The snapd roadmap

doc
22

Hi @bugraaydogar. Thanks for letting us know. I’ll add the tick (at any other time of year, it’s usually @ernestl who keeps this page in shape).

23

Hello,

Could you provide an update on the status of version 2.69.1? The roadmap indicates it should be at the candidate stage, but there hasn’t been a beta release. Can you confirm if the roadmap is still up-to-date? Some of the fixes listed in 2.69 are blocking our release.

Thanks.

snapd 2.69.1

:white_check_mark: AppArmor prompting (experimental): avoid race between closing/reading socket fd

:white_check_mark: Fix potential validation set deadlock due to bases waiting on snaps

:white_check_mark: LP: #2104066 Only cancel notices requests on Stop/shutdown

:white_check_mark: Run ‘systemctl start’ for mount units to ensure they are run also when unchanged

:white_check_mark: Interfaces: timeserver-control | allow timedatectl timesync commands
:white_medium_square: beta ~05 May 2025
:white_medium_square: candidate ~14 May 2025
:white_medium_square: stable ~30 May 2025
24

I got two questions

  1. is it planned to upgrade the vendored apparmor to >=4.1 ?
  2. is it necessary for full confinement when running kernel 6.17 (which has the necessary patches; but needs ABIv9 af_unix)? or is it sufficient if the host system has apparmor 4.1?
1 Like
25

update: we got an answer to question 1.) from zyga; yes it is planned to upgrade the vendored apparmor

And from my testing and the comments, it is not sufficient if the host system has apparmor 4.1 (cause snapd needs to generate fitting apparmor policies).

So the last part is still unanswered: is a snapd upgrade sufficient on kernel >= 6.17 to get full confinement or does the host system also need an apparmor update?