[Bug 1227313] [NEW] Error parsing lxc-start apparmor profile

Wed Sep 18 18:56:14 UTC 2013

Public bug reported:

The lxc-start package reads its apparmor profile from
/proc/$PID/attr/current but does not remove the trailing newline
character. When trying to run an unconfined container, this causes
comparisons with the "unconfined" string in the source code to fail, and
the apparmor profile is set, even when there's no need to do so. This,
in turn, makes it impossible to run containers with a read-only /proc
filesystem.

Ubuntu release:
Description:	Ubuntu 13.04
Release:	13.04

Package being used:
lxc:
  Installed: 0.9.0-0ubuntu3.5
  Candidate: 0.9.0-0ubuntu3.5
  Version table:
 *** 0.9.0-0ubuntu3.5 0
        500 http://archive.ubuntu.com/ubuntu/ raring-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.9.0-0ubuntu3.4 0
        500 ftp://repos.mz.digirati.com.br/ubuntu/ raring-updates/universe amd64 Packages
     0.9.0-0ubuntu3 0
        500 ftp://repos.mz.digirati.com.br/ubuntu/ raring/universe amd64 Packages

What is expected to happen:
A container with a read-only /proc filesystem should start successfully.

What happened instead:
lxc-start fails with "Read-only file system - failed to change apparmor profile to unconfined"

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1227313

Title:
  Error parsing lxc-start apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227313/+subscriptions