← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #137774

[Bug 1496430] Re: Docker-1.8.2 can't create container, due to apparmor denying 'disconnected path'

  Thread PreviousDate PreviousThread Next 
** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: linux-lts-utopic (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: linux-lts-utopic (Ubuntu Precise)
       Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu Vivid)
       Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu)
       Status: New => Invalid

** Changed in: linux (Ubuntu)
       Status: New => Invalid

** Changed in: linux (Ubuntu Precise)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Trusty)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1496430

Title:
  Docker-1.8.2 can't create container, due to apparmor denying
  'disconnected path'

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Committed
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  New
Status in linux-lts-utopic source package in Vivid:
  Invalid

Bug description:
  I'm trying to get docker-1.8.2-rc1 to work on snappy, while doing so I
  got this apparmor denial:

  Sep 10 09:12:35 localhost.localdomain audit[1320]: AVC
  apparmor="DENIED" operation="mount" info="Failed name lookup -
  disconnected path" error=-13 profile="docker_docker-
  daemon_IAUSSaDNVTJR" name="/run/docker/netns/6901f2b6dd4c/" pid=1320
  comm="exe" srcname="" flags="rw, bind"

  and trying to chase it I got:
  http://paste.ubuntu.com/12341612/

  so docker is trying to issue this mount: 
  syscall.Mount("/proc/self/ns/net", /var/run/docker/netns/5b9b1ba4437b, "bind", 4096 (syscall.MS_BIND), "")

  from https://golang.org/pkg/syscall/#Mount
  func Mount(source string, target string, fstype string, flags uintptr, data string) (err error)

  which is denied as if there wasn't a source?

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1496430/+subscriptions
  Thread PreviousDate PreviousThread Next