** Changed in: apparmor (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
contai
** Tags added: aa-feature
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications about this bu
Any chance this will be fixed in saucy?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications
Confirmed fixed in 3.13.0-2-generic, where in 3.13.0-1-generic it was
still failing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from work
Quoting Iain Lane (i...@orangesquash.org.uk):
> On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
> > Quoting Iain Lane (i...@orangesquash.org.uk):
> > > I get this (newly?) when trying to update within sbuild within lxc
> > >
> > > [ 1927.282880] type=1400 audit(1383816970.374:86): ap
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
> Quoting Iain Lane (i...@orangesquash.org.uk):
> > I get this (newly?) when trying to update within sbuild within lxc
> >
> > [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED"
> > operation="getattr" info="Failed nam
Quoting Iain Lane (i...@orangesquash.org.uk):
> I get this (newly?) when trying to update within sbuild within lxc
>
> [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED"
> operation="getattr" info="Failed name lookup - deleted entry" error=-2
> parent=11717 profile="/usr/bin/lxc-
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED"
operation="getattr" info="Failed name lookup - deleted entry" error=-2
parent=11717 profile="/usr/bin/lxc-start" name="/var/lib/schroot/mount
/trusty-amd64-c7aa6e
Francesco,
The DENIED message doesn't look right. It says your containern is
running in the lxc-start pfofile? it should have transitioned to a
container profile when /sbin/init was executed.
I think it is worth opening a new bug about your issue, so we can make
sure there isn't more going on.
Serge,
see comments on bug 970647, there is some progress but I have not found
a specific bug affecting logging of this case. The larger fix which is
the extended labeling, is in progress and will enter into the apparmor-
dev ppa soon for testing.
--
You received this bug notification because yo
Francesco,
The mediate_deleted flag should fix the rejection shown in comment #12
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from workin
I'm sorry if this is not the place to report this, but running localedef
into a lxc ubuntu container it's affecting quantal right now.
The log line is
[26775.302073] type=1400 audit(1353478924.553:73): apparmor="DENIED"
operation="chmod" info="Failed name lookup - deleted entry" error=-2
parent=
Based on the duplicates, I'm not sure the workaround is working as well
as we'd hoped.
John, what are the prospects of bug 970647? How complicated is the fix
for it?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
Marking the apparmor task as Won't Fix since the lxc work around is in
place. If we pursue this in SRU, it will be through bug #970647.
** Changed in: apparmor (Ubuntu Precise)
Importance: Critical => Undecided
** Changed in: apparmor (Ubuntu Precise)
Status: Confirmed => Won't Fix
**
** Tags added: rls-mgr-p-tracking
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications about
** Branch linked: lp:ubuntu/lxc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications about t
This bug was fixed in the package lxc - 0.7.5-3ubuntu49
---
lxc (0.7.5-3ubuntu49) precise; urgency=low
* debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299)
-- Serge HallynMon, 02 Apr 2012 09:38:21 -0500
** Changed in: lxc (Ubuntu Precise)
Status: New =>
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
@JP
great! Thanks for that. I'll add that for now as a workaround.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
cont
This does indeed seem to be the problem. The current labeling done by
apparmor is not enough to avoid needing the mediate_deleted flag on the
lxc profiles. Adding the flag will force apparmor to do a name lookup
for entries that have been deleted (the name can be reliably be
reconstructed), inste
Friend of mine solved this, asked me if I can post it, so here goes:
/etc/apparmor.d/lxc/lxc-default profile needs 'flags=(mediate_deleted)'
appended to it, and the problem should go away. Documentation reference
for this is at http://wiki.apparmor.net/index.php/FAQ
#Failed_name_lookup_-_deleted_e
While I haven't tried this yet, my initial thought when seeing it works
in complain mode, but there are no messages is that this is something
that is being specifically denied in the profile.
to confirm this we need to disable quieting of explicitly denied
messages, we can do this as root with
ec
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
ap
Interestingly when I ser the lxc-container-default profile to complain:
sudo aa-complain /etc/apparmor.d/lxc/lxc-default
I no longer get the issue in the lxc instance - however neither do I get
any complaints.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Reason for critical is that it's making random commands in container fail.
We've already got a few bug reports against udev, postgresql, ... all caused by
that issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
** Attachment added: "lxc-upgrader01"
https://bugs.launchpad.net/bugs/969299/+attachment/2968319/+files/lxc-upgrader01
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Critical
** Also affects: apparmor (Ubuntu Precise)
Importance: Critical
Status: New
** Changed in: ap
26 matches
Mail list logo