Been incomplete for years, closing.
** Changed in: lxc (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
juju-local LXC containers hang due
** Changed in: juju-core
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
juju-local LXC containers hang due to AppArmor denial of rpc_pipefs
Marking this bug as valid against lxc and invalid against juju-core
suggests that you think it is valid to have containers allow this mount
by default. Is that the case?
** Changed in: lxc (Ubuntu)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a
I do think it is fine for the mount be allowed.
By Invalid, I mean there is no change we can make to the juju-core code to
solve this issue. If there is work for the juju-core developers, then I will
change the status for juju-core to triages and get it scheduled to be fixed in
time for the
Sorry, I was asking Tyler for a position as a security team member. If he
doesn't know offhand then I'll go look at the implementation, but I'm not
familiar with it myself.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in
Hi Serge - I'm still wanting a little more information. I tried to
reproduce the bug myself and can't hit the AppArmor denial. I assume
that it must be specific to Charles' local trusty/wordpress charm.
Charles and/or Curtis, can you explain what change occurred in juju-core
that has caused the
Good point about debugfs.
I wonder if we should drop that. I find it hard to believe there are
container workloads which need that.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
wasn't debugfs allowed only because mountall required it?
I thought we allowed it and then had apparmor restrict where it can be
mounted and then block any actual access to it (as we've been doing with
any fs that's required by mountall).
--
You received this bug notification because you are a
Thank you, yes. We only allow it to be mounted under
/sys/fs/debugfs, and do not allow writes under that. phew.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
** Changed in: juju-core
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
juju-local LXC containers hang due to AppArmor denial of rpc_pipefs
mount with
Marking this bug as valid against lxc and invalid against juju-core
suggests that you think it is valid to have containers allow this mount
by default. Is that the case?
** Changed in: lxc (Ubuntu)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a
I do think it is fine for the mount be allowed.
By Invalid, I mean there is no change we can make to the juju-core code to
solve this issue. If there is work for the juju-core developers, then I will
change the status for juju-core to triages and get it scheduled to be fixed in
time for the
Sorry, I was asking Tyler for a position as a security team member. If he
doesn't know offhand then I'll go look at the implementation, but I'm not
familiar with it myself.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Serge - I'm still wanting a little more information. I tried to
reproduce the bug myself and can't hit the AppArmor denial. I assume
that it must be specific to Charles' local trusty/wordpress charm.
Charles and/or Curtis, can you explain what change occurred in juju-core
that has caused the
Good point about debugfs.
I wonder if we should drop that. I find it hard to believe there are
container workloads which need that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
wasn't debugfs allowed only because mountall required it?
I thought we allowed it and then had apparmor restrict where it can be
mounted and then block any actual access to it (as we've been doing with
any fs that's required by mountall).
--
You received this bug notification because you are a
Thank you, yes. We only allow it to be mounted under
/sys/fs/debugfs, and do not allow writes under that. phew.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
juju-local LXC
** Summary changed:
- juju-local LXC containers hang due to App Armor Denial of rpc_fsbind request
with local charms
+ juju-local LXC containers hang due to AppArmor denial of rpc_pipefs mount
with local charms
--
You received this bug notification because you are a member of Ubuntu
Server
** Summary changed:
- juju-local LXC containers hang due to App Armor Denial of rpc_fsbind request
with local charms
+ juju-local LXC containers hang due to AppArmor denial of rpc_pipefs mount
with local charms
--
You received this bug notification because you are a member of Ubuntu
Bugs,
19 matches
Mail list logo
