[Bug 969228] [NEW] Unable to load another apparmor profile from /etc/apparmor.d/lxc/

Fri Mar 30 13:48:03 UTC 2012

Public bug reported:

I'm trying to set another apparmor profile for a specific container, so
I set lxc.aa_profile to lxc-upgrader01 and simply copied the default
profile for now, but when reloading apparmor it fails...


=====
root at athos:/etc/apparmor.d/lxc# ls
lxc-default
root at athos:/etc/apparmor.d/lxc# /etc/init.d/apparmor reload
 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: sbin.dhclient
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
                                                                                                                                                                            [ OK ]
root at athos:/etc/apparmor.d/lxc# dmesg -c
[123440.717875] type=1400 audit(1333115077.171:102): apparmor="STATUS" operation="profile_replace" name="/usr/bin/lxc-start" pid=19479 comm="apparmor_parser"
[123440.743692] type=1400 audit(1333115077.195:103): apparmor="STATUS" operation="profile_replace" name="lxc-container-default" pid=19477 comm="apparmor_parser"
[123440.908215] type=1400 audit(1333115077.363:104): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/ntpd" pid=19480 comm="apparmor_parser"
[123440.947041] type=1400 audit(1333115077.399:105): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=19482 comm="apparmor_parser"
root at athos:/etc/apparmor.d/lxc# mv /root/lxc-upgrader01 .
root at athos:/etc/apparmor.d/lxc# diff -Nrup lxc-default lxc-upgrader01

--- lxc-default	2012-03-30 13:38:30.966724366 +0000
+++ lxc-upgrader01	2012-03-30 13:38:49.389578258 +0000
@@ -1,6 +1,7 @@
 #include <tunables/global>
 
-profile lxc-container-default flags=(attach_disconnected) {
+profile lxc-container-upgrader01 flags=(attach_disconnected) {
+
   network,
   capability,
   file,
root at athos:/etc/apparmor.d/lxc# /etc/init.d/apparmor reload
 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: sbin.dhclient
AppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/tunables/home at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_ID
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
                                                                                                                                                                            [fail]
root at athos:/etc/apparmor.d/lxc# dmesg -c
[123465.749549] type=1400 audit(1333115102.202:106): apparmor="STATUS" operation="profile_replace" name="/usr/bin/lxc-start" pid=20414 comm="apparmor_parser"
[123465.968228] type=1400 audit(1333115102.422:107): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/ntpd" pid=20415 comm="apparmor_parser"
[123465.984424] type=1400 audit(1333115102.438:108): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=20421 comm="apparmor_parser"
[123466.025319] type=1400 audit(1333115102.478:109): apparmor="STATUS" operation="profile_remove" name="lxc-container-default" pid=20561 comm="apparmor"
root at athos:/etc/apparmor.d/lxc# ls
lxc-default  lxc-upgrader01
root at athos:/etc/apparmor.d/lxc#

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969228

Title:
  Unable to load another apparmor profile from /etc/apparmor.d/lxc/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/969228/+subscriptions

