Releases: canonical/snapd
Releases · canonical/snapd
New release 2.59.1
New in snapd 2.59.1:
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
For completeness the changes for 2.59 are also included. This
version had a bug in the refresh code so it was never released
beyond the beta version.
New in snapd 2.59:
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list - Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of the
snap when all apps are closed - New microovn interface
- Support uboot with
CONFIG_SYS_REDUNDAND_ENV=n - Make "snap-preseed --reset" re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
SNAPD_CLIENT_DEBUG_HTTP
environment variable - Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into the image,
including in the kernel initrd, to fetch supported assertion formats
New bugfix release 2.58.3
New bugfix release:
- interfaces/screen-inhibit-control: Add support for xfce-power- manager
- interfaces/network-manager: do not show ptrace read denials
- interfaces: relax rules for mount-control
whatfor functionfs - cmd/snap-bootstrap: add support for snapd_system_disk
- interfaces/modem-manager: add net_admin capability
- interfaces/network-manager: add permission for OpenVPN
- httputil: fix checking x509 certification error on go 1.20
- i/b/fwupd: allow reading host os-release
- boot: on classic+modes
MarkBootSuccessfulldoes not need a base - boot: do not include
base=in modeenv for classic+modes installs - tests: add spread test that validates revert on boot for core does not happen on classic+modes
- snapstate: only take boot participants into account in UpdateBootRevisions
- snapstate: refactor UpdateBootRevisions() to make it easier to check for boot.SnapTypeParticipatesInBoot()
New bugfix release 2.58.2
New upstream release:
- bootloader: fix dirty build by hardcoding copyright year
New bugfix release 2.58.1
New upstream release, LP: #1998462
- secboot: detect lockout mode in CheckTPMKeySealingSupported
- cmd/snap-update-ns: prevent keeping unneeded mountpoints
- o/snapstate: do not infinitely retry when an update fails during
seeding - interfaces/modem-manager: add permissions for NETLINK_ROUTE
- systemd/emulation.go: use
systemctl --rootto enable/disable - snap: provide more error context in
NotSnapError - interfaces: add read access to /run for cryptsetup
- boot: avoid reboot loop if there is a bad try kernel
- devicestate: retry serial acquire on time based certificate
errors - o/devicestate: run systemctl daemon-reload after install-device
hook - cmd/snap,daemon: add 'held' to notes in 'snap list'
- o/snapshotstate: check snapshots are self-contained on import
- cmd/snap: show user+gating hold info in 'snap info'
- daemon: expose user and gating holds at /v2/snaps/{name}
New major release 2.58
New major 2.58 release.
Security release 2.57.6
New security update release
Please ensure to update - this fixes CVE 2022-3328
New bugfix release 2.57.5
Fixes
- image: clean snapd mount after preseeding
- wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces
- cmd/snap,daemon: allow zero values from client to daemon fo journal rate-limit
- interfaces: steam-support allow pivot /run/media and /etc/nvidia mount
- o/ifacestate: introduce DebugAutoConnectCheck hook
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- autopkgtests: fix running autopkgtest on kinetic
- interfaces: add microceph interface
- interfaces: steam-support allow additional mounts
- many: add stub services
- interfaces: add kconfig paths to system-observe
- i/b/system_observe: honour root dir when checking for /boot/config-*
- interfaces: grant access to speech-dispatcher socket
- interfaces: rework logic of unclashMountEntries
New bugfix release 2.57.4
New snapd release 2.57.4
- release, snapd-apparmor: fixed outdated WSL detection
- overlord/ifacestate: fix conflict detection of auto-connection
- overlord: run install-device hook during factory reset
- image/preseed/preseed_linux: add missing new line
- boot: add factory-reset cases for boot-flags.
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control - interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with
DefaultDependencies=no - snapdenv: added wsl to userAgent
- tests: fix restore section for persistent-journal-namespace
- i/b/mount-control: add optional
/to umount rules - cmd/snap-bootstrap: changes to be able to boot classic rootfs
- cmd/snap-bootstrap: add CVM mode
New bugfix release 2.57.3
Bugfixes:
- wrappers: journal namespaces did not honor journal.persistent
- snap/quota,wrappers: allow using 0 values for the journal rate to override the system default values
- multiple: clear up naming convention for cpu-set quota
- i/b/mount-control: allow custom filesystem types
- i/b/system-observe: allow reading processes security label
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- asserts,boot,secboot: switch to a secboot version measuring classic
New bugfix release 2.57.2
New bugfix release:
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service - tests: check snap download with snapcraft v7+ export-login auth
data - store/tooling: support using snapcraft v7+ base64-encoded auth
data - many: progress bars should use the overridable stdouts
- many: refactor store code to be able to use simpler form of auth
creds - snap,store: drop support/consideration for anonymous download urls
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- overlord: track security profiles for non-active snaps