This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.5~14.04.1
---
apparmor (2.10.95-0ubuntu2.5~14.04.1) trusty; urgency=medium
* Bring apparmor 2.10.95-0ubuntu2.5, from Ubuntu 16.04, to Ubuntu 14.04.
- This allows for proper snap confinement on Ubuntu 14.04 when using
This bug will not be fixed in 14.04, meaning that AppArmor policy will
not be loaded inside of 14.04 LXD containers and snaps will not work
inside of 14.04 LXD containers. 16.04 LXD containers should be used in
such use cases.
** Changed in: apparmor (Ubuntu Trusty)
Status: Incomplete =>
On 11/12/2016 12:36 PM, Steve Langasek wrote:
>> IMPORTANT: There is a known regression that may be seen by
>> users of `lxc exec`. See bug #1641243 for details.
>
> I don't see any mention of an lxc exec regression in bug #1641243.
> Please explain here what the known regression is, and why this
> IMPORTANT: There is a known regression that may be seen by
> users of `lxc exec`. See bug #1641243 for details.
I don't see any mention of an lxc exec regression in bug #1641243.
Please explain here what the known regression is, and why this is
thought to be acceptable in an SRU.
Please also
** Description changed:
+ =apparmor and upstart 14.04 SRU=
+ [Impact]
+ A recent 16.04 kernel (4.4.0-46.67) and the lxd
(2.0.5-0ubuntu1~ubuntu16.04.1) allows us to enable stacked/namespaced AppArmor
policy for 14.04 lxd containers. This means that the container can have an
overall confinement
** Also affects: apparmor (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: apparmor (Ubuntu Trusty)
Status: New => In Progress
** Changed in: apparmor (Ubuntu Trusty)
Assignee:
This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.5
---
apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium
* debian/lib/apparmor/functions, debian/apparmor.init,
debian/apparmor.service, debian/apparmor.upstart,
debian/lib/apparmor/profile-load: Adjust the
** Description changed:
[Impact]
The kernel in xenial-proposed (4.4.0-46.67) and the lxd that has recently
migrated from xenial-proposed (2.0.5-0ubuntu1~ubuntu16.04.1) allows us to
enable stacked/namespaced AppArmor policy for lxd containers. This means that
the container can have an
I've completed the AppArmor test plan:
https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
I've also manually verified the AppArmor portion of this SRU.
** Description changed:
+ [Impact]
+ The kernel in xenial-proposed (4.4.0-46.67) and the lxd that has recently
migrated from
Hello Stéphane, or anyone else affected,
Accepted apparmor into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.5 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package apparmor - 2.10.95-4ubuntu5
---
apparmor (2.10.95-4ubuntu5) yakkety; urgency=medium
* debian/lib/apparmor/functions, debian/apparmor.init,
debian/apparmor.service, debian/apparmor.upstart,
debian/lib/apparmor/profile-load: Adjust the checks
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628285
Title:
apparmor should be allowed to start in containers
To
** Branch linked: lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628285
Title:
apparmor should be allowed to start in containers
To manage
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
You can check for "lxd-*" or "lxc-*", that should catch anything we do
with LXC or LXD.
** Changed in: apparmor (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I'm willing to update the apparmor init script to fix this bug. What
pattern should I check for when examining ns_name to decide if it is an
LXC container?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
slight revision
/sys/kernel/security/apparmor/features/domain/ns_stacked contains
yes/no if stacked across policy namespace
/sys/kernel/security/apparmor/features/domain/ns_name contains the
name of the namespace
as long as lxc sets up a detectable namespace ns_name can be used to
17 matches
Mail list logo
