kernel-packages team mailing list archive

Thread
Date

[Bug 969299] Re: Don't require use of mediate_deleted with LXC (was: apparmor prevents dpkg-divert and localedef from working in a container)

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 23 Oct 2014 17:46:31 -0000
Reply-to: Bug 969299 <969299@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: aa-kernel

** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Precise)
       Status: New => Won't Fix

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu)
       Status: New => Confirmed

** Changed in: apparmor (Ubuntu)
    Milestone: ubuntu-12.04 => None

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/969299

Title:
  Don't require use of mediate_deleted with LXC (was: apparmor prevents
  dpkg-divert and localedef from working in a container)

Status in AppArmor Linux application security framework:
  Confirmed
Status in “apparmor” package in Ubuntu:
  Confirmed
Status in “linux” package in Ubuntu:
  Confirmed
Status in “lxc” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Precise:
  Won't Fix
Status in “linux” source package in Precise:
  Won't Fix
Status in “lxc” source package in Precise:
  Fix Released

Bug description:
  I moved the daily flavour upgrade testing to a container but it's now failing when running ubuntu-vm-builder, here are the entries from dmesg:
  [ 2038.491817] type=1400 audit(1333119659.468:51): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=19255 profile="lxc-container-upgrader01" name="/tmp/tmpQ1TioA/var/lib/dpkg/diversions" pid=19259 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  [ 2149.277909] type=1400 audit(1333119770.257:52): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=25847 profile="lxc-container-upgrader01" name="/tmp/tmpQ1TioA/var/lib/dpkg/diversions" pid=25849 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  [ 2263.501949] type=1400 audit(1333119884.482:53): apparmor="DENIED" operation="chmod" info="Failed name lookup - deleted entry" error=-2 parent=5444 profile="lxc-container-upgrader01" name="/tmp/tmpQ1TioA/usr/lib/locale/locale-archive.Ou6sxd" pid=5450 comm="localedef" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  [ 2264.736948] type=1400 audit(1333119885.718:54): apparmor="DENIED" operation="chmod" info="Failed name lookup - deleted entry" error=-2 parent=5511 profile="lxc-container-upgrader01" name="/tmp/tmpQ1TioA/usr/lib/locale/locale-archive.D05snx" pid=5531 comm="localedef" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  [ 2367.429100] type=1400 audit(1333119988.408:55): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=5553 profile="lxc-container-upgrader01" name="/tmp/tmpQ1TioA/var/lib/dpkg/diversions" pid=9783 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  
  The apparmor profile used for this container is attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/969299/+subscriptions