[Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined
Serge Hallyn
1215386 at bugs.launchpad.net
Tue Sep 10 13:57:31 UTC 2013
Quoting Andre Nathan (andre at digirati.com.br):
> You are correct, the error I'm seeing comes from the fact that I have
> this line on the container's fstab:
>
> proc /var/lib/lxc/test/rootfs/proc proc ro,nodev,noexec,nosuid 0 0
>
> That is, I was trying to mount /proc as read-only in the container. This
> works for me in 12.04 but not in 13.04.
Thank you - to make sure I understand, do you also have
/etc/apparmor.d/usr.bin.lxc-start disabled? If you do,
then when the container starts it is already undefined,
then lxc is supposed to detect that it is already
unconfined and not transition at all. But if you have
the lxc-start profile still enabled, then the container is
started while in the lxc-start profile, and a transition
is required (requiring read-write proc).
So if it is failing for you with /etc/apparmor.d/usr.bin.lxc-start
disabled, then let's open a new bug for that and I'll fix that in
a separate SRU.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1215386
Title:
lxc-start tries to change apparmor profile to unconfined
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1215386/+subscriptions
More information about the Ubuntu-server-bugs
mailing list