kernel-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

The target profile is loaded:
$ sudo aa-status|grep docker
   docker-default

I tried this on the 3.16.0-9.14 and 3.16.0-16.22 distro kernels. The 'docker run' command succeeds. If I do this:
$ sudo docker run -i -t ubuntu:trusty /bin/sh

I can verify the container is launched under confinement here:
sudo aa-status|grep docker
   docker-default
   docker-default (2209)

$ ps -Z 2209
LABEL                             PID TTY      STAT   TIME COMMAND
docker-default                   2209 pts/1    Ss+    0:00 /bin/sh

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371310

Title:
  docker.io doesn't work with 3.0 RC1 kernel

Status in “apparmor” package in Ubuntu:
  New
Status in “docker.io” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  Steps to reproduce (from
  https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor):

  1. sudo apt-get install docker.io # 1.2.0~dfsg1-1

  2. sudo docker pull ubuntu:trusty

  3. sudo docker run ubuntu:trusty uptime
  2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied

  What is expected? uptime to return something like:
  $ sudo docker run ubuntu:trusty uptime
   20:31:21 up 1 min,  0 users,  load average: 0.09, 0.06, 0.03

  
  I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions