Adding set -x and calling this directly: Cosmic: . /lib/apparmor/functions is_container_with_internal_policy + local ns_stacked_path=/sys/kernel/security/apparmor/.ns_stacked + local ns_name_path=/sys/kernel/security/apparmor/.ns_name + local ns_stacked + local ns_name + '[' -f /sys/kernel/security/apparmor/.ns_stacked ']' + '[' -f /sys/kernel/security/apparmor/.ns_name ']' + read -r ns_stacked + '[' yes '!=' yes ']' + read -r ns_name + '[' 'c-testapparmor_<var-snap-lxd-common-lxd>' = 'lxd-c-testapparmor_<var-snap-lxd-common-lxd>' ']' + return 0
Disco: . /lib/apparmor/rc.apparmor.functions is_container_with_internal_policy + local ns_stacked_path=/.ns_stacked + local ns_name_path=/.ns_name + local ns_stacked + local ns_name + '[' -f /.ns_stacked ']' + return 1 Ok, in my case the ENV var that is now used is not set. $ export SFS_MOUNTPOINT=/sys/kernel/security/apparmor/ $ is_container_with_internal_policy + is_container_with_internal_policy + set -x + local ns_stacked_path=/sys/kernel/security/apparmor//.ns_stacked + local ns_name_path=/sys/kernel/security/apparmor//.ns_name + local ns_stacked + local ns_name + '[' -f /sys/kernel/security/apparmor//.ns_stacked ']' + '[' -f /sys/kernel/security/apparmor//.ns_name ']' + read -r ns_stacked + '[' yes '!=' yes ']' + read -r ns_name + '[' 'd-testapparmor_<var-snap-lxd-common-lxd>' = 'lxd-d-testapparmor_<var-snap-lxd-common-lxd>' ']' + return 0 Now it works, could it be that in the init script context this isn't set either? Yep that is it: If I patch in the path it works again # patch /lib/apparmor/rc.apparmor.functions to have SFS_MOUNTPOINT=/sys/kernel/security/apparmor/ $ systemctl restart apparmor $ aa-status # lists all profiles again -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824812 Title: apparmor no more starting in Disco LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1824812/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
