Package: lxc Version: 1:3.1.0+really3.0.3-7 Please do not hard depend on apparmor.
The other day I brought this matter on #debian-devel and also others
agreed that it's not a good idea do hard depend on apparmor.
Even the kernel, at most it recommends it.
From the #d-d conversation:
[03:27:59 PM] <peb> adding apparmor as a dependency was a suggestion from
intrigeri, and I did not find any real reason to not do so
[03:28:42 PM] <peb> kibi: lxc upon startup tries to load the forementioned
profile and thus needs apparmor to enforce it
[03:28:53 PM] <peb> so the alternative is to remove the config in default.conf
[03:30:00 PM] <jcristau> wat
[03:30:48 PM] <peb> jcristau: without apparmor, a container with the generated
profile won't be able to start
[03:30:58 PM] <peb> "generated" (it's the name of the profile)
[03:31:16 PM] <jcristau> sounds like a silly design
[03:31:24 PM] <peb> so if we don't drag apparmor, I need to comment out/remove
the profile = generated in /etc/lxc/default.conf
[03:31:36 PM] <peb> I'll do some tests
[03:31:48 PM] <peb> but ack, the current situation is probably not the
appropriate one for stable
[03:31:56 PM] <peb> I'll find a way before asking for an unblock
[03:31:57 PM] <jcristau> it should be able to confine containers if you have
apparmor, and not if not.
[03:32:17 PM] <peb> my previous tests shown otherwise, but maybe I missed
something
[03:32:47 PM] <peb> i'll redo some tests during the weekend
I'm making this into a bug to ease tracking.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
