From 8c0ec8b07e07b9f19c2ecd14451ebdd2521bd574 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Jun 14 2019 13:40:44 +0000
Subject: Release 2.39.2 to Fedora (RH#1717448)


- Drop patch included in this release

---

diff --git a/.gitignore b/.gitignore
index b1510b8..153d5a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,3 +36,5 @@
 /snapd_2.39.only-vendor.tar.xz
 /snapd_2.39.1.no-vendor.tar.xz
 /snapd_2.39.1.only-vendor.tar.xz
+/snapd_2.39.2.no-vendor.tar.xz
+/snapd_2.39.2.only-vendor.tar.xz
diff --git a/0001-data-selinux-permit-init_t-to-remount-snappy_snap_t-.patch b/0001-data-selinux-permit-init_t-to-remount-snappy_snap_t-.patch
deleted file mode 100644
index f4d1983..0000000
--- a/0001-data-selinux-permit-init_t-to-remount-snappy_snap_t-.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From c123a2c5e5c943577641d23a73425690a5c6dc1a Mon Sep 17 00:00:00 2001
-From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
-Date: Tue, 4 Jun 2019 13:38:20 +0200
-Subject: [PATCH] data/selinux: permit init_t to remount snappy_snap_t (#6946)
-
-Systemd services that get a new mount namespace on startup fail due to SELinux
-blocking system from remounting /var/lib/snapd/snap into the new mount ns.
-
-Since we cannot declare fs_type() and generate contexts through genfscon outside
-of core policy, add an explicit permission for init_t.
-
-type=AVC msg=audit(1559625610.991:67): avc:  denied  { remount } for  pid=578
-         comm="(resolved)"
-         scontext=system_u:system_r:init_t:s0
-         tcontext=system_u:object_r:snappy_snap_t:s0
-         tclass=filesystem permissive=0
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1708991
----
- data/selinux/snappy.te                  | 10 ++++++++
- tests/regression/rhbz-1708991/task.yaml | 33 +++++++++++++++++++++++++
- 2 files changed, 43 insertions(+)
- create mode 100644 tests/regression/rhbz-1708991/task.yaml
-
-diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te
-index 4c7bf0002..de3e94888 100644
---- a/data/selinux/snappy.te
-+++ b/data/selinux/snappy.te
-@@ -60,7 +60,12 @@ files_tmp_file(snappy_tmp_t)
- 
- # actual snap
- type snappy_snap_t;
-+# XXX: snappy_snap_t should be declared a filesystem, but due to how modules are
-+# handled we cannot generate required contexts with genfscon outside of core
-+# policy
-+# fs_type(snappy_snap_t)
- files_type(snappy_snap_t)
-+files_mountpoint(snappy_snap_t)
- 
- # CLI tools: snap, snapctl
- type snappy_cli_t;
-@@ -615,3 +620,8 @@ allow init_t snappy_var_t:dir manage_dir_perms;
- allow init_t snappy_var_t:sock_file manage_sock_file_perms;
- # the snap is started via `snap run ..`
- allow init_t snappy_cli_t:unix_stream_socket create_stream_socket_perms;
-+# init_t will try to remount snap mount directory when starting services that
-+# use Private* directives, while init_t is allowed to remount all fs, we cannot
-+# declare fs_type(snappy_snap_t) outside of core policy, add explicit permission
-+# instead
-+allow init_t snappy_snap_t:filesystem remount;
-diff --git a/tests/regression/rhbz-1708991/task.yaml b/tests/regression/rhbz-1708991/task.yaml
-new file mode 100644
-index 000000000..e1f960c9b
---- /dev/null
-+++ b/tests/regression/rhbz-1708991/task.yaml
-@@ -0,0 +1,33 @@
-+summary: Check that snapd SELinux policy does not break systemd services with private mount ns
-+
-+systems: [fedora-*, centos-*]
-+
-+prepare: |
-+    #shellcheck source=tests/lib/pkgdb.sh
-+    . "$TESTSLIB"/pkgdb.sh
-+
-+    if [[ "$SPREAD_SYSTEM" == centos-7-* ]]; then
-+        distro_install_package systemd-resolved
-+    fi
-+
-+    getenforce > enforcing.mode
-+
-+    # Enable enforcing mode, our policy is already marked as permissive, so we
-+    # will get audit entries but the program will not be stopped by SELinux
-+    setenforce 1
-+    ausearch --checkpoint stamp -m AVC || true
-+
-+restore: |
-+    setenforce "$(cat enforcing.mode)"
-+    rm -f stamp enforcing.mode
-+
-+execute: |
-+    # global prepare calls systemctl daemon-reexec to make systemd run with
-+    # additional init_t permissions from snapd package, workaround for:
-+    # https://bugzilla.redhat.com/show_bug.cgi?id=1660141
-+    # https://github.com/systemd/systemd/issues/9997
-+
-+    # resolved and hostnamed have private mount ns
-+    systemctl restart systemd-resolved
-+    systemctl restart systemd-hostnamed
-+    ausearch -i --checkpoint stamp --start checkpoint -m AVC 2>&1 | MATCH 'no matches'
--- 
-2.21.0
-
diff --git a/snapd.spec b/snapd.spec
index ca549c1..16a7281 100644
--- a/snapd.spec
+++ b/snapd.spec
@@ -75,8 +75,8 @@
 %{!?_systemd_system_env_generator_dir: %global _systemd_system_env_generator_dir %{_prefix}/lib/systemd/system-environment-generators}
 
 Name:           snapd
-Version:        2.39.1
-Release:        2%{?dist}
+Version:        2.39.2
+Release:        1%{?dist}
 Summary:        A transactional software package manager
 License:        GPLv3
 URL:            https://%{provider_prefix}
@@ -87,9 +87,6 @@ Source1:        https://%{provider_prefix}/releases/download/%{version}/%{name}_
 Patch0001:      0001-cmd-use-libtool-for-the-internal-library.patch
 
 # Backports from upstream
-## Fix issues with domain transitions for mount namespaces (RH#1708991)
-## From: https://github.com/snapcore/snapd/commit/c123a2c5e5c943577641d23a73425690a5c6dc1a
-Patch0101:      0001-data-selinux-permit-init_t-to-remount-snappy_snap_t-.patch
 ## Fix issues running hooks and services from snaps with bases and classic snaps
 ## From: https://github.com/snapcore/snapd/commit/9a3286edb0b0a6391f7329d64be1e3f7d1e886ce
 Patch0102:      0001-data-selinux-allow-running-hooks-and-services-from-c.patch
@@ -826,11 +823,23 @@ fi
 
 
 %changelog
+* Fri Jun 14 2019 Neal Gompa <ngompa13@gmail.com> - 2.39.2-1
+- Release 2.39.2 to Fedora (RH#1717448)
+- Drop patch included in this release
+
 * Tue Jun 11 2019 Maciej Borzecki <maciek.borzecki@gmail.com> - 2.39.1-2
 - Fix SELinux policy to allow running hooks and services from snaps with bases
   and classic snaps
 - Bump SELinux policy version
 
+* Wed Jun 05 2019 Michael Vogt <mvo@ubuntu.com>
+- New upstream release 2.39.2
+ - debian: rework how we run autopkgtests
+ - interfaces/docker-support: add overlayfs accesses for ubuntu core
+ - data/selinux: permit init_t to remount snappy_snap_t
+ - strutil/shlex: fix ineffassign
+ - packaging: fix build-depends on powerpc
+
 * Tue Jun 04 2019 Neal Gompa <ngompa13@gmail.com> - 2.39.1-1
 - Release 2.39.1 to Fedora (RH#1715505)
 - Backport SELinux policy fixes for systemd unit mount namespacing (RH#1708991)
diff --git a/sources b/sources
index 2a09f66..eba6fca 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (snapd_2.39.1.no-vendor.tar.xz) = 3607cc064cc6ea8a11b847b6fa4afae5852310e28538390857b3bf56693b9ff3dc0807846c73f8e3cca0fd3ce75d95318f26ec0a17bf53437e13d117548742ce
-SHA512 (snapd_2.39.1.only-vendor.tar.xz) = af62f43c1765889672d73db17a01d8e29d02446fdae97fd8b7c6babd44364d297604485451855437b72f7f7282a95800cb8715c43c9c99a3e5f08449d15e7cd5
+SHA512 (snapd_2.39.2.no-vendor.tar.xz) = 5e29ce3dfe3d9b95328643bce28014bf49f1201f823be97a0715be4ad921385b3d3f67c4c1346bf06f716ac10ce6ee365671aad0bcd4c04000df4012209f3a7a
+SHA512 (snapd_2.39.2.only-vendor.tar.xz) = be527b64dd18c6ca68a78300a6d4bd3a2bbf55184fe19ee596b218a02d343944338820d532baf1069220b5f356d01c50ed5dbde979b852c3d83ce2665652e2c2