I just tested 5.21/stable and couldn't reproduce as it properly disable
the /proc/sys/kernel/apparmor_restrict_unprivileged_userns and
/proc/sys/kernel/apparmor_restrict_unprivileged_unconfined that would
otherwise have caused those denials.
Marking as incomplete until you can reproduce with
Please can you confirm if still an issue on lxd 5.21/stable as this is
the current supported version. Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2057927
Title:
I see a basically identical message (and dmesg apparmor output) with
"lxc profile edit default":
unshare: write failed /proc/self/uid_map: Operation not permitted
And the dmesg entry:
[ 194.625507] audit: type=1400 audit(1711709095.424:293):
apparmor="DENIED" operation="capable"
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
5 matches
Mail list logo