[Bug 1320869] Re: apparmor="DENIED" operation="ptrace" profile="docker-default"
Jamie Strandboge
jamie at ubuntu.com
Tue Oct 7 19:05:01 UTC 2014
lxc-docker-1.2.0 is the upstream package. docker.io is the Ubuntu package. This should be fixed in the Ubuntu packaging in 1.2.0~dfsg1-1ubuntu1:
docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium
* debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
by in sync with LXC. Specifically this:
- reorganizes the rules to allow for easier comparison with other
container policy
- adds comments for many rules
- adds bare dbus rule
- adds ptrace rule to allow ptracing ourselves
- adds deny mount options=(ro, remount, silent) -> /
- allows hugetlbfs
- adds cgmanager mount
- adds /sys/fs/pstore mount
- more specific /sys/kernel/security mount options
- more specific /sys mount options
- more specific /proc/sys/kernel/* deny rules
- more specific /proc/sys/net deny rules
- more specific /sys/class deny rules
- more specific /sys/devices deny rules
- more specific /sys/fs deny rules
Specifically:
# Allow us to ptrace ourselves
ptrace peer=@{profile_name},
** Changed in: docker.io (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to docker.io in Ubuntu.
https://bugs.launchpad.net/bugs/1320869
Title:
apparmor="DENIED" operation="ptrace" profile="docker-default"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions
More information about the Ubuntu-server-bugs
mailing list