Hello, the canonical-livepatch snap has added a new system-files plug - hostfs-dpkg-data
. Please review and allow the use of this plug.
The purpose of this plug is to allow read-only access to the following files:
/var/lib/snapd/hostfs/var/lib/dpkg
and /etc/dpkg
.
These files link in the following layout:
/usr/share/dpkg:
bind: $SNAP/usr/share/dpkg
/usr/bin/dpkg:
symlink: $SNAP/dpkg
/etc/dpkg/dpkg.cfg:
bind-file: $SNAP/etc/dpkg/dpkg.cfg
/var/lib/dpkg/status:
symlink: $SNAP/dpkg-status-file
This is so that the livepatch-client
can read the list of kernel images installed on the host machine.
- name: canonical-livepatch
- description: Canonical Livepatch patches high and critical linux kernel vulnerabilities removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering. The Canonical Livepatch Client is an application that runs on your machine and periodically checks for patches. See our docs at https://ubuntu.com/security/livepatch/docs/livepatch
- snapcraft: PRIVATE
- upstream: PRIVATE
- upstream-relation: Canonical owned and developed snap, I am an engineer working on this project
- interfaces:
- system-files:
- request-type: installation
- reasoning: read the list of kernel images installed on the host machine (please see above)
- system-files: