[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

This bug was fixed in the package lxc - 0.9.0-0ubuntu3.5 --- lxc (0.9.0-0ubuntu3.5) raring-proposed; urgency=low * 0014-lxc-apparmor-null-terminate-buffer: make sure a value we fread is null-terminated (LP: #1215386) * 0015-fix-ipv6-pton: call inet_pton on the value without

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Just to confirm, the bug wrt the apparmor profile is indeed fixed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1215386 Title: lxc-start tries to change apparmor profile to

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

You are correct, the error I'm seeing comes from the fact that I have this line on the container's fstab: proc /var/lib/lxc/test/rootfs/proc proc ro,nodev,noexec,nosuid 0 0 That is, I was trying to mount /proc as read-only in the container. This works for me in 12.04 but not in 13.04. -- You

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

I tried it with /etc/apparmor.d/usr.bin.lxc-start both enabled and disabled, and also with and without lxc.aa_profile = unconfined in the configuration file and all tests worked fine in the four possible combinations of those settings. -- You received this bug notification because you are a

Re: [Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Quoting Andre Nathan (an...@digirati.com.br): You are correct, the error I'm seeing comes from the fact that I have this line on the container's fstab: proc /var/lib/lxc/test/rootfs/proc proc ro,nodev,noexec,nosuid 0 0 That is, I was trying to mount /proc as read-only in the container.

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1215386 Title: lxc-start tries to change apparmor profile to

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

** Branch linked: lp:ubuntu/lxc -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1215386 Title: lxc-start tries to change apparmor profile to unconfined To manage notifications about

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Hi The issue is still not fixed with the patch. While there's no more garbage in the buffer that stores the apparmor profile read from /proc, that data is still terminated by a \n, (ie., the profile is returned as, eg. unconfined\n instead of unconfined). This causes comparisons with the

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Hi Andre, the test case in the bug description is passing for me. Can you please tell me exactly what you do to reproduce this, if possible starting from a clean install? Based on your comment I thought it might be that you had disabled /etc/apparmor.d/usr.bin.lxc-start, but even doing that I'm

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

** Also affects: lxc (Ubuntu Raring) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu Raring) Status: New = Triaged ** Changed in: lxc (Ubuntu Raring) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

** Description changed: + === + SRU information + 1. Impact: failure to start unconfined containers. + 2. Development fix: make sure that the buffer into which we read the current container is \0-terminated + 3. Stable fix: same as development fix + 4. Test case: + sudo

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Hello Andre, or anyone else affected, Accepted lxc into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.9.0-0ubuntu3.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

This bug was fixed in the package lxc - 0.9.0-0ubuntu23 --- lxc (0.9.0-0ubuntu23) saucy; urgency=low * 0014-lxc-apparmor-null-terminate-buffer: make sure a value we fread is null-terminated (LP: #1215386) * 0015-fix-ipv6-pton: call inet_pton on the value without the netmask.

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

** Changed in: lxc (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1215386 Title: lxc-start tries to change apparmor profile to unconfined To

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Thanks for reporting this bug. Unfortunately it is rather hard to artificially reproduce as it requires just the right conditions on the stack. That'll make SRU justification harder, but I'll go ahead and push a proposal as it's important. -- You received this bug notification because you are

[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1215386