[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

AppArmor enabled in http://anonscm.debian.org/cgit/pkg- systemd/systemd.git/commit/?h=ubuntuid=026526 (note that manually specifying the binary libapparmor1 dependency is not necessary and should not be done -- dh_shlibdeps will do that in a better way). I also added an autopkgtest to reproduce

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

This bug was fixed in the package systemd - 215-6ubuntu2 --- systemd (215-6ubuntu2) vivid; urgency=medium [ Martin Pitt ] * Merge fixes from Debian master. * Put user slices into all cgroup controllers. This makes unprivileged user LXC containers work under systemd. (LP:

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

Thanks! I added this locally to my tree and confirm that this works. I want to write a corresponding autopkgtest for this which tries an apparmor violation and ensures that this actually fails (but not without confinement). -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

systemd in vivid isn't compiled with apparmor support: AppArmor:no -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1396270 Title: specifying

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

Here is a debdiff to turn on AppArmor support, which appears to have solved the issue. ** Patch added: systemd_215-6ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1396270/+attachment/4268304/+files/systemd_215-6ubuntu2.debdiff -- You received this bug notification

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

It looks like systemd isn't compiled with apparmor support. mdeslaur gave me a debdiff to add the necessary bits to debian/control to make this work. I verified that the test case results in the service running under the 'test-service' label. -- You received this bug notification because you are

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1396270 Title: specifying AppArmorProfile doesn't result in processes launched under the named

[Touch-packages] [Bug 1396270] Re: specifying AppArmorProfile doesn't result in processes launched under the named profile

** Changed in: systemd (Ubuntu) Status: New = In Progress ** Changed in: systemd (Ubuntu) Milestone: None = ubuntu-14.11 ** Changed in: systemd (Ubuntu) Assignee: (unassigned) = Martin Pitt (pitti) -- You received this bug notification because you are a member of Ubuntu Touch