Hello, the canonical-livepatch snap has added a new system-files plug - sys-kernel-livepatch. Please review and allow the use of this plug.
The purpose of this plug is to allow read access to the kernel livepatch files present in sysfs. The plug will allow read access in the following format:
sys-kernel-livepatch:
interface: system-files
read:
- /sys/kernel/livepatch
This is required to allow the canonical-livepatch snap, read access to the /sys/kernel/livepatch/<patch-name>/transition file to know if a livepatch has been fully applied and has finished its transition phase. This read is needed to make the patch application confirmation, by the canonical-livepatch snap, more robust. Since the will be different for different patches, we will need to have read access to everything in the parent directory. More information can be found in the Linux kernel livepatching documentation.
-
name: canonical-livepatch
-
description: Canonical Livepatch patches high and critical linux kernel vulnerabilities removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.
The Canonical Livepatch Client is an application that runs on your machine and periodically checks for patches.
See our docs at https://ubuntu.com/security/livepatch/docs/livepatch
-
snapcraft: PRIVATE
-
upstream: PRIVATE
-
upstream-relation: Canonical owned and operated snap. I am an engineer working on this project.
-
interfaces:
- system-files:
- request-type: installation
- reasoning: Read kernel livepatch files to know when a patch application is complete (please read above for more context).
- system-files: