[Bug 1227937] [NEW] lxc-start is unconfined but has a profile defined
Serge Hallyn
1227937 at bugs.launchpad.net
Fri Sep 20 06:15:34 UTC 2013
Thanks for reporting this bug. I can't reproduce this on a
stock saucy system. How and when was that container created
and started? Was it auto-started (since it's pid 471)? If
you stop and restart the container, does that continue to be
the case? Is it possible you had done unloaded all profiles
and restarted apparmor while the container was running?
Lxc doesn't do anything in particular to enter the lxc-start
profile, it just gets entered into it by the pathname. Apart
from explicitly entering the unconfined domain (which is only
done by the init process, if you have
lxc.aa_profile = unconfined
inthe container configuration file, right before executing
/sbin/init) So I'm not sure what lxc could have done to get
into this state, but I sure hope we can get to the bottom of it.
priority: high
status: incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1227937
Title:
lxc-start is unconfined but has a profile defined
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227937/+subscriptions
More information about the Ubuntu-server-bugs
mailing list