The LXC container on touch has always been lxc.aa_profile=unconfined so whether apparmor is ready or not shouldn't matter since it's configured not to use it.
If we did want apparmor to protect the container, then we'd indeed have a race at the moment, but since we don't, I'm pretty confused as to how you ended up with the reject. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1227937 Title: lxc-start is unconfined but has a profile defined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227937/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
