Quoting Andre Nathan ([email protected]): > You are correct, the error I'm seeing comes from the fact that I have > this line on the container's fstab: > > proc /var/lib/lxc/test/rootfs/proc proc ro,nodev,noexec,nosuid 0 0 > > That is, I was trying to mount /proc as read-only in the container. This > works for me in 12.04 but not in 13.04.
Thank you - to make sure I understand, do you also have /etc/apparmor.d/usr.bin.lxc-start disabled? If you do, then when the container starts it is already undefined, then lxc is supposed to detect that it is already unconfined and not transition at all. But if you have the lxc-start profile still enabled, then the container is started while in the lxc-start profile, and a transition is required (requiring read-write proc). So if it is failing for you with /etc/apparmor.d/usr.bin.lxc-start disabled, then let's open a new bug for that and I'll fix that in a separate SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1215386 Title: lxc-start tries to change apparmor profile to unconfined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1215386/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
