For completeness here's a minimal test case not requiring systemd:
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
network,
file,
unix,
}
# gcc this.c
# ./a.out
lock = 2 (Success)
# aa-exec -p bug-profile ./a.out
lock = 2 (Permission denied)
kernel: audit: type=1400 audit(1530774919.510:93): apparmor="DENIED"
operation="file_lock" profile="bug-profile" pid=21788 comm="a.out"
family="unix" sock_type="dgram" protocol=0 addr=none
*/
#include
#include
#include
#include
#include
#include
int
main(int argc, char **argv)
{
int sp[2];
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sp) != 0) {
perror("socketpair");
exit(1);
}
int rc = flock(sp[0], LOCK_EX);
printf("lock = %i (%m)\n");
close(sp[0]);
close(sp[1]);
return 0;
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unpriv container
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
1. % lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
2. % apt-cache policy apparmor
apparmor:
Installed: 2.10.95-0ubuntu2
Candidate: 2.10.95-0ubuntu2
Version table:
*** 2.10.95-0ubuntu2 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
% apt-cache policy lxd
lxd:
Installed: 2.0.0-0ubuntu4
Candidate: 2.0.0-0ubuntu4
Version table:
*** 2.0.0-0ubuntu4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
3. lxc launch ubuntu-daily:xenial x1
lxc exec x1 /bin/bash
root@x1:~# hostnamectl status
Static hostname: x1
Icon name: computer-container
Chassis: container
Machine ID: 833b8548c7ce4118b4c9c5c3ae4f133d
Boot ID: 9d5fbb053cf7494589c0863a0a4cf0ca
Virtualization: lxc
Operating System: Ubuntu 16.04 LTS
Kernel: Linux 4.4.0-18-generic
Architecture: x86-64
4. hostnamectl status hangs indefinitely
On the host, there are some audit messages for each invocation of
hostnamectl
[411617.032274] audit: type=1400 audit(1461695563.731:100):
apparmor="DENIED" operation="file_lock" profile="lxd-
x1_" pid=17100 comm="(ostnamed)" family="unix"
sock_type="dgram" protocol=0 addr=none
It's related to socket activation. One can workaround this by running
systemd-hostnamed in the background first
root@x1:~# /lib/systemd/systemd-hostnamed &
[1] 2462
root@x1:~# hostnamectl status
Static hostname: x1
Icon name: computer-container
Chassis: container
Machine ID: 833b8548c7ce4118b4c9c5c3ae4f133d
Boot ID: 9d5fbb053cf7494589c0863a0a4cf0ca
Virtualization: lxc
Operating System: Ubuntu 16.04 LTS
Kernel: Linux 4.4.0-18-generic
Architecture: x86-64
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
Uname: Linux 4.4.0-18-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CurrentDesktop: GNOME-Flashback:GNOME
Date: Wed Apr 27 11:19:27 2016
InstallationDate: Installed on 2016-01-01 (117 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20151209)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.4.0-18-generic
root=UUID=e0b8b294-f364-4ef5-aa70-1916cdd37192 ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp