For both of these cases, if you look in /var/log/messages you can see
that AppArmor is rejecting access to
/rofs/lib/tls/i686/cmov/libc-2.6.1.so
A simple fix is to update the profiles to use
{/rofs,/cow,}/lib/tls/i686/cmov/*.so
AppArmor can block access to stacked filesystem paths depending on how the
stacked fs is implemented.
The quickest solution at the moment is to modify the profiles, so that
permissions are given for the given prefix.
I would probably setup a variable in global
@{LIB}={/ros,/cow,}/lib
and modify profiles to use the variable.
@{LIB}/tls/i686/cmov/*.so
The other possible solution I can suggest is further modification of the
unionfs patch for unionfs 2.x under AppArmor 2.1 code base. It is possible to
further patch unionfs so that it passes the lower filesystem requests so that
AppArmor doesn't mediate them. This would get rid of the need to update
profiles as suggested above.
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
