snapd

New snapd release 2.57.4

• release, snapd-apparmor: fixed outdated WSL detection
• overlord/ifacestate: fix conflict detection of auto-connection
• overlord: run install-device hook during factory reset
• image/preseed/preseed_linux: add missing new line
• boot: add factory-reset cases for boot-flags.
• interfaces: added read/write access to /proc/self/coredump_filter
  for process-control
• interfaces: add read access to /proc/cgroups and
  /proc/sys/vm/swappiness to system-observe
• fde: run fde-reveal-key with DefaultDependencies=no
• snapdenv: added wsl to userAgent
• tests: fix restore section for persistent-journal-namespace
• i/b/mount-control: add optional / to umount rules
• cmd/snap-bootstrap: changes to be able to boot classic rootfs
• cmd/snap-bootstrap: add CVM mode

Bugfixes:

• wrappers: journal namespaces did not honor journal.persistent
• snap/quota,wrappers: allow using 0 values for the journal rate to override the system default values
• multiple: clear up naming convention for cpu-set quota
• i/b/mount-control: allow custom filesystem types
• i/b/system-observe: allow reading processes security label
• sandbox/cgroup: don't check V1 cgroup if V2 is active
• asserts,boot,secboot: switch to a secboot version measuring classic

New bugfix release:

• store/tooling,tests: support UBUNTU_STORE_URL override env var
• packaging/*/tests/integrationtests: reload ssh.service, not
  sshd.service
• tests: check snap download with snapcraft v7+ export-login auth
  data
• store/tooling: support using snapcraft v7+ base64-encoded auth
  data
• many: progress bars should use the overridable stdouts
• many: refactor store code to be able to use simpler form of auth
  creds
• snap,store: drop support/consideration for anonymous download urls
• data: include snapd/mounts in preseeded blob
• many: Set SNAPD_APPARMOR_REEXEC=1
• overlord: track security profiles for non-active snaps

Bugfixes:

• cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
• snap-confine: disable -Werror=array-bounds in __overflow tests to fix build error on Ubuntu 22.10
• systemd: add WantedBy=default.target to snap mount units (LP: #1983528)

New major release of snapd. Highlights:

• authority delegation
• journal quota support
• bugfixes

Bugfixes:

• devicestate: add more path to fixupWritableDefaultDirs()
• many: introduce IsUndo flag in LinkContext
• i/apparmor: allow calling which.debianutils
• interfaces: update AppArmor template to allow reading snap's
  memory statistics
• interfaces: add memory stats to system_observe
• i/b/{mount,system}-observe: extend access for htop
• features: disable refresh-app-awarness by default again
• image: fix handling of var/lib/extrausers when preseeding
  uc20
• interfaces/modem-manager: Don't generate DBus policy for plugs
• interfaces/modem-manager: Only generate DBus plug policy on
  Core
• interfaces/serial_port_test: fix static-checks errors
• interfaces/serial-port: add USB gadget serial devices (ttyGSX) to
  allowed list
• interface/serial_port_test: adjust variable IDs

New snapd release 2.56.2

• o/snapstate: exclude services from refresh app awareness hard
  running check
• cmd/snap: support custom apparmor features dir with snap
  prepare-image

New snapd release 2.56.1

Highlights:

• gadget/install: do not assume dm device has same block size as
  disk
• gadget: check also mbr type when testing for implicit data
  partition
• interfaces: update network-control interface with permissions
  required by resolvectl
• interfaces/builtin: remove the name=org.freedesktop.DBus
  restriction in cups-control AppArmor rules
• many: print valid/invalid status on snap validate --monitor ...
• o/snapstate: fix validation sets restoring and snap revert on
  failed refresh
• interfaces/opengl: update allowed PCI accesses for RPi
• interfaces/shared-memory: Update AppArmor permissions for
  mmap+linkpaths

New major release 2.56

New bugfix release:

• snapstate: do not auto-migrate to ~/Snap for core22 just yet
• cmd/snap-seccomp: add copy_file_range to
  syscallsWithNegArgsMaskHi32
• cmd/snap-update-ns: correctly set sticky bit on created
  directories where applicable
• .github: Skip misspell and ineffassign on go 1.13
• tests: add lz4 dependency for jammy to avoid issues repacking
  kernel
• interfaces: posix-mq: add new interface

New snapd release 2.55.4

• tests: do not run mount-order-regression test on i386
• c/snap-seccomp: update syscalls
• o/snapstate: overwrite ~/.snap subdir when migrating
• o/assertstate: fix handling of validation set tracking update in
  enforcing mode
• packaging: restart our units only after the upgrade
• interfaces: add a steam-support interface
• features: enable refresh-app-awareness by default
• i/b/custom_device: fix generation of udev rules
• interfaces/system-packages-doc: allow read-only access to
  /usr/share/gtk-doc
• interfaces/system-packages-doc: allow read-only access to
  /usr/share/xubuntu-docs
• interfaces/builtin/network-control: also allow for mstp and bchat
  devices too
• interfaces/builtin: update apparmor profile to allow creating
  mimic over /usr/share
• data/selinux: allow snap-update-ns to mount on top of /var/snap
  inside the mount ns
• interfaces/cpu-control: fix apparmor rules of paths with CPU ID

New bugfix release

What's Changed

• release: 2.54 by @mvo5 in https://github.com/snapcore/snapd/pull/11185
• build-aux: detect/fix dirty git revisions while snapcraft building by @mvo5 in https://github.com/snapcore/snapd/pull/11188
• tests: tidy up the top-level of ubuntu-seed during tests by @pedronis in https://github.com/snapcore/snapd/pull/11186
• release: 2.54.1 by @mvo5 in https://github.com/snapcore/snapd/pull/11191
• tests: fixed an issue with retrieval of the squashfuse repo by @are-scenic in https://github.com/snapcore/snapd/pull/11183
• cmd/snap-device-helper: fix variable name typo in the unit tests by @bboozzoo in https://github.com/snapcore/snapd/pull/11193
• packaging: Update openSUSE spec file with apparmor-parser and datadir for fish by @skriesch in https://github.com/snapcore/snapd/pull/11192
• i/b/mount-control: support creating tmpfs mounts by @mardy in https://github.com/snapcore/snapd/pull/11190
• gadget: do not crash if gadget.yaml has an empty Volumes section by @mvo5 in https://github.com/snapcore/snapd/pull/11182
• data/selinux: allow poking /proc/xen by @bboozzoo in https://github.com/snapcore/snapd/pull/11194
• tests: fix remodel-kernel test when running on external devices by @mvo5 in https://github.com/snapcore/snapd/pull/11195
• tests/core/failover: replace boot-state with snap debug boot-vars by @bboozzoo in https://github.com/snapcore/snapd/pull/11196
• tests/lib/tools/tests.invariant: add invariant for detecting broken snaps by @anonymouse64 in https://github.com/snapcore/snapd/pull/11163
• build-aux/snap/snapcraft.yaml: use build-packages, don't fail dirty builds by @anonymouse64 in https://github.com/snapcore/snapd/pull/11197
• tests/nested/manual/core20-to-core22: wait for device to be initialized before starting a remodel by @bboozzoo in https://github.com/snapcore/snapd/pull/11203
• tests/lib/tools/tests.invariant: simplify check by @anonymouse64 in https://github.com/snapcore/snapd/pull/11204
• packaging, bloader, github: restore cleanliness of snapd info file; check in GA workflow by @anonymouse64 in https://github.com/snapcore/snapd/pull/11211
• tests: do not test microk8s-smoke on arm by @mvo5 in https://github.com/snapcore/snapd/pull/11213
• tests: ensure that test-snapd-kernel-module-load is removed by @mvo5 in https://github.com/snapcore/snapd/pull/11215
• tests: exclude interfaces-kernel-module load on arm by @mvo5 in https://github.com/snapcore/snapd/pull/11214
• gadget/install/partition.go: wait for udev settle when creating partitions too by @anonymouse64 in https://github.com/snapcore/snapd/pull/11127
• interfaces: add a polkit interface by @jhenstridge in https://github.com/snapcore/snapd/pull/10219
• overlord: fix issue with concurrent execution of two snapd processes by @mardy in https://github.com/snapcore/snapd/pull/11146
• packaging: merge 2.54.2 changelog back to master by @anonymouse64 in https://github.com/snapcore/snapd/pull/11217
• tests: fix testing in trusty qemu by @mvo5 in https://github.com/snapcore/snapd/pull/11212
• tests: do not run k8s smoke test on 32 bit systems by @mvo5 in https://github.com/snapcore/snapd/pull/11222
• tests: fix fwupd interface test in debian sid by @mardy in https://github.com/snapcore/snapd/pull/11225
• cmd/snap, cmd/snap-confine: extend manpage, update links by @bboozzoo in https://github.com/snapcore/snapd/pull/11224
• data/env: treat XDG_DATA_DIRS like PATH for fish by @jduchateau in https://github.com/snapcore/snapd/pull/11221
• usersession: implement method to close notifications via usersession REST API by @stolowski in https://github.com/snapcore/snapd/pull/11066
• cmd: support installing multiple local snaps by @MiguelPires in https://github.com/snapcore/snapd/pull/11201
• tests/lib/uc20-create-partitions/main.go: setup a logger for messages by @anonymouse64 in https://github.com/snapcore/snapd/pull/11219
• tests: re-enable kernel-module-load tests on arm by @mardy in https://github.com/snapcore/snapd/pull/11223
• gadget: allow gadget struct with unspecified filesystem to match part with fs by @anonymouse64 in https://github.com/snapcore/snapd/pull/11207
• cmd/snap/quota: fix typo in the help message by @anonymouse64 in https://github.com/snapcore/snapd/pull/11238
• spread.yaml: add debian-{10,11}, drop debian-9 by @mvo5 in https://github.com/snapcore/snapd/pull/11227
• HACKING.md: add dbus-x11 to packages needed to run unit tests by @anonymouse64 in https://github.com/snapcore/snapd/pull/11237
• tests: workaround missing bluez snap by @mardy in https://github.com/snapcore/snapd/pull/11226
• gadget: resolve index ambiguity between OnDiskStructure and LaidOutStructure by @anonymouse64 in https://github.com/snapcore/snapd/pull/11234
• cmd/snap, daemon: add debug command for getting OnDiskVolume dump by @anonymouse64 in https://github.com/snapcore/snapd/pull/11229
• tests/lib/prepare-restore: use go install rather than go get by @bboozzoo in https://github.com/snapcore/snapd/pull/11239
• tests: ubuntu-image 2.0 compatibility fixes by @bboozzoo in https://github.com/snapcore/snapd/pull/11073
• tests: fix parallel-install-basic on external UC16 devices by @mvo5 in https://github.com/snapcore/snapd/pull/11240
• tests: fix tests/core/create-user on testflinger pi3 by @mvo5 in https://github.com/snapcore/snapd/pull/11246
• cmd/snap: rm unnecessary validation by @MiguelPires in https://github.com/snapcore/snapd/pull/11249
• tests/main/snap-info: use yaml.safe_load rather than yaml.load by @bboozzoo in https://github.com/snapcore/snapd/pull/11243
• cmd/snap: setup tracking cgroup when invoking a service directly as a user by @bboozzoo in https://github.com/snapcore/snapd/pull/11231
• interfaces: allow access to new at-spi socket location in desktop-legacy by @jhenstridge in https://github.com/snapcore/snapd/pull/11208
• spread-shellcheck: use safe_load rather than load with a loder by @bboozzoo in https://github.com/snapcore/snapd/pull/11254
• tests: fix uses of fakestore new-snap-declaration by @bboozzoo in https://github.com/snapcore/snapd/pull/11199
• gadget: misc helper fixes for implicit system-data role handling by @anonymouse64 in https://github.com/snapcore/snapd/pull/11230
• gadget: fix typo with filesystem message by @anonymouse64 in https://github.com/snapcore/snapd/pull/11257
• tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted case too by @anonymouse64 in https://github.com/snapcore/snapd/pull/11259
• mount-control: step 3 by @mardy in https://github.com/snapcore/snapd/pull/10864
• systemd: add NeedDaemonReload to the unit state by @kubiko in https://github.com/snapcore/snapd/pull/11241
• overlord/h/c/umount: remove handling of required parameter by @mardy in https://github.com/snapcore/snapd/pull/11266
• go.mod: tidy up by @bboozzoo in https://github.com/snapcore/snapd/pull/11265
• i/builtin/xilinx-dma: add interface for Xilinx DMA driver by @alexclewontin in https://github.com/snapcore/snapd/pull/10924
• store: fix flaky test by @MiguelPires in https://github.com/snapcore/snapd/pull/11267
• o/snapstate: migrate to hidden dir on refresh/install by @MiguelPires in https://github.com/snapcore/snapd/pull/11169
• o/ifacestate: add convenience Active() method to ConnectionState struct by @stolowski in https://github.com/snapcore/snapd/pull/11233
• systemd: enable batched calls for systemd calls operation on units by @kubiko in https://github.com/snapcore/snapd/pull/11242
• cmd/snap: adjust /cmd to migration changes by @MiguelPires in https://github.com/snapcore/snapd/pull/11262
• tests: setup snapd remodel testing bits by @bboozzoo in https://github.com/snapcore/snapd/pull/11122
• run-checks, check-commit-email.py: check commit email addresses for validity by @anonymouse64 in https://github.com/snapcore/snapd/pull/11269
• configcore: implement netplan write support via dbus by @mvo5 in https://github.com/snapcore/snapd/pull/10752
• check-commit-email: do not fail when current dir is not under git by @bboozzoo in https://github.com/snapcore/snapd/pull/11281
• tests/lib/prepare.sh: add debug kernel command line params via gadget on UC20 by @anonymouse64 in https://github.com/snapcore/snapd/pull/10716
• gadget/update.go: add DiskTraitsFromDeviceAndValidate by @anonymouse64 in https://github.com/snapcore/snapd/pull/11084
• packaging/ubuntu-16.04/control: adjust libfuse3 dependency as suggested by @anonymouse64 in https://github.com/snapcore/snapd/pull/11276
• osutils: deal with ENOENT in UserMaybeSudoUser() by @mvo5 in https://github.com/snapcore/snapd/pull/11275
• tests: add jammy to spread executions by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11274
• spread-shellcheck: add a caching layer by @bboozzoo in https://github.com/snapcore/snapd/pull/11279
• packaging,tests: fix running autopkgtest by @mvo5 in https://github.com/snapcore/snapd/pull/11253
• tests: cross store remodel by @bboozzoo in https://github.com/snapcore/snapd/pull/11277
• interfaces/shared-memory: support single wild-cards in the read/write paths by @anonymouse64 in https://github.com/snapcore/snapd/pull/11268
• tests: spread test snap dir migration by @MiguelPires in https://github.com/snapcore/snapd/pull/11280
• tests: fix running tests.invariant on testflinger systems by @mvo5 in https://github.com/snapcore/snapd/pull/11250
• packaging, systemd: fix socket (re-)start race by @xnox in https://github.com/snapcore/snapd/pull/11287
• cmd/snapd-apparmor: fix bad variable initialization by @bboozzoo in https://github.com/snapcore/snapd/pull/11285
• osutil/mkfs: Expose option for --lib flag in fakeroot call by @jawn-smith in https://github.com/snapcore/snapd/pull/11284
• tests: drop 21.04 tests (it's EOL) by @mvo5 in https://github.com/snapcore/snapd/pull/11283
• overlord: small refactoring of group quota implementation in preparation of multiple quota values by @Meulengracht in https://github.com/snapcore/snapd/pull/11247
• mkversion: check that snapd is a git source tree before guessing the version by @bboozzoo in https://github.com/snapcore/snapd/pull/11270
• osutil: refactoring the code exporting mocking APIs to other packages by @are-scenic in https://github.com/snapcore/snapd/pull/11187
• gadget/install/partition.go: use device rescan trick only when gadget says to by @anonymouse64 in https://github.com/snapcore/snapd/pull/11235
• many: unit test fix when SNAPD_DEBUG=1 is set by @mansre in https://github.com/snapcore/snapd/pull/11256
• many: add conversion for interface attribute values by @mardy in https://github.com/snapcore/snapd/pull/11248
• tests: add back systemd-timesyncd to newer debian distros by @mardy in https://github.com/snapcore/snapd/pull/11295
• tests: skip migration test on centOS by @MiguelPires in https://github.com/snapcore/snapd/pull/11289
• tests/main/cgroup-tracking-failure: Make it pass when run alone by @valentindavid in https://github.com/snapcore/snapd/pull/11168
• tests: Handle PPAs being served from ppa.launchpadcontent.net by @cjwatson in https://github.com/snapcore/snapd/pull/11300
• gadget: rename DiskVolume...Opts to DiskVolume...Options by @anonymouse64 in https://github.com/snapcore/snapd/pull/11297
• many: add Transactional to snapstate.Flags by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11271
• tests: fix snaps-state test for sru validation by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11299
• systemd: actually test the function passed as a parameter by @bboozzoo in https://github.com/snapcore/snapd/pull/11305
• asserts: start splitting out attrMatcher for reuse to constraint.go by @pedronis in https://github.com/snapcore/snapd/pull/11308
• snap/quota: add positive tests for the quota.Resources logic by @Meulengracht in https://github.com/snapcore/snapd/pull/11304
• tests: skip version check on lp-1871652 for sru validation by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11310
• tests: use system ubuntu-21.10-64 in nested tests by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11294
• cmd/snap-update-ns: convert some unexpected decimal file mode constants to octal. by @jhenstridge in https://github.com/snapcore/snapd/pull/11312
• many: add altlinux support by @shaba in https://github.com/snapcore/snapd/pull/11177
• devicestate: ensure permissions of /var/lib/snapd/void are correct by @mvo5 in https://github.com/snapcore/snapd/pull/11251
• tests: ensure the ca-certificates package is installed by @mvo5 in https://github.com/snapcore/snapd/pull/11301
• asserts: start generalizing attrMatcher by @pedronis in https://github.com/snapcore/snapd/pull/11309
• tests: new Jammy image for testing by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11292
• many: add transactional flag to snapd API by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11306
• tests: skip bind mount in snapd-snap test when the core snap in not repacked by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11298
• tests: skip snap-userd-reexec test when reexec is not enabled by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11307
• tests: enable snap-userd-reexec on ubuntu and debian by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11324
• interfaces/opengl: add support for ARM Mali by @EthanHsieh in https://github.com/snapcore/snapd/pull/11291
• o/snapstate: re-write state after undo migration by @MiguelPires in https://github.com/snapcore/snapd/pull/11313
• tests: fix repair test failure when run in a loop by @stolowski in https://github.com/snapcore/snapd/pull/11319
• tests: ensure that interface hook works with hotplug plug by @stolowski in https://github.com/snapcore/snapd/pull/11318
• i/builtin: allow modem-manager interface to access some files in sysfs by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11323
• o/servicestate: quota group error should be more explanative when memory cgroup is disabled by @atesburak in https://github.com/snapcore/snapd/pull/11003
• overlord: skip manager tests on riscv for now by @mvo5 in https://github.com/snapcore/snapd/pull/11325
• asserts: start implementing authority-delegation by @pedronis in https://github.com/snapcore/snapd/pull/11311
• gadget, gadgettest: reimplement tests to use new gadgettest examples.go file by @anonymouse64 in https://github.com/snapcore/snapd/pull/11296
• usersession/userd: query xdg-mime to check for fallback handlers of a given scheme by @bboozzoo in https://github.com/snapcore/snapd/pull/11200
• o/devicestate: verify that the new model is self contained before remodeling by @bboozzoo in https://github.com/snapcore/snapd/pull/11273
• cmd/snap: remove use of zenity, use notifications for snap run inhibition by @stolowski in https://github.com/snapcore/snapd/pull/11065
• gadget: mv modelCharateristics to gadgettest.ModelCharacteristics by @anonymouse64 in https://github.com/snapcore/snapd/pull/11331
• cmd/snap: add --debug to snap run by @bboozzoo in https://github.com/snapcore/snapd/pull/11336
• overlord/servicestate: disallow mixing snaps and subgroups. by @Meulengracht in https://github.com/snapcore/snapd/pull/11303
• spread: switch to CentOS 8 Stream image by @bboozzoo in https://github.com/snapcore/snapd/pull/11330
• cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed by @bboozzoo in https://github.com/snapcore/snapd/pull/11290
• snap-confine: allow numbers in hook security tag by @stolowski in https://github.com/snapcore/snapd/pull/11327
• tests/core/failover: verify failover handling with the kernel snap by @bboozzoo in https://github.com/snapcore/snapd/pull/11176
• o/servicestate: revert #11003 checking for memory cgroup being disabled by @anonymouse64 in https://github.com/snapcore/snapd/pull/11339
• cmd/snap: close refresh notifications after trying to run a snap while inhibited by @stolowski in https://github.com/snapcore/snapd/pull/11086
• gadget/install: rm unused support for writing non-filesystem structures by @anonymouse64 in https://github.com/snapcore/snapd/pull/11333
• gadget/install/partition.go: include DiskIndex in synthesized OnDiskStructure by @anonymouse64 in https://github.com/snapcore/snapd/pull/11332
• systemd: batched operations by @bboozzoo in https://github.com/snapcore/snapd/pull/11314
• gadget/install: add unit tests for makeFilesystem, allow mocking mkfs.Make() by @anonymouse64 in https://github.com/snapcore/snapd/pull/11334
• cmd/snap/auto-import: use osutil.LoadMountInfo impl instead by @anonymouse64 in https://github.com/snapcore/snapd/pull/11344
• vscode: added integrated support for MS VSCODE by @are-scenic in https://github.com/snapcore/snapd/pull/11245
• tests/nested/manual/remodel-cross-store,remodel-simple: wait for serial by @bboozzoo in https://github.com/snapcore/snapd/pull/11351
• gadget/install: add unit tests for install.Run() by @anonymouse64 in https://github.com/snapcore/snapd/pull/11335
• tests/main/snap-system-key: reset-failed snapd and snapd.socket by @anonymouse64 in https://github.com/snapcore/snapd/pull/11345
• interfaces/cups: add cups-socket-directory attr, use to specify mount rules in backend by @anonymouse64 in https://github.com/snapcore/snapd/pull/10427
• osutil/mkfs: Expose more fakeroot flags by @jawn-smith in https://github.com/snapcore/snapd/pull/11320
• tests: updated the documentation to run spread tests using external backend by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11341
• packaging/fedora: sync with downstream, packaging improvements by @bboozzoo in https://github.com/snapcore/snapd/pull/11352
• o/snapstate: revert migration on refresh if flag is disabled by @MiguelPires in https://github.com/snapcore/snapd/pull/11316
• cmd/snap-confine: update ambiguous comment by @mardy in https://github.com/snapcore/snapd/pull/11360
• spread: non-functional cleanup of go1.6 legacy by @are-scenic in https://github.com/snapcore/snapd/pull/11356
• gadget/gadget.go: add AllDiskVolumeDeviceTraits by @anonymouse64 in https://github.com/snapcore/snapd/pull/11220
• gadget/gadget_test.go: fix variable type by @anonymouse64 in https://github.com/snapcore/snapd/pull/11363
• cmd/snap-confine: remove mention of "legacy mode" from comment by @mardy in https://github.com/snapcore/snapd/pull/11361
• interfaces/seccomp: Add rseq to base seccomp template by @alexmurray in https://github.com/snapcore/snapd/pull/11357
• snap-bootstrap: Cleanup dependencies in systemd mounts by @valentindavid in https://github.com/snapcore/snapd/pull/11263
• o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing notification by @stolowski in https://github.com/snapcore/snapd/pull/11359
• cmd/snap-confine: build const data structures at compile-time by @mardy in https://github.com/snapcore/snapd/pull/11358
• docs: cosmetic cleanups by @are-scenic in https://github.com/snapcore/snapd/pull/11322
• cmd/snap: rename the verbose logging flag in snap run by @bboozzoo in https://github.com/snapcore/snapd/pull/11346
• docs: fix incorrect link by @MiguelPires in https://github.com/snapcore/snapd/pull/11368
• many: fix issues flagged by golangci and configure it to fail build by @MiguelPires in https://github.com/snapcore/snapd/pull/11364
• tests: add regression tests for disabled memory cgroup operation by @anonymouse64 in https://github.com/snapcore/snapd/pull/11342
• tests: increase nested disk size on classic images by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11348
• tests: reboot test running remodel by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11343
• data/env: fix fish env for all versions of fish, unexport local vars, export XDG_DATA_DIRS by @bboozzoo in https://github.com/snapcore/snapd/pull/11371
• tests/core/mem-cgroup-disabled: minor fixups by @anonymouse64 in https://github.com/snapcore/snapd/pull/11369
• interfaces/u2f-devices: add U2F-TOKEN (https://launchpad.net/bugs/1956865) by @oSoMoN in https://github.com/snapcore/snapd/pull/11366
• tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add gadget variant by @anonymouse64 in https://github.com/snapcore/snapd/pull/10807
• libsnap-confine-private: string functions simplification by @mardy in https://github.com/snapcore/snapd/pull/11362
• many: fix leftover empty snap dirs by @MiguelPires in https://github.com/snapcore/snapd/pull/11337
• asserts,cmd/snap-repair: support delegation when validating signatures by @pedronis in https://github.com/snapcore/snapd/pull/11338
• gadget: identify/match encryption parts, include in traits info by @anonymouse64 in https://github.com/snapcore/snapd/pull/11354
• asserts: remove unused function, fix for linter by @pedronis in https://github.com/snapcore/snapd/pull/11382
• asserts: first-class support for formatting/encoding signatory-id by @pedronis in https://github.com/snapcore/snapd/pull/11380
• tests: prepare and restore nested tests by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11373
• asserts: fetching code should fetch authority-delegation assertions with signing keys as needed by @pedronis in https://github.com/snapcore/snapd/pull/11381
• asserts,interfaces/policy: move and prepare DeviceScopeConstraint for reuse by @pedronis in https://github.com/snapcore/snapd/pull/11387
• tests: skip ~/.snap migration test on openSUSE by @MiguelPires in https://github.com/snapcore/snapd/pull/11376
• o/snapstate: implement transactional flag by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11326
• o/snapstate: rename "corecore" -> "core" by @anonymouse64 in https://github.com/snapcore/snapd/pull/11397
• o/devicestate/handlers_install.go: use --all to get binary data too for logs by @anonymouse64 in https://github.com/snapcore/snapd/pull/11396
• tests: fix security-udev-input-subsystem test by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11390
• tests: add created_at timestamp to mongo issues by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11388
• gadget: refactor StructureEncryption to have a concrete type instead of map by @anonymouse64 in https://github.com/snapcore/snapd/pull/11384
• o/devicestate: preseeding test cleanup by @stolowski in https://github.com/snapcore/snapd/pull/11398
• o/devicestate/firstboot_preseed_test.go: remove deadcode by @anonymouse64 in https://github.com/snapcore/snapd/pull/11403
• snapstate: make "remove vulnerable version" message more friendly by @mvo5 in https://github.com/snapcore/snapd/pull/11401
• tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer snaps by @anonymouse64 in https://github.com/snapcore/snapd/pull/11400
• tests: smoke test support for core22 by @Meulengracht in https://github.com/snapcore/snapd/pull/11379
• many: move boot.Device to snap.Device by @anonymouse64 in https://github.com/snapcore/snapd/pull/11412
• overlord, o/snapstate: fix mocking on systems without /snap by @bboozzoo in https://github.com/snapcore/snapd/pull/11418
• spread.yaml: add core22 version of rsync to skip by @Meulengracht in https://github.com/snapcore/snapd/pull/11417
• many: move call to shutdown to the boot package by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11317
• tests: fix "undo purging" step in snap-run-devmode-classic by @mvo5 in https://github.com/snapcore/snapd/pull/11411
• gadget/install: measure and save disk volume traits during install.Run() by @anonymouse64 in https://github.com/snapcore/snapd/pull/11374
• gadget: add searchForVolumeWithTraits + tests by @anonymouse64 in https://github.com/snapcore/snapd/pull/11414
• interfaces/{cpu,power}-control: add more accesses for commercial device tuning by @anonymouse64 in https://github.com/snapcore/snapd/pull/11404
• tests: allow run spread tests using a private ppa by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11389
• gadget/update.go: add buildNewVolumeToDeviceMapping for existing devices by @anonymouse64 in https://github.com/snapcore/snapd/pull/11415
• tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up by @anonymouse64 in https://github.com/snapcore/snapd/pull/11425
• data/env: more workarounds for even older fish shells, provide reasonable defaults by @bboozzoo in https://github.com/snapcore/snapd/pull/11416
• asserts: add preseed assertion type by @stolowski in https://github.com/snapcore/snapd/pull/11377
• o/devicestate: pick system from seed systems/ for preseeding (1/N) by @stolowski in https://github.com/snapcore/snapd/pull/11205
• t/m/interfaces-network-manager: use different channel depending on system by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11422
• tests: skip boot loader check during testing preparation on s390x by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11423
• tests: fix smoke/install test for other architectures than pc by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11424
• wrappers: do not reload the deamon or restart snapd services when preseeding on core by @stolowski in https://github.com/snapcore/snapd/pull/11365
• tests: include new testing tools and utils by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11399
• data/env: cosmetic tweak for fish by @bboozzoo in https://github.com/snapcore/snapd/pull/11428
• o/snapstate: add ~/Snap init related to backend by @MiguelPires in https://github.com/snapcore/snapd/pull/11413
• tests: add debugging to snap-confine-tmp-mount by @mardy in https://github.com/snapcore/snapd/pull/11435
• seed,image: changes necessary for ubuntu-image to support preseeding extra snaps in classic images by @jawn-smith in https://github.com/snapcore/snapd/pull/11355
• o/snapstate: deal with potentially invalid type of refresh.retain value due to lax validation by @stolowski in https://github.com/snapcore/snapd/pull/11442
• tests: add test to ensure consecutive refreshes do garbage colleciton of old revs by @stolowski in https://github.com/snapcore/snapd/pull/11438
• cmd/snap-mgmt, packaging: trigger daemon reload after purging unit files by @bboozzoo in https://github.com/snapcore/snapd/pull/11430
• bootloader: allow different names for the grub binary in different archs by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11282
• tests: get lxd snap from candidate channel by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11447
• overlord, boot: fix unit tests on arches other than amd64 by @bboozzoo in https://github.com/snapcore/snapd/pull/11454
• tests: fix snap-run-gdbserver test by retrying the check by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11443
• interfaces: custom-device by @mardy in https://github.com/snapcore/snapd/pull/11272
• asserts: return an explicit error when key cannot be found by @bboozzoo in https://github.com/snapcore/snapd/pull/11455
• tests/nested/core/core20-reinstall-partitions: update test summary by @bboozzoo in https://github.com/snapcore/snapd/pull/11462
• testutil: add generic mocking helpers by @are-scenic in https://github.com/snapcore/snapd/pull/11386
• boot: mock amd64 arch for mabootable 20 suite by @bboozzoo in https://github.com/snapcore/snapd/pull/11464
• data/selinux: allow the snap command to run systemctl by @bboozzoo in https://github.com/snapcore/snapd/pull/11427
• packaging/ubuntu-16.04/rules: don't run unit tests on riscv64 by @anonymouse64 in https://github.com/snapcore/snapd/pull/11405
• interfaces/cpu-control: add extra idleruntime data/reset files to cpu-control by @anonymouse64 in https://github.com/snapcore/snapd/pull/11452
• interfaces/network-control: add D-Bus rules for resolved too by @anonymouse64 in https://github.com/snapcore/snapd/pull/11459
• osutil/disks: trigger udev on the partition device node by @anonymouse64 in https://github.com/snapcore/snapd/pull/11433
• tests: small adjustments to fix vuln spread tests by @anonymouse64 in https://github.com/snapcore/snapd/pull/11407
• interfaces/systemd: use batch systemd operations by @bboozzoo in https://github.com/snapcore/snapd/pull/11372
• cmd/snap-confine: coverity fixes by @alexmurray in https://github.com/snapcore/snapd/pull/11426
• interfaces/apparmor: add missing unit tests for special devmode rules/behavior by @anonymouse64 in https://github.com/snapcore/snapd/pull/11409
• gadget: add buildVolumeStructureToLocation, volumeStructureToLocationMap by @anonymouse64 in https://github.com/snapcore/snapd/pull/11420
• release: 2.54.4 changelog to master by @mvo5 in https://github.com/snapcore/snapd/pull/11466
• tests/main/mount-ns: unmount /run/qemu by @mardy in https://github.com/snapcore/snapd/pull/11469
• o/snapstate: add core22 migration logic by @MiguelPires in https://github.com/snapcore/snapd/pull/11431
• o/snapstate: implement transactional lanes for prereqs by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11395
• tests/main/user-session-env: special case bash profile on Tumbleweed by @bboozzoo in https://github.com/snapcore/snapd/pull/11478
• interfaces/builtin/account-control: allow to execute pam_tally2 by @bboozzoo in https://github.com/snapcore/snapd/pull/11465
• cmd: misc analyzer fixes by @bboozzoo in https://github.com/snapcore/snapd/pull/11444
• interfaces/browser-support: allow RealtimeKit's MakeThreadRealtimeWithPID by @oSoMoN in https://github.com/snapcore/snapd/pull/11440
• tests: increase the times in snapd-sigterm for arm devices by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11479
• tests: skip interfaces-cups-control from debian-sid by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11472
• tests: update the snapd testing tools by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11451
• tests: validate tests tools just on google and qemu backends by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11473
• o/state: fix undo with independent tasks in same change and lane by @stolowski in https://github.com/snapcore/snapd/pull/11463
• o/devicestate, daemon: introduce factory-reset mode, allow switching by @bboozzoo in https://github.com/snapcore/snapd/pull/11436
• i/a/template.go: add ld path for jammy by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11481
• interfaces/apparmor: Update base template for systemd-machined by @alexmurray in https://github.com/snapcore/snapd/pull/11485
• cmd/snap: add support for rebooting to factory-reset by @bboozzoo in https://github.com/snapcore/snapd/pull/11486
• snap: Add missing zlib by @valentindavid in https://github.com/snapcore/snapd/pull/11487
• o/devicestate: split mocks to separate calls for creating a model and a gadget by @bboozzoo in https://github.com/snapcore/snapd/pull/11489
• tests: Include the source github url as part of the mongo db issues by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11482
• tests/lib/tools/report-mongodb: fix typo in help text by @mardy in https://github.com/snapcore/snapd/pull/11495
• interface/opengl: allow read on /proc/sys/dev/i915/perf_stream_paranoid by @jdstrand in https://github.com/snapcore/snapd/pull/11491
• cmd: set core22 migration related env vars and update spread test by @MiguelPires in https://github.com/snapcore/snapd/pull/11449
• cmd/snap-preseed: support for core20 preseeding by @stolowski in https://github.com/snapcore/snapd/pull/11461
• many: replace use of "sanity" for interface implementation checks by @mvo5 in https://github.com/snapcore/snapd/pull/11500
• tests: updating the test-snapd-cups-control-consumer snap to core20 based by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11493
• asserts: minimal changes to disable authority-delegation before full revert by @pedronis in https://github.com/snapcore/snapd/pull/11502
• many: replace use of "sanity" with more inclusive naming in comments by @mvo5 in https://github.com/snapcore/snapd/pull/11501
• fde: add new DeviceUnlock() call by @mvo5 in https://github.com/snapcore/snapd/pull/10816
• github: replace "sanity check" with "quick check" in workflow by @mvo5 in https://github.com/snapcore/snapd/pull/11498
• overlord: extend single reboot test to include a non-base, non-kernel snap by @bboozzoo in https://github.com/snapcore/snapd/pull/11507
• dirs: remove unused SnapMetaDir variable by @mardy in https://github.com/snapcore/snapd/pull/11510
• tests: fix test to avoid editing the test-snapd-tools snap.yaml file by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11506
• boot: support factory-reset when sealing and resealing by @bboozzoo in https://github.com/snapcore/snapd/pull/11470
• snap: add new cpu quotas by @Meulengracht in https://github.com/snapcore/snapd/pull/11410
• i/seccomp/template.go: add close_range to the allowed syscalls by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11488
• tests: use lxd from edge to avoid issues not fixed on candidate yet by @sergiocazzolato in https://github.com/snapcore/snapd/pull/11528
• bootloader: add support for piboot by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11068
• o/snapstate: make sure that snapd is a prerequisite for updating base snaps by @bboozzoo in https://github.com/snapcore/snapd/pull/11525
• snap/quota: fix bug in quota group tree validation code by @Meulengracht in https://github.com/snapcore/snapd/pull/11523
• o/snapstate: allow installing the snapd-desktop-integration snap even if the user-daemons feature is otherwise disabled by @jhenstridge in https://github.com/snapcore/snapd/pull/11504
• cmd/snap: make 1.18 vet happy by @bboozzoo in https://github.com/snapcore/snapd/pull/11532
• overlord/state: drop unused lanes field by @bboozzoo in https://github.com/snapcore/snapd/pull/11537
• i/b/network_{control,manager}.go: add more access to resolved by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11474
• i/b/modem-manager: provide access to ObjectManager by @alfonsosanchezbeato in https://github.com/snapcore/snapd/pull/11518
• interfaces/docker-support: make generic rules not conflict with snap-confine by @anonymouse64 in https://github.com/snapcore/snapd/pull/11503
• cmd/snap-preseed, image: move preseeding code to image/preseed by @stolowski in https://github.com/snapcore/snapd/pull/11505
• cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries by @anonymouse64 in https://github.com/snapcore/snapd/pull/10676
• snap-bootstrap: Partially revert simplifications of mount dependencies by @valentindavid in https://github.com/snapcore/snapd/pull/11515
• overlord/state: add helper for aborting unready lanes by @bboozzoo in https://github.com/snapcore/snapd/pull/11536
• o/snapstate: avoid setting up single reboot when update includes base, kernel and gadget by @bboozzoo in https://github.com/snapcore/snapd/pull/11520
• snap/quota: additional validation in resources.go by @Meulengracht in https://github.com/snapcore/snapd/pull/11519
• osutil/disks: calculate the last usable LBA instead of reading it by @valentindavid in https://github.com/snapcore/snapd/pull/11394
• kernel/fde: add PartitionName to various structs by @anonymouse64 in https://github.com/snapcore/snapd/pull/11541
• release: 2.55 by @anonymouse64 in https://github.com/snapcore/snapd/pull/11550

New Contributors

• @are-scenic made their first contribution in https://github.com/snapcore/snapd/pull/11183
• @skriesch made their first contribution in https://github.com/snapcore/snapd/pull/11192
• @jduchateau made their first contribution in https://github.com/snapcore/snapd/pull/11221
• @alexclewontin made their first contribution in https://github.com/snapcore/snapd/pull/10924
• @Meulengracht made their first contribution in https://github.com/snapcore/snapd/pull/11247
• @mansre made their first contribution in https://github.com/snapcore/snapd/pull/11256
• @shaba made their first contribution in https://github.com/snapcore/snapd/pull/11177

Full Changelog: https://github.com/snapcore/snapd/compare/2.54.4...2.55

New snapd release 2.55.1

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime
  instead

New snapd release 2.55.2

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• cmd/snap-update-ns: actually use entirely non-existent dirs

New bugfix release

• t/m/interfaces-network-manager: use different channel depending on
  system
• many: backport attrer interface changes to 2.54
• tests: skip version check on lp-1871652 for sru validation
• i/builtin: allow modem-manager interface to access some files in
  sysfs
• snapstate: make "remove vulnerable version" message more
  friendly
• tests: fix "undo purging" step in snap-run-devmode-classic
• o/snapstate: deal with potentially invalid type of refresh.retain
  value due to lax validation
• interfaces: custom-device
• packaging/ubuntu-16.04/control: adjust libfuse3 dependency
• data/env: fix fish env for all versions of fish
• packaging/ubuntu-16.04/snapd.postinst: start socket and service
  first
• interfaces/u2f-devices: add U2F-TOKEN
• interfaces/seccomp: Add rseq to base seccomp template
• tests: remove disabled snaps before calling save_snapd_state
• overlord: skip manager tests on riscv for now
• interfaces/opengl: add support for ARM Mali
• devicestate: ensure permissions of /var/lib/snapd/void are
  correct
• cmd/snap-update-ns: convert some unexpected decimal file mode
  constants to octal.
• interfaces/shared-memory: support single wild-cards in the
  read/write paths
• packaging: fix running autopkgtest
• i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver
• tests: fix tests/core/create-user on testflinger pi3
• tests: fix parallel-install-basic on external UC16 devices
• tests: re-enable kernel-module-load tests on arm
• tests: do not run k8s smoke test on 32 bit systems

• SECURITY UPDATE: Local privilege escalation
  • snap-confine: Add validations of the location of the snap-confine
    binary within snapd.
  • snap-confine: Fix race condition in snap-confine when preparing a
    private mount namespace for a snap.
  • CVE-2021-44730
  • CVE-2021-44731
• SECURITY UPDATE: Data injection from malicious snaps
  • interfaces: Add validations of snap content interface and layout
    paths in snapd.
  • CVE-2021-4120
  • LP: #1949368

New snapd release 2.54.2

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• tests: exclude interfaces-kernel-module load on arm
• tests: ensure that test-snapd-kernel-module-load is removed
• tests: do not test microk8s-smoke on arm
• tests/core/failover: replace boot-state with snap debug boot-vars
• tests: use snap info|awk to extract tracking channel
• tests: fix remodel-kernel test when running on external devices
• .github/workflows/test.yaml: also check internal snapd version for cleanliness
• packaging/ubuntu-16.04/rules: eliminate seccomp modification
• bootloader/assets/grub_*cfg_asset.go: update Copyright
• build-aux/snap/snapcraft.yaml: adjust comment about get-version
• .github/workflows/test.yaml: add check in github actions for dirty snapd snaps
• build-aux/snap/snapcraft.yaml: use build-packages, don't fail dirty builds
• data/selinux: allow poking /proc/xen

Major update for snapd 2.54

New bugfix release for the major 2.54 release:

• buid-aux: set version before calling ./generate-packaging-dir
  This fixes the "dirty" suffix in the auto-generated version