LXD mounts /sys/kernel/security as upstart and systemd won't let the
system boot if that's not mounted (and they can't mount it themselves).
LXD also doesn't differentiate Ubuntu 14.04 from Ubuntu 16.04, or any other
distro or release.
Instead we provide the exact same environment to every container, just like a
VM would. The users can define extra things on top of that, but the source
image that's used has no impact on that.
If something is directly loading profiles, bypassing apparmor's own check, then
it's either a problem in that software in the first place or a problem with the
apparmor tools which should match the init behavior and refuse to operate in
unsupported environments.
** Changed in: lxd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686612
Title:
Stacked profiles fail to reload in Trusty LXD containters
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1686612/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
