** No longer affects: linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
Status in AppArmor Linux
I created an upstream patch and a pull request at
https://github.com/lxc/lxc/pull/393
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow
** Changed in: lxc (Ubuntu)
Status: Triaged = Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount
** Tags added: canonical-bootstack
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
Status in AppArmor Linux
Bumped priority for this bug as this is part of priority activity for
reference OpenStack deployments for the vivid cycle .
** Changed in: lxc (Ubuntu)
Importance: Medium = High
** Changed in: linux (Ubuntu)
Importance: Medium = High
** Tags added: landscape
--
You received this bug
I confirm that this works fine under systemd:
mount options=(rw, make-slave) - **,
Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to
Apparmor is recognizing make-slave', not slave. While apparmor will
be updated to accept 'slave' we should update the lxc policies to use
'make-slave' in the meantime.
Assigning this to Stéphane as he hasn't yet had a chance to show me the new
git-dpm packaging process :)
** Changed in: lxc
As a result of the slave versus make-slave revelation, I've created
two upstream AppArmor bugs. The first is for the AppArmor documentation
being wrong about the acceptable mount option strings (bug #1401619).
The second is for the AppArmor parser accepting unknown mount option
strings (bug
** Tags added: smoosh
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
Status in AppArmor Linux application
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
** Changed in: lxc (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
** Changed in: apparmor
Importance: Undecided = Medium
** Changed in: apparmor
Status: New = Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor:
Setting to incomplete for now. This either needs fixing in AppArmor
properly, or I at least need to get some hints how to change the current
rule to work with current AppArmor.
** Changed in: lxc (Ubuntu)
Status: Triaged = Incomplete
--
You received this bug notification because you are
affects: apparmor
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to
I tested this on trusty's 3.13.0-32, and the previous utopic 3.15.0-6,
same result. So it's not a regression apparently; although I tried
mount options=(rw, slave) - / some weeks ago and it appeared to work,
but apparently I did something weird back then which made it work, but I
can't remember
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = John Johansen (jjohansen)
** Changed in: linux (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Adding an LXC task; after we figure out how the rule needs to look
like/fixing the apparmor parser or linux bug, we need to adjust LXC's
apparmor policy. This was originally bug 1325468, but it's easier to
have it in one bug.
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status:
** Description changed:
When the file system is mounted as MS_SHARED by default (such as under
systemd, or when the admin configures it so), things like schroot or LXC
need to make their guest mounts private. This currently fails under
utopic:
$ sudo lxc-create -t busybox -n c1
$
17 matches
Mail list logo