The LXC container on touch has always been lxc.aa_profile=unconfined so whether apparmor is ready or not shouldn't matter since it's configured not to use it.
If we did want apparmor to protect the container, then we'd indeed have a race at the moment, but since we don't, I'm pretty confused as to how you ended up with the reject. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1227937 Title: lxc-start is unconfined but has a profile defined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227937/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
