It actually seems like a bug in aa-status. Note that /sys/kernel/security/apparmor/profiles is not readable by non- root users on the host. Yet non-root users on the host do not see a python traceback when they run 'aa-status --enable'. This also suggests that a container should not provide read access to the file.
(Note that the traceback doesn't happen as root in an unprivileged container - there it quietly exits 4 just like for any unprivileged user) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1270784 Title: aa-status --enabled failed in LXC container with Permission denied: '/sys/kernel/security/apparmor/profiles' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1270784/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
