[Bug 1270784] Re: aa-status --enabled failed in LXC container with Permission denied: '/sys/kernel/security/apparmor/profiles'
Serge Hallyn
1270784 at bugs.launchpad.net
Thu Oct 9 20:26:20 UTC 2014
It actually seems like a bug in aa-status.
Note that /sys/kernel/security/apparmor/profiles is not readable by non-
root users on the host. Yet non-root users on the host do not see a
python traceback when they run 'aa-status --enable'. This also suggests
that a container should not provide read access to the file.
(Note that the traceback doesn't happen as root in an unprivileged
container - there it quietly exits 4 just like for any unprivileged
user)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1270784
Title:
aa-status --enabled failed in LXC container with Permission denied:
'/sys/kernel/security/apparmor/profiles'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1270784/+subscriptions
More information about the Ubuntu-server-bugs
mailing list