In the above regression we have lxd-ns0_</var/snap/lxd/common/lxd>//&:root//lxd-ns0_<var-snap-lxd- common-lxd>://unconfined
transitioning to lxd-ns0_</var/snap/lxd/common/lxd>//&:lxd-ns0_<var-snap-lxd-common- lxd>:/usr/sbin/nsd//&:root//lxd-ns0_<var-snap-lxd-common- lxd>:///usr/sbin/nsd this is not a strict subset of profiles, however the unconfined exception needs to be taken into account when nnp is set. There is a bug in the subset test, so that the unconfined exception is not being handled correctly. This affects all kernels, though to different degrees. kernels before the patch for bug 1839037 have this bug, but because of where the unconfined exception is tested (at the profile transition) it happens to work in this case. Other cases can be contrived where the transition will fail. Reverting the patch in bug 1839037 will fix the regression for this particular case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1844186 Title: [regression] NoNewPrivileges incompatible with Apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1844186/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
