touch-packages team mailing list archive

[Christian Boltz <1516037@xxxxxxxxxxxxxxxxxx>]

AppArmor 2.7 is _very_ old - especially given the fact that the tools
were rewritten in python for 2.9.

I just checked the perl code (which was used in 2.8.x and older) - it
_sets_ the flags (instead of adding or removing them), so it's not
surprising that attach_disconnected gets lost. (This is one of the fixes
that went into the 2.9 during the rewrite to python.)

If someone is interested to fix this - the code is in
Immunix/AppArmor.pm, sub complain() and sub enforce(), which both call
setprofileflags().

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1516037

Title:
  lxc-start fails with 1.1.5-0ubuntu1

Status in Canonical System Image:
  Confirmed
Status in apparmor package in Ubuntu:
  Confirmed
Status in lxc package in Ubuntu:
  Invalid

Bug description:
  After upgrading to lxc 1.1.5-0ubuntu1, lxc-start fails like this:

  lxc-start: start.c: preserve_ns: 149 Permission denied - failed to open '/proc/7170/ns/mnt'
  lxc-start: start.c: lxc_spawn: 993 failed to store namespace references
  lxc-start: start.c: __lxc_start: 1192 failed to spawn 'trusty-lpdev'
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  This is with a trusty system container.  precise system containers
  behave similarly.  I don't have others to try.  Downgrading liblxc1,
  lxc, lxc-templates, and python3-lxc to version 1.1.4-0ubuntu3 causes
  lxc-start to work again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1516037/+subscriptions