touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #25915
[Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel
This bug was fixed in the package linux - 3.16.0-22.29
---------------
linux (3.16.0-22.29) utopic; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1379321
[ Andrew Morton ]
* SAUCE: (no-up) mm-introduce-a-general-rcu-get_user_pages_fast-fix
- LP: #1309221
* SAUCE: (no-up) arm64-mm-enable-rcu-fast_gup-checkpatch-fixes
- LP: #1309221
[ Andy Whitcroft ]
* [Config] CONFIG_PATA_MACIO=y
- LP: #1378894
* [Config] enable cloud tools on i386
- LP: #1367399
* SAUCE: scsi: hyper-v storsvc switch up to SPC-3
- LP: #1354397
* SAUCE: powerpc -- fix mm/slice.c switch include to linux/hugetlb.h
[ dann frazier ]
* [Config] CONFIG_HAVE_GENERIC_RCU_GUP=y
- LP: #1309221
[ Feng Kan ]
* SAUCE: (no-up) power: reset: Add generic SYSCON register mapped reset
- LP: #1284433
* SAUCE: (no-up) arm64: dts: Add X-Gene reboot driver dts node
- LP: #1284433
[ Ian Munsie ]
* SAUCE: (no-up) powerpc/cell: Move spu_handle_mm_fault() out of cell platform
* SAUCE: (no-up) powerpc/cell: Move data segment faulting code out of cell platform
* SAUCE: (no-up) powerpc/cell: Make spu_flush_all_slbs() generic
* SAUCE: (no-up) powerpc/msi: Improve IRQ bitmap allocator
* SAUCE: (no-up) powerpc/mm: Export mmu_kernel_ssize and mmu_linear_psize
* SAUCE: (no-up) powerpc/powernv: Split out set MSI IRQ chip code
* SAUCE: (no-up) cxl: Add new header for call backs and structs
* SAUCE: (no-up) powerpc/powerpc: Add new PCIe functions for allocating cxl interrupts
* SAUCE: (no-up) powerpc/mm: Add new hash_page_mm()
* SAUCE: (no-up) powerpc/opal: Add PHB to cxl mode call
* SAUCE: (no-up) powerpc/mm: Add hooks for cxl
* SAUCE: (no-up) cxl: Add base builtin support
* SAUCE: (no-up) cxl: Driver code for powernv PCIe based cards for userspace access
* SAUCE: (no-up) cxl: Add userspace header file
* SAUCE: (no-up) cxl: Add driver to Kbuild and Makefiles
* SAUCE: (no-up) cxl: Add documentation for userspace APIs
* SAUCE: (no-up) cxl: Fix afu_read() not doing finish_wait() on signal or non-blocking
[ John Johansen ]
* SAUCE: Revert: fix: only allow a single threaded process to ...
- LP: #1371310
[ Steve Capper ]
* SAUCE: (no-up) mm: introduce a general RCU get_user_pages_fast()
- LP: #1309221
* SAUCE: (no-up) arm: mm: introduce special ptes for LPAE
- LP: #1309221
* SAUCE: (no-up) arm: mm: enable HAVE_RCU_TABLE_FREE logic
- LP: #1309221
* SAUCE: (no-up) arm: mm: enable RCU fast_gup
- LP: #1309221
* SAUCE: (no-up) arm64: mm: enable HAVE_RCU_TABLE_FREE logic
- LP: #1309221
* SAUCE: (no-up) arm64: mm: enable RCU fast_gup
- LP: #1309221
[ Tim Gardner ]
* SAUCE: Added bnx2x/bnx2x-e1-7.8.19.0.fw
- LP: #1378491
* [Config] CONFIG_CXL=m
* [Config] CONFIG_POWER_RESET_SYSCON=y for arm64
* SAUCE: (no-up) Restrict CONFIG_POWER_RESET_SYSCON to arm64 only
[ Upstream Kernel Changes ]
* powerpc: implement vmemmap_list_free()
- LP: #1378413
* powerpc: implement vmemmap_remove_mapping() for BOOK3S
- LP: #1378413
* powerpc: implement vmemmap_free()
- LP: #1378413
* powerpc: start loop at section start of start in vmemmap_populated()
- LP: #1378413
* ARM: 8108/1: mm: Introduce {pte,pmd}_isset and {pte,pmd}_isclear
* ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE
* seccomp: create internal mode-setting function
- LP: #1379020
* seccomp: extract check/assign mode helpers
- LP: #1379020
* seccomp: split mode setting routines
- LP: #1379020
* seccomp: add "seccomp" syscall
- LP: #1379020
* ARM: add seccomp syscall
- LP: #1379020
* MIPS: add seccomp syscall
- LP: #1379020
* sched: move no_new_privs into new atomic flags
- LP: #1379020
* seccomp: split filter prep from check and apply
- LP: #1379020
* seccomp: introduce writer locking
- LP: #1379020
* seccomp: allow mode setting across threads
- LP: #1379020
* seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
- LP: #1379020
* seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
- LP: #1379020
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Wed, 08 Oct 2014 07:35:30 -0400
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371310
Title:
docker.io doesn't work with apparmor 3.0 RC1 kernel
Status in “apparmor” package in Ubuntu:
Invalid
Status in “docker.io” package in Ubuntu:
Invalid
Status in “linux” package in Ubuntu:
Fix Released
Bug description:
Steps to reproduce (from
https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor):
1. sudo apt-get install docker.io # 1.2.0~dfsg1-1
2. sudo docker pull ubuntu:trusty
3. sudo docker run ubuntu:trusty uptime
2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied
What is expected? uptime to return something like:
$ sudo docker run ubuntu:trusty uptime
20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03
I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing
apparmor related in the logs. If I boot an earlier kernel without the
3.0 RC1 patches, it works.
FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic,
which will affect docker.io in Ubuntu. Workaround until this bug is
fixed is to boot into 3.16.0-16.22 or earlier.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions
References
