root@xxxxxxxxx:~# apparmor_parser -vd /etc/apparmor.d/lxc-containers
----- Debugging built structures -----
Name: lxc-container-default
Profile Mode: Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid
setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid
setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode: rwalkmx:rwalkmx Name: (/{**,})
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//kmem)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//mem)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/fs/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/*/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/[^s][^h][^m]*)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//sysrq-trigger)
link: (/**)
Mode: walkx:walkx Name: (/sys/[^f]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/f[^s]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/firmware/efi/efivars/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/[^c]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/c[^g]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/cg[^r]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/kernel/security/**)
link: (/**)
Name: lxc-container-default-with-mounting
Profile Mode: Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid
setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid
setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode: rwalkmx:rwalkmx Name: (/{**,})
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//kmem)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//mem)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/fs/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/*/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/[^s][^h][^m]*)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//sysrq-trigger)
link: (/**)
Mode: walkx:walkx Name: (/sys/[^f]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/f[^s]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/firmware/efi/efivars/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/[^c]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/c[^g]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/cg[^r]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/kernel/security/**)
link: (/**)
Name: lxc-container-default-with-nesting
Profile Mode: Enforce
Capabilities: chown dac_override dac_read_search fowner fsetid kill setgid
setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Quiet Caps: chown dac_override dac_read_search fowner fsetid kill setgid setuid
setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
audit_write audit_control setfcap mac_overridesyslog
Network: <all>
--- Entries ---
Mode: w: Name: (/proc/*/attr/{current,exec})
Mode: rwalkmx:rwalkmx Name: (/{**,})
link: (/**)
Mode: change_profile: Name: (lxc-*)
Mode: change_profile: Name: (unconfined)
Mode: rwalkx:rwalkx Name: (/proc//kmem)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//mem)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/fs/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/*/**)
link: (/**)
Mode: walkx:walkx Name: (/proc//sys/kernel/[^s][^h][^m]*)
link: (/**)
Mode: rwalkx:rwalkx Name: (/proc//sysrq-trigger)
link: (/**)
Mode: walkx:walkx Name: (/sys/[^f]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/f[^s]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/firmware/efi/efivars/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/[^c]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/c[^g]*/**)
link: (/**)
Mode: walkx:walkx Name: (/sys/fs/cg[^r]*/**)
link: (/**)
Mode: rwalkx:rwalkx Name: (/sys/kernel/security/**)
link: (/**)
root@xxxxxxxxxx:~# apparmor_parser -v /etc/apparmor.d/lxc-containers
Enocoding of mount rule failed
ERROR processing policydb rules for profile lxc-container-default, failed to
load
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1295774
Title:
ERROR processing policydb rules for profile lxc-container-default,
failed to load
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1295774/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
