lxc-docker-1.2.0 is the upstream package. docker.io is the Ubuntu package. This
should be fixed in the Ubuntu packaging in 1.2.0~dfsg1-1ubuntu1:
docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium
* debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
by in sync with LXC. Specifically this:
- reorganizes the rules to allow for easier comparison with other
container policy
- adds comments for many rules
- adds bare dbus rule
- adds ptrace rule to allow ptracing ourselves
- adds deny mount options=(ro, remount, silent) -> /
- allows hugetlbfs
- adds cgmanager mount
- adds /sys/fs/pstore mount
- more specific /sys/kernel/security mount options
- more specific /sys mount options
- more specific /proc/sys/kernel/* deny rules
- more specific /proc/sys/net deny rules
- more specific /sys/class deny rules
- more specific /sys/devices deny rules
- more specific /sys/fs deny rules
Specifically:
# Allow us to ptrace ourselves
ptrace peer=@{profile_name},
** Changed in: docker.io (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1320869
Title:
apparmor="DENIED" operation="ptrace" profile="docker-default"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
