AppArmor has seen some improvements here since last report. There is an ability to create nesting, as long as the user namespace and policy namespace move in lockstep. This is not done on automatically atm, so it is up to the container manager to do.
There is also movement on the LSM hook front. I user namespace hook exists, and is in use. And broader namespacing hooks have been proposed https://lore.kernel.org/all/[email protected]/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652101 Title: Can't create nested AppArmor namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1652101/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
