FYI I'm able to successfully drive netns inside LXC, manually then also
via openstack neutron-gateways, via this crafted aa profile:
/etc/apparmor.d/lxc/lxc-default-with-netns -
https://gist.github.com/jjo/ff32b08e48e4a52bfc36
--
You received this bug notification because you are a member of
FYI I'm able to successfully drive netns inside LXC, manually then also
via openstack neutron-gateways, via this crafted aa profile:
/etc/apparmor.d/lxc/lxc-default-with-netns -
https://gist.github.com/jjo/ff32b08e48e4a52bfc36
--
You received this bug notification because you are a member of
Yup, it does - as stgraber mentioned on irc, this will be included in
1.0.8
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a
Yup, it does - as stgraber mentioned on irc, this will be included in
1.0.8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
Hi Serge, Martin,
As Serge mentioned in #4, this bug will cause breakage if using both ip
netns and lxc. As I'm sure you're aware, the OpenStack neutron/quantum
gateway makes heavy use of the ip netns feature, and it's valid to
have LXC containers on the server hosting tje quantum gateway.
Given
Hi Serge, Martin,
As Serge mentioned in #4, this bug will cause breakage if using both ip
netns and lxc. As I'm sure you're aware, the OpenStack neutron/quantum
gateway makes heavy use of the ip netns feature, and it's valid to
have LXC containers on the server hosting tje quantum gateway.
Given
This fix is contained in the latest lxc in vivid now.
** Changed in: lxc (Ubuntu)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor:
This fix is contained in the latest lxc in vivid now.
** Changed in: lxc (Ubuntu)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
** No longer affects: linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications
** No longer affects: linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications about this bug
I created an upstream patch and a pull request at
https://github.com/lxc/lxc/pull/393
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount
I created an upstream patch and a pull request at
https://github.com/lxc/lxc/pull/393
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow
** Changed in: lxc (Ubuntu)
Status: Triaged = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount
** Changed in: lxc (Ubuntu)
Status: Triaged = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage
** Tags added: canonical-bootstack
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications
** Tags added: canonical-bootstack
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications about this bug go
Bumped priority for this bug as this is part of priority activity for
reference OpenStack deployments for the vivid cycle .
** Changed in: lxc (Ubuntu)
Importance: Medium = High
** Changed in: linux (Ubuntu)
Importance: Medium = High
** Tags added: landscape
--
You received this bug
I confirm that this works fine under systemd:
mount options=(rw, make-slave) - **,
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule
Bumped priority for this bug as this is part of priority activity for
reference OpenStack deployments for the vivid cycle .
** Changed in: lxc (Ubuntu)
Importance: Medium = High
** Changed in: linux (Ubuntu)
Importance: Medium = High
** Tags added: landscape
--
You received this bug
I confirm that this works fine under systemd:
mount options=(rw, make-slave) - **,
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making
Apparmor is recognizing make-slave', not slave. While apparmor will
be updated to accept 'slave' we should update the lxc policies to use
'make-slave' in the meantime.
Assigning this to Stéphane as he hasn't yet had a chance to show me the new
git-dpm packaging process :)
** Changed in: lxc
As a result of the slave versus make-slave revelation, I've created
two upstream AppArmor bugs. The first is for the AppArmor documentation
being wrong about the acceptable mount option strings (bug #1401619).
The second is for the AppArmor parser accepting unknown mount option
strings (bug
** Tags added: smoosh
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications about this bug go
Apparmor is recognizing make-slave', not slave. While apparmor will
be updated to accept 'slave' we should update the lxc policies to use
'make-slave' in the meantime.
Assigning this to Stéphane as he hasn't yet had a chance to show me the new
git-dpm packaging process :)
** Changed in: lxc
As a result of the slave versus make-slave revelation, I've created
two upstream AppArmor bugs. The first is for the AppArmor documentation
being wrong about the acceptable mount option strings (bug #1401619).
The second is for the AppArmor parser accepting unknown mount option
strings (bug
** Tags added: smoosh
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a mount private
To manage notifications about this bug go to:
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
** Changed in: lxc (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
** Changed in: lxc (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor:
** Changed in: apparmor
Importance: Undecided = Medium
** Changed in: apparmor
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
** Changed in: apparmor
Importance: Undecided = Medium
** Changed in: apparmor
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working
Setting to incomplete for now. This either needs fixing in AppArmor
properly, or I at least need to get some hints how to change the current
rule to work with current AppArmor.
** Changed in: lxc (Ubuntu)
Status: Triaged = Incomplete
--
You received this bug notification because you are
affects: apparmor
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to
Setting to incomplete for now. This either needs fixing in AppArmor
properly, or I at least need to get some hints how to change the current
rule to work with current AppArmor.
** Changed in: lxc (Ubuntu)
Status: Triaged = Incomplete
--
You received this bug notification because you are
affects: apparmor
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working rule to allow making a
Note this is more important than leaking a few mounts - it will also cause
breakage if using both ip netns and lxc.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
Note this is more important than leaking a few mounts - it will also cause
breakage if using both ip netns and lxc.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350947
Title:
apparmor: no working
Adding an LXC task; after we figure out how the rule needs to look
like/fixing the apparmor parser or linux bug, we need to adjust LXC's
apparmor policy. This was originally bug 1325468, but it's easier to
have it in one bug.
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status:
** Description changed:
When the file system is mounted as MS_SHARED by default (such as under
systemd, or when the admin configures it so), things like schroot or LXC
need to make their guest mounts private. This currently fails under
utopic:
$ sudo lxc-create -t busybox -n c1
$
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = John Johansen (jjohansen)
** Changed in: linux (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I tested this on trusty's 3.13.0-32, and the previous utopic 3.15.0-6,
same result. So it's not a regression apparently; although I tried
mount options=(rw, slave) - / some weeks ago and it appeared to work,
but apparently I did something weird back then which made it work, but I
can't remember
Adding an LXC task; after we figure out how the rule needs to look
like/fixing the apparmor parser or linux bug, we need to adjust LXC's
apparmor policy. This was originally bug 1325468, but it's easier to
have it in one bug.
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status:
** Description changed:
When the file system is mounted as MS_SHARED by default (such as under
systemd, or when the admin configures it so), things like schroot or LXC
need to make their guest mounts private. This currently fails under
utopic:
$ sudo lxc-create -t busybox -n c1
$
42 matches
Mail list logo