touch-packages team mailing list archive

Thread
Date

[Bug 1272028] Re: remount, not honored on bind mounts

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ash Wilson <ash.wilson@xxxxxxxxxxxxx>
Date: Fri, 04 Sep 2015 12:48:17 -0000
Reply-to: Bug 1272028 <1272028@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

John,

Sure thing. Here's my /sys/kernel/security/apparmor/features:

capability  caps  domain  file  mount  namespaces  network  policy
rlimit

The profile dump is attached. Thanks for having a look! I was just
starting to trawl through the source to see if it was something I could
patch myself, based on your comment.

** Attachment added: "apparmor profile dump"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1272028/+attachment/4457274/+files/a.out.dump

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1272028

Title:
  remount, not honored on bind mounts

Status in apparmor package in Ubuntu:
  Expired
Status in apparmor source package in Precise:
  Expired
Status in apparmor source package in Trusty:
  Expired
Status in apparmor source package in Utopic:
  Expired

Bug description:
  I was trying to run docker in a nested container.  docker wants to
  remount a bind-mounted dir as ro.  Audit log showed this failed.  I
  first tried to add more specific rules, but when those did not work i
  tried just

  remount,

  in the policy.  Still the mount was denied.  Finally when I added
  'mount,', it worked.

  Ideally I would be able to say

    remount options=(ro,bind) -> /var/lib/docker/**/,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1272028/+subscriptions