touch-packages team mailing list archive

Thread
Date

[Bug 1432683] Re: apt-get install lxc doesn't load required apparmor profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1432683@xxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Mar 2015 22:11:35 -0000
Reply-to: Bug 1432683 <1432683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor - 2.9.1-0ubuntu8

---------------
apparmor (2.9.1-0ubuntu8) vivid; urgency=medium

  [ Steve Beattie ]
  * debian/rules: run make check on the libapparmor library
  * add-chromium-browser.patch: add support for chromium policies
    (LP: #1419294)
  * debian/apparmor.{init,upstart}: add support for triggering
    aa-profile-hook runs when packages are updated via snappy system
    image updates (LP: #1434143)
  * parser-fix_modifier_compilation_+_tests.patch: fix compilation
    of audit modifiers for exec and pivot_root and deny modifiers on
    link rules as well as significantly expand related tests
    (LP: #1431717, LP: #1432045, LP: #1433829)
  * tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
    around pivot_root test failures due to init=systemd (LP: #1436109)
  * GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
    file to X abstraction (LP: #1432126)

  [ Jamie Strandboge ]
  * easyprof-framework-policy.patch: add --include-templates-dir and
    --include-policy-groups-dir options to easyprof to support framework
    policy on snappy

  [ Robie Basak ]
  * Add /lib/apparmor/profile-load; moved from
    /lib/init/apparmor-profile-load from the upstart package. A wrapper at
    the original path is now provided by init-system-helpers. (LP: #1432683)
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Sat, 28 Mar 2015 07:22:30 -0500

** Changed in: apparmor (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1432683

Title:
  apt-get install lxc doesn't load required apparmor profiles

Status in apparmor package in Ubuntu:
  Fix Released
Status in init-system-helpers package in Ubuntu:
  New
Status in lxc package in Ubuntu:
  Triaged
Status in squid3 package in Ubuntu:
  New
Status in upstart package in Ubuntu:
  New

Bug description:
  I'm trying to use LXC on my openstack instance which runs vivid daily:

  $ sudo apt-get install lxc -y

  $ sudo lxc-create -t ubuntu-cloud --name=vivid -- --flush-cache
  --stream=daily --release=vivid

  $ sudo lxc-start --name vivid --logfile=lxc.log
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  In the log file (lxc.log) I observe the following error:
  lxc-start 1426516387.814 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default

  This profile *exists* under /etc/apparmor.d/lxc/lxc-default but was
  not loaded appropriately.

  This issue disappears if I:
  (a) reload apparmor profile manually: sudo /etc/init.d/apparmor reload
  or
  (b) reboot the instance

  I'd expect that 'apt-get install lxc' has to load all appropriate
  apparmor profiles to allow starting containers w/o profile reloading /
  rebooting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432683/+subscriptions

References

[Bug 1432683] [NEW] apt-get install lxc doesn't load required apparmor profiles
From: Oleg Strikov, 2015-03-16