The debdiff I've put together for oracular updates the patch to be a bit
more general and cover all the signals I've seen so far in testing. (As
well as dropping the other patch that has been incorporated upstream).
# Allow certain signals from OCI runtimes (podman, runc and crun)
signal (receive) set=(int, quit, kill, term)
peer={/usr/bin/,/usr/sbin/,}runc,
signal (receive) set=(int, quit, kill, term)
peer={/usr/bin/,/usr/sbin/,}crun,
signal (receive) set=(int, quit, kill, term)
peer={/usr/bin/,/usr/sbin/,}podman,
Upstream have said they have no apparmor experience, so I suspect they
will take a PR. See https://github.com/containers/common/issues/1898
** Bug watch added: github.com/containers/common/issues #1898
https://github.com/containers/common/issues/1898
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2040483
Title:
AppArmor denies crun sending signals to containers (stop, kill)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-containers-common/+bug/2040483/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
