian/usr.bin.ubuntu-core-launcher: update unconfined change_profile
        checks to actually work (LP: #1562989)
    
    ubuntu-core-launcher (1.0.21) xenial; urgency=medium
    
      * src/main.c: setup private /dev/pts
      * debian/usr.bin.ubuntu-core-launcher: allow mounting /dev/pts
      * enforce coding style:
        - add syntax-check and fmt Makefile targets
        - use 'indent -linux'
        - debian/control: Build-Depends on indent
    
     -- Jamie Strandboge <email address hidden>  Mon, 28 Mar 2016 10:42:57 -0500
  • ubuntu-core-launcher (1.0.20) xenial; urgency=medium
    
      * don't set NO_NEW_PRIVS. This requires changing privilege dropping since
        CAP_SYS_ADMIN is needed with seccomp_load(). This means temporarily
        dropping until seccomp_load(), then raising before and permanently
        dropping after the filter is applied. As a result, setuid/setgid is
        required in all policy (but is still mediated by AppArmor)
        - LP: #1560211
    
     -- Jamie Strandboge <email address hidden>  Mon, 21 Mar 2016 15:24:33 -0500
  • ubuntu-core-launcher (1.0.19) xenial; urgency=medium
    
      [Michael Vogt]
      * remove obsolete prefix check
    
      [ Jamie Strandboge ]
      * src/main.c: don't set the obsoleted SNAPP_APP_TMPDIR (LP: #1550405)
    
     -- Michael Vogt <email address hidden>  Wed, 09 Mar 2016 08:41:47 +0100
  • ubuntu-core-launcher (1.0.18) xenial; urgency=medium
    
      * re-enable running all tests on `make`
    
     -- Michael Vogt <email address hidden>  Thu, 25 Feb 2016 16:01:51 +0100
  • ubuntu-core-launcher (1.0.17) xenial; urgency=medium
    
      * debian/usr.bin.ubuntu-core-launcher: add directory reads needed for
        creating directories for SNAP_USER_DATA. Also add accesses for shared
        memory directories for when they are supported. (LP: #1545786)
    
     -- Jamie Strandboge <email address hidden>  Tue, 16 Feb 2016 11:34:35 -0600
  • ubuntu-core-launcher (1.0.16) xenial; urgency=medium
    
      [ Kyle Fazzari ]
      * Add creation of user data directory. Previously this was only handled
        within Snappy's binary wrappers, which meant that it wasn't created for
        services. (LP: #1527612)
    
     -- Jamie Strandboge <email address hidden>  Wed, 10 Feb 2016 11:35:29 -0600
  • ubuntu-core-launcher (1.0.15) xenial; urgency=medium
    
      * fully transition to /snaps as the snap location
    
     -- Michael Vogt <email address hidden>  Tue, 26 Jan 2016 16:06:10 +0100
  • ubuntu-core-launcher (1.0.14) xenial; urgency=medium
    
      * remove unused is_mountpoint() function (thanks Tyler!)
      * do the mount namespace and MS_REC/MS_SLAVE earlier to
        avoid that the real /tmp is bind mounted in the main
        mount namespace (this will also prevent automount daemons
        from running under the ubuntu-core-launcher)
    
     -- Michael Vogt <email address hidden>  Thu, 03 Dec 2015 08:12:30 +0100
  • ubuntu-core-launcher (1.0.13) xenial; urgency=medium
    
      * fix build failure on 32 bit arches
    
     -- Michael Vogt <email address hidden>  Tue, 01 Dec 2015 16:41:20 +0100
  • ubuntu-core-launcher (1.0.12) xenial; urgency=medium
    
      * update usr.bin.ubuntu-core-launcher apparmor profile
        for classic environment changes
    
     -- Michael Vogt <email address hidden>  Tue, 01 Dec 2015 15:28:00 +0100
  • ubuntu-core-launcher (1.0.11) xenial; urgency=medium
    
      * fix running in classic environment
    
     -- Michael Vogt <email address hidden>  Mon, 30 Nov 2015 16:56:48 +0100
  • ubuntu-core-launcher (1.0.10) xenial; urgency=medium
    
      * debian/usr.bin.ubuntu-core-launcher:
        - use attach_disconnected (LP: #1471862)
        - also allow 'mr' for /lib/@{multiarch}/ld-*.so
    
     -- Jamie Strandboge <email address hidden>  Tue, 27 Oct 2015 08:24:00 -0500
  • ubuntu-core-launcher (1.0.9) wily; urgency=medium
    
      * debian/usr.bin.ubuntu-core-launcher: add rw for /dev/null, /dev/full and
        /dev/zero
    
     -- Jamie Strandboge <email address hidden>  Wed, 19 Aug 2015 08:16:53 -0500