Public bug reported: snappy in 16.04 used to compare /usr/share/snappy/security-policy- version and /var/lib/snappy/security-policy-version on boot to see if the apparmor package changed and therefore if it needed to regenerate all snap policy. This functionality was recently removed with nothing added to replace it.
snapd must have a means to detect changes to the parser or the abstractions which the snap may #include, otherwise we cannot deliver parser and policy fixes from apparmor to installed snaps. It is fine to use a different method than what we had before, but we need to have something. ** Affects: snappy Importance: High Status: New ** Affects: snapd (Ubuntu) Importance: High Status: New ** Changed in: snapd (Ubuntu) Importance: Undecided => High ** Also affects: snappy Importance: Undecided Status: New ** Changed in: snappy Importance: Undecided => High ** Description changed: snappy in 16.04 used to compare /usr/share/snappy/security-policy- version and /var/lib/snappy/security-policy-version on boot to see if the apparmor package changed and therefore if it needed to regenerate all snap policy. This functionality was recently removed with nothing added to replace it. snapd must have a means to detect changes to the parser or the abstractions which the snap may #include, otherwise we cannot deliver - parser and policy fixes from apparmor to installed snaps. + parser and policy fixes from apparmor to installed snaps. It is fine to + use a different method than what we had before, but we need to have + something. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1569581 Title: snapd no longer detects apparmor changes on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1569581/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs