Skip to content

New release 2.68

Latest
Latest
Compare
Choose a tag to compare
@ernestl ernestl released this 01 Mar 04:27
· 88 commits to master since this release
2.68
This tag was signed with the committer’s verified signature.
ernestl Ernest Lotter
GPG key ID: 4FC37460701A4CBD
Verified
Learn about vigilant mode.
76d3e5a
  • FDE: add support for new and more extensible key format that is unified between TPM and FDE hook
  • FDE: add support for adding passphrases during installation
  • FDE: update secboot to 30317622bbbc
  • Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install
  • Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages
  • Snap components: support remodeling to models that contain components
  • Snap components: support offline remodeling to models that contain components
  • Snap components: support creating new recovery systems with components
  • Snap components: support downloading components with 'snap download' command
  • Snap components: support sideloading asserted components
  • AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor
  • AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans
  • AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity
  • AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions
  • AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup
  • AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions
  • Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb)
  • Confdb(experimental): support marking confdb schemas as ephemeral
  • Confdb(experimental): add confdb-control assertion and feature flag
  • Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update
  • Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode
  • Confidential VMs: snap-bootstrap support for setting up cloudimg-rootfs as an overlayfs with integrity protection
  • dm-verity for essential snaps: add support for snap-integrity assertion
  • Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/*
  • Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user
  • Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem
  • Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps
  • Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container
  • Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function
  • Interfaces: add checkbox-support interface that allows unrestricted access to all devices
  • Interfaces: fwupd | allow access to dell bios recovery
  • Interfaces: fwupd | allow access to shim and fallback shim
  • Interfaces: mount-control | add mount option validator to detect mount option conflicts early
  • Interfaces: cpu-control | add read access to /sys/kernel/irq/
  • Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop
  • Interfaces: microstack-support | support for utilizing of AMD SEV capabilities
  • Interfaces: u2f | added missing OneSpan device product IDs
  • Interfaces: auditd-support | grant seccomp setpriority
  • Interfaces: opengl interface | enable parsing of nvidia driver information files
  • Interfaces: LP: #2095009 mount-control interface | add CIFS support
  • Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine
  • Upstream/downstream packaging changes and build updates
  • Improve error logs for malformed desktop files to also show which desktop file is at fault
  • Provide more precise error message when overriding channels with grade during seed creation
  • Expose 'snap prepare-image' validation parameter
  • Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile
  • Add fallback release info location /etc/initrd-release
  • Added core-initrd to snapd repo and fixed issues with ubuntu-core-initramfs deb builds
  • Remove stale robust-mount-namespace-updates experimental feature flag
  • Remove snapd-snap experimental feature (rejected) and it's feature flag
  • Changed snap-bootstrap to mount base directly on /sysroot
  • Mount ubuntu-seed mounted as no-{suid,exec,dev}
  • Mapping volumes to disks: add support for volume-assignments in gadget
  • Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18
  • Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets
  • Fix 'snap get' to produce compact listing for tty
  • Fix missing store-url by keeping it as part of auxiliary store info
  • Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available
  • Fix 'snap set' and 'snap get' panic on empty strings with early error checking
  • Fix logger debug entries to show correct caller and file information
  • Fix issue preventing hybrid systems from being seeded on first boot
  • LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors
  • LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not
Assets 5
Loading