step forward, step back. Added a new apparmor profile, mirroring
`buildah` for all the `buildah-tools` (all the executables in
/usr/libexec/buildah
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi <abi/4.0>,
include <tunables/global>
profile buildah-tools /usr/libexec/buildah/* flags=(unconfined) {
userns,
@{exec_path} mr,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/buildah-tools>
}
This got past the apparmor issues with the unshare call. however, it hits
another permissions issue
# [copy docker://docker.io/library/ubuntu
dir:/home/ubuntu/pg/buildah-image-cache/docker.io-library-ubuntu-]
Error: mkdir /run/containers/storage: permission denied
Usage:
copy [flags] source destination
I'm going to double check docs -- as is, if tests are run with root,
it'll all work. However, I believe this is all _supposed_ to work as a
non-root user.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2136831
Title:
1.42.1+ds1-2 autopkgtest failures in resolute due to various apparmor
issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-containers-buildah/+bug/2136831/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
