Hi Christian - thanks for the clearly written bug report. AppArmor
profiles should not be loaded inside of Trusty containers. As you
mentioned, we are simply calling running-in-container from the apparmor
init script and not loading profiles if true.
The bug is either in libvirt-bin's postinst (it should call running-in-
container and skip the profile load after installation if true) or,
arguably, in LXD for mounting apparmorfs inside of the container in the
first place. AppArmorfs probably shouldn't be writable (or even
mounted?) inside of a 14.04 container. I am leaning towards LXD being
the proper place to fix this bug as more than just libvirt's AppArmor
profiles are being incorrectly loaded. Bug #1640868 is another example.
** Also affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Also affects: lxd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
** Changed in: apparmor (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686612
Title:
Stacked profiles fail to reload in Trusty LXD containters
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1686612/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
