We are using bubblewrap containers in both "Ubuntu 24.04.1 LTS" and
"Ubuntu 24.04.3 LTS" with "unconfined userns".
"/etc/apparmor.s/bwrap" configuration (same on both servers):
---
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
include if exists <local/bwrap>
}
---
Software stacks:
1) Ubuntu 24.04.1 LTS
Linux 6.8.0-51-generic
apparmor 4.0.1really4.0.1-0ubuntu0.24.04.3
bubblewrap 0.9.0-1ubuntu0.1
cat
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
=> 1
=> bubblewrap containers start!
2) Ubuntu 24.04.3 LTS
Linux 6.8.0-83-generic
apparmor 4.0.1really4.0.1-0ubuntu0.24.04.4
bubblewrap 0.9.0-1ubuntu0.1 (same)
cat
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
=> yes
=> bubblewrap containers do not start.
I applied code change suggested in comment #7 => No more 'Illegal
number: yes' message - but still, bubblewrap containers fail to start.
What should I do until the proper fix (kernel?) is back ported to Noble?
Revert to older kernel like 6.8.0-51-generic?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2102680
Title:
Installation of AppArmor on a 6.14 kernel produces error message
"Illegal number: yes"
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2102680/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
