Just a nitpick on the patch comment:
+ # allow printing to stdout/stderr when inside a container
+ # (LP: #1667016)
+ /dev/pts/* rw,
This is allowing rw to /etc/pts/* in *all* cases, not just when inside a
container :)
** Package changed: apparmor (Ubuntu) => tcpdump (Ubuntu)
** Also
** Description changed:
+ [ Impact ]
+
+ Users that run tcpdump from an SSH session inside a container cannot
+ see the output because tcpdump tries to write to /dev/pts/, which is
+ not allowed by the AppArmor policy.
+
+ This upload fixes the bug by allowing read/write access to the devices
+
I agree that this issue is not a duplicate of Bug 1641236 and it can be
fixed by adding rw access to /dev/pts/*, which is not the case for the
other bug.
** This bug is no longer a duplicate of bug 1641236
Confined processes inside container cannot fully access host pty device
passed in by
*** This bug is a duplicate of bug 1641236 ***
https://bugs.launchpad.net/bugs/1641236
The duplicate status of this bug is still wrong.
A workaround has been provided at
https://github.com/lxc/lxd/issues/2930#issuecomment-1418752618
Inside the container:
### Ubuntu 18.04, 20.04
echo
*** This bug is a duplicate of bug 1641236 ***
https://bugs.launchpad.net/bugs/1641236
I believe this bug has been wrongly marked as a duplicate of #1641236.
I described in the second paragraph of the bug report why this is *not*
a duplicate.
#1641236 is when lxc exec passes an open pty from
*** This bug is a duplicate of bug 1641236 ***
https://bugs.launchpad.net/bugs/1641236
** This bug has been marked a duplicate of bug 1641236
Confined processes inside container cannot fully access host pty device
passed in by lxc exec
--
You received this bug notification because you
** Tags added: canonical-bootstack
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1667016
Title:
tcpdump in lxd container: apparmor blocks writing to stdout/stderr
Top-notch bug report :) Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1667016
Title:
tcpdump in lxd container: apparmor blocks writing to stdout/stderr
Status
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
9 matches
Mail list logo