Package: lxc Version: 1:3.1.0+really3.0.3-7 Please do not hard depend on apparmor.
The other day I brought this matter on #debian-devel and also others agreed that it's not a good idea do hard depend on apparmor. Even the kernel, at most it recommends it. From the #d-d conversation: [03:27:59 PM] <peb> adding apparmor as a dependency was a suggestion from intrigeri, and I did not find any real reason to not do so [03:28:42 PM] <peb> kibi: lxc upon startup tries to load the forementioned profile and thus needs apparmor to enforce it [03:28:53 PM] <peb> so the alternative is to remove the config in default.conf [03:30:00 PM] <jcristau> wat [03:30:48 PM] <peb> jcristau: without apparmor, a container with the generated profile won't be able to start [03:30:58 PM] <peb> "generated" (it's the name of the profile) [03:31:16 PM] <jcristau> sounds like a silly design [03:31:24 PM] <peb> so if we don't drag apparmor, I need to comment out/remove the profile = generated in /etc/lxc/default.conf [03:31:36 PM] <peb> I'll do some tests [03:31:48 PM] <peb> but ack, the current situation is probably not the appropriate one for stable [03:31:56 PM] <peb> I'll find a way before asking for an unblock [03:31:57 PM] <jcristau> it should be able to confine containers if you have apparmor, and not if not. [03:32:17 PM] <peb> my previous tests shown otherwise, but maybe I missed something [03:32:47 PM] <peb> i'll redo some tests during the weekend I'm making this into a bug to ease tracking. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature