[Bug 1227937] Re: lxc-start is unconfined but has a profile defined
Jamie Strandboge
jamie at ubuntu.com
Wed Oct 9 13:08:29 UTC 2013
As mentioned, this was is on an Ubuntu Touch system and it happens on
boot. It is still the case as of today. I don't know much about the
container flip on Touch devices, but right now, the apparmor profile is
not in effect on these systems. I can confirm this on the Nexus 7
(grouper) and Nexus 4 (mako).
Unfortunately, today someone (vila) reported the following denial during a test run:
/var/log/syslog: Oct 8 09:16:26 saucy-i386-20131008-0916 dbus[499]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=634 profile="lxc-container-default" peer_profile="lxc-container-default" info="Permission denied"
I think this indicates a race condition where lxc somehow won the race
and the profile was in effect, but the profile itself is missing needed
rules because no one has actually seen/noticed this condition due to
this bug.
** Changed in: lxc (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1227937
Title:
lxc-start is unconfined but has a profile defined
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227937/+subscriptions
More information about the Ubuntu-server-bugs
mailing list