In Cosmic /lib/systemd/system/apparmor.service pointed to "/etc/init.d/apparmor
start"
This had some code, but it was not triggered:
if [ -x /usr/bin/systemd-detect-virt ] && \
systemd-detect-virt --quiet --container && \
! is_container_with_internal_policy; then
log_daemon_msg "Not starting AppArmor in container"
log_end_msg 0
exit 0
The interesting bit here is /lib/apparmor/functions with the function
is_container_with_internal_policy
That essentially detected stacked namespaces in LXD and made it continue
to work.
In Disco this now uses /lib/apparmor/apparmor.systemd instead.
I still calls is_container_with_internal_policy which now is only slightly
different and stored in /lib/apparmor/rc.apparmor.functions
We need to track down why this now no more returns true ...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor no more starting in Disco LXD containers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1824812/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
