[Bug 1428490] [NEW] AppArmor vs unix socket inside LXC containers
Launchpad Bug Tracker
1428490 at bugs.launchpad.net
Fri Feb 19 06:01:29 UTC 2016
You have been subscribed to a public bug:
I know this seems like an odd bug, but I've spent all day chasing it
down.
I was seeing problems with LDAP lookups inside an LXC container, and
strace on getent lookups was showing that attempts to read from
/var/run/nslcd/socket were being closed as -1 (EACCESS).
That file/UNIX socket is owned by nslcd, also running inside the LXC.
Back on the host machine, setting the LXC config to set lxc.aa_profile =
unconfined (and restarting the container) then allowed that socket to
start working freely.
This seems weird, as there's all sorts of other things using UNIX
sockets inside containers that still function normally, but I thought
I'd mention it, especially in case anyone hits this issue.
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor ldap lxc nslcd
--
AppArmor vs unix socket inside LXC containers
https://bugs.launchpad.net/bugs/1428490
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu.
More information about the Ubuntu-server-bugs
mailing list