touch-packages team mailing list archive

Thread
Date

[Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1371310@xxxxxxxxxxxxxxxxxx>
Date: Wed, 07 Jan 2015 01:44:58 -0000
Reply-to: Bug 1371310 <1371310@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux - 3.18.0-8.9

---------------
linux (3.18.0-8.9) vivid; urgency=low

  [ Leann Ogasawara ]

  * Release Tracking Bug
    - LP: #1407692
  * rebase to v3.18.1
  * ubuntu: AUFS -- Resolve build failure union has no member named
    'd_child'

  [ Upstream Kernel Changes ]

  * arm64: optimized copy_to_user and copy_from_user assembly code
    - LP: #1400349
  * x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
    - LP: #1400314
    - CVE-2014-8134
  * rebase to v3.18.1
 -- Leann Ogasawara <leann.ogasawara@xxxxxxxxxxxxx>   Mon, 05 Jan 2015 09:12:32 -0800

** Changed in: linux (Ubuntu Vivid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8134

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371310

Title:
  docker.io doesn't work with apparmor 3.0 RC1 kernel

Status in apparmor package in Ubuntu:
  Invalid
Status in docker.io package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Utopic:
  Invalid
Status in docker.io source package in Utopic:
  Invalid
Status in linux source package in Utopic:
  Fix Released
Status in apparmor source package in Vivid:
  Invalid
Status in docker.io source package in Vivid:
  Invalid
Status in linux source package in Vivid:
  Fix Released

Bug description:
  Steps to reproduce (from
  https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor):

  1. sudo apt-get install docker.io # 1.2.0~dfsg1-1

  2. sudo docker pull ubuntu:trusty

  3. sudo docker run ubuntu:trusty uptime
  2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied

  What is expected? uptime to return something like:
  $ sudo docker run ubuntu:trusty uptime
   20:31:21 up 1 min,  0 users,  load average: 0.09, 0.06, 0.03

  I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing
  apparmor related in the logs. If I boot an earlier kernel without the
  3.0 RC1 patches, it works.

  FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic,
  which will affect docker.io in Ubuntu. Workaround until this bug is
  fixed is to boot into 3.16.0-16.22 or earlier.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions

References

[Bug 1371310] [NEW] docker.io doesn't work with 3.0 RC1 kernel
From: Jamie Strandboge, 2014-09-18