Public bug reported:
Various users have reported hangs happening during network namespace
creation. This mostly manifests in issues while starting lxc containers,
and, when triggered, can be seen clearly by running `unshare -n` which
will simply hang forever. This has been happening randomly for
Can confirm that the patch seems to work on 4.15. No "denied"
"file_lock" log-spam when starting ArchLinux containers anymore, and
they seem to be behaving as expected again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
For completeness here's a minimal test case not requiring systemd:
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
network,
file,
unix,
}
# gcc this.c
# ./a.out
lock = 2
I suppose that would that be an ubuntu-specific patch for apparmor
userspace? I'm assuming the ABI tells userspace which features are
supported, unless this particular feature can be tested for some other
way? Would the patched userspace know not to use these features under
this ABI in a future
