** Tags added: kernel-da-key
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371310
Title:
docker.io doesn't work with 3.0 RC1 kernel
Status in “apparmor” package in
This is being caused by a bug fix in apparmor that places tighter
requirements on the use of change_onexec from a multi-threaded
application.
How to best resolve this issue on the apparmor side is being
investigated. It is very likely that docker is not using the
change_profile api correctly, and
After discussing on IRC, we will revert the patch enabling stricter
requirements to restore previous behavior while we investigate the best
approach to resolve the issue properly.
** Changed in: linux (Ubuntu)
Status: Confirmed = Triaged
** Changed in: apparmor (Ubuntu)
Status: New
Oh can we also test against the distro kernel that the RC1 patches are
based on to ensure that there aren't other changes in play
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
a failure in change_profile from unconfined is NOT expected to log a
message.
Can you please verify that the target profile is loaded. The only
reason apparmor rejects change_profile for unconfined is that the
profile could not be found.
--
You received this bug notification because you are a
Installing auditd does not help.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371310
Title:
docker.io doesn't work with 3.0 RC1 kernel
Status in “apparmor” package
The target profile is loaded:
$ sudo aa-status|grep docker
docker-default
I tried this on the 3.16.0-9.14 and 3.16.0-16.22 distro kernels. The 'docker
run' command succeeds. If I do this:
$ sudo docker run -i -t ubuntu:trusty /bin/sh
I can verify the container is launched under confinement
Adding the following to /etc/apparmor.d/docker does not help:
audit unix,
audit signal,
audit ptrace,
change_profile - *,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Changed in: apparmor (Ubuntu)
Importance: Undecided = High
** Changed in: linux (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
9 matches
Mail list logo