touch-packages team mailing list archive

Thread
Date

[Bug 1380519] [NEW] lxc-user-nic should run in its own apparmor profile

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Serge Hallyn <1380519@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Oct 2014 08:32:13 -0000
Reply-to: Bug 1380519 <1380519@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The lxc-user-nic program is a setuid-root program to create veth nics
and hook them to the host bridge and unprivileged containers.  It should
run under a very tight apparmor profile.

(Make sure to test with ovs bridges as well, as its call-out to ovs-
vsctl may have unexpected requirements)

** Affects: lxc (Ubuntu)
     Importance: High
         Status: Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1380519

Title:
  lxc-user-nic should run in its own apparmor profile

Status in “lxc” package in Ubuntu:
  Triaged

Bug description:
  The lxc-user-nic program is a setuid-root program to create veth nics
  and hook them to the host bridge and unprivileged containers.  It
  should run under a very tight apparmor profile.

  (Make sure to test with ovs bridges as well, as its call-out to ovs-
  vsctl may have unexpected requirements)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1380519/+subscriptions

Follow ups

[Bug 1380519] [NEW] lxc-user-nic should run in its own apparmor profile
From: Serge Hallyn, 2014-10-13

References

[Bug 1380519] [NEW] lxc-user-nic should run in its own apparmor profile
From: Serge Hallyn, 2014-10-13