Tests results on Bionic: Bionic/4.15:
$ uname -a Linux c2d.mgmt.sdeziel.info 4.15.0-64-generic #73+lp1844186 SMP Thu Sep 26 15:17:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux *result*: works! Bionic/5.0: $ uname -a Linux c2d.mgmt.sdeziel.info 5.0.0-8-generic #9+lp1844186 SMP Thu Sep 26 15:03:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux *result*: doesn't work/couldn't test properly. That kernel doesn't let me load an Apparmor policy in the container: root@ns0:~# aa-status apparmor module is loaded. You do not have enough privilege to read the profile set. Maybe it's just too old or the kernel isn't compatible with the Apparmor version from Bionic? The binary/service starts fine with NoNewPrivileges=yes but there is no Apparmor policy loaded in the container, only in the host. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1844186 Title: [regression] NoNewPrivileges incompatible with Apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1844186/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
