Apparmor is MAC - in my opinion it's not valid to have a container guest
specify its own policy.
However, the container should be entering a domain which protects the
host from the container, and in which executing any programs do not
cause more domain transitions (unless specified by the container's
policy).
This is something I want to discuss at UDS and implement during the
precise cycle.
** Changed in: lxc (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: lxc (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/876968
Title:
host Apparmor rules are applied to guests in spite of guests loading
new rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/876968/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
