In the initial bug report against LXD, S. Graber suggests that maybe "The apparmor dnsmasq profile should only apply to the system wide daemon (/etc/init.d/dnsmasq) and not to other daemons".
Not sure what to think about it... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1566944 Title: dnsmasq profile prevents LDX container to launch Status in apparmor package in Ubuntu: New Bug description: LXD 2.0 has dropped lxcbr0 for lxdbr0 as its default bridge configuration. Since then, having usr.sbin.dnsmasq profile in enforce mode will prevent LXD containers to launch: Apr 6 12:55:06 franck-ThinkPad-T430s kernel: [ 7029.101587] audit: type=1400 audit(1459940106.552:107): apparmor="DENIED" operation="mknod" profile="/usr/sbin/dnsmasq" name="/var/lib/lxd-bridge/dnsmasq.lxdbr0.leases" pid=22292 comm="dnsmasq" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Apr 6 12:55:06 franck-ThinkPad-T430s lxd-bridge.start[22255]: dnsmasq: ne peut ouvrir ou créer le fichiers de baux /var/lib/lxd-bridge//dnsmasq.lxdbr0.leases : Permission non accordée Of course, switching to complain mode works the problem around, but maybe allowing write to /var/lib/lxd-bridge/ would be a good idea (disclaimer: I'm not a security expert). ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apparmor-profiles 2.10-3ubuntu2 ProcVersionSignature: Ubuntu 4.4.0-17.33-generic 4.4.6 Uname: Linux 4.4.0-17-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20.1-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed Apr 6 17:34:12 2016 InstallationDate: Installed on 2015-10-04 (185 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002) PackageArchitecture: all ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-17-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet splash vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.apparmor.d.bin.ping: [modified] modified.conffile..etc.apparmor.d.sbin.klogd: [modified] modified.conffile..etc.apparmor.d.sbin.syslog.ng: [modified] modified.conffile..etc.apparmor.d.sbin.syslogd: [modified] modified.conffile..etc.apparmor.d.usr.bin.chromium.browser: [modified] modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified] modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified] modified.conffile..etc.apparmor.d.usr.sbin.dovecot: [modified] modified.conffile..etc.apparmor.d.usr.sbin.identd: [modified] modified.conffile..etc.apparmor.d.usr.sbin.mdnsd: [modified] modified.conffile..etc.apparmor.d.usr.sbin.nmbd: [modified] modified.conffile..etc.apparmor.d.usr.sbin.nscd: [modified] modified.conffile..etc.apparmor.d.usr.sbin.smbd: [modified] modified.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd: [modified] mtime.conffile..etc.apparmor.d.bin.ping: 2015-10-05T12:02:58.049761 mtime.conffile..etc.apparmor.d.sbin.klogd: 2015-10-05T12:04:03.854535 mtime.conffile..etc.apparmor.d.sbin.syslog.ng: 2015-10-05T12:03:21.918041 mtime.conffile..etc.apparmor.d.sbin.syslogd: 2015-10-05T12:03:15.705968 mtime.conffile..etc.apparmor.d.usr.bin.chromium.browser: 2015-10-05T12:02:05.273141 mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2015-10-05T11:59:18.903198 mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2016-04-06T17:25:47.252257 mtime.conffile..etc.apparmor.d.usr.sbin.dovecot: 2015-10-05T12:00:55.356323 mtime.conffile..etc.apparmor.d.usr.sbin.identd: 2015-10-05T12:01:02.204403 mtime.conffile..etc.apparmor.d.usr.sbin.mdnsd: 2015-10-05T12:02:37.861523 mtime.conffile..etc.apparmor.d.usr.sbin.nmbd: 2015-10-05T12:00:10.119794 mtime.conffile..etc.apparmor.d.usr.sbin.nscd: 2015-10-05T12:00:17.355879 mtime.conffile..etc.apparmor.d.usr.sbin.smbd: 2015-10-05T12:00:26.103981 mtime.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd: 2015-10-05T12:00:35.504091 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1566944/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
