AppArmor 2.7 is _very_ old - especially given the fact that the tools were rewritten in python for 2.9.
I just checked the perl code (which was used in 2.8.x and older) - it _sets_ the flags (instead of adding or removing them), so it's not surprising that attach_disconnected gets lost. (This is one of the fixes that went into the 2.9 during the rewrite to python.) If someone is interested to fix this - the code is in Immunix/AppArmor.pm, sub complain() and sub enforce(), which both call setprofileflags(). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1516037 Title: lxc-start fails with 1.1.5-0ubuntu1 Status in Canonical System Image: Confirmed Status in apparmor package in Ubuntu: Confirmed Status in lxc package in Ubuntu: Invalid Bug description: After upgrading to lxc 1.1.5-0ubuntu1, lxc-start fails like this: lxc-start: start.c: preserve_ns: 149 Permission denied - failed to open '/proc/7170/ns/mnt' lxc-start: start.c: lxc_spawn: 993 failed to store namespace references lxc-start: start.c: __lxc_start: 1192 failed to spawn 'trusty-lpdev' lxc-start: lxc_start.c: main: 344 The container failed to start. lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options. This is with a trusty system container. precise system containers behave similarly. I don't have others to try. Downgrading liblxc1, lxc, lxc-templates, and python3-lxc to version 1.1.4-0ubuntu3 causes lxc-start to work again. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1516037/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
