[Bug 1882894] Re: docker snap does not support custom apparmor profiles per container
Ian, docker:privileged allows it: 'change_profile unsafe /**,'. This is technically for transitioning to unconfined (since there isn't an 'unconfined' profile, we can't specify it in the policy), but it allows transitioning containers (and itself) to other profiles. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882894 Title: docker snap does not support custom apparmor profiles per container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1882894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882894] Re: docker snap does not support custom apparmor profiles per container
Jamie, I thought that the docker snap was not allowed to transition to an apparmor profile other than docker-default by design/policy? Has that policy changed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882894 Title: docker snap does not support custom apparmor profiles per container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1882894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882894] Re: docker snap does not support custom apparmor profiles per container
The docker snap should be updated to plugs 'process-control'. I'd prefer not to change the docker-support interface for this when process-control already handles it. ** Changed in: snapd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882894 Title: docker snap does not support custom apparmor profiles per container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1882894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882894] Re: docker snap does not support custom apparmor profiles per container
Removing the 'docker' task as that package is for a KDE component (the deb should be docker.io) and because this doesn't affect the deb. ** No longer affects: docker (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882894 Title: docker snap does not support custom apparmor profiles per container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1882894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882894] Re: docker snap does not support custom apparmor profiles per container
** Changed in: snapd (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882894 Title: docker snap does not support custom apparmor profiles per container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker/+bug/1882894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
