[pkg-apparmor] Bug#988204: apparmor: AppArmor container behavior inappropriate under WSL
intrigeri
intrigeri at debian.org
Sat May 15 20:10:19 BST 2021
Control: tag -1 + moreinfo
Hi,
Alistair Young (2021-05-07):
> Specifically, systemd-detect-virt detects WSL as a container,
> technically accurately, but this then causes the apparmor.systemd
> script to decline to start apparmor.
I'm trying to understand what's, at the end of the day, the desirable
behavior here, and why.
I understand you would like apparmor.service to start in a WSL
environment, i.e. you would like the AppArmor policy to be loaded.
Correct so far?
May I infer that a container run under WSL can actually load and
enforce AppArmor policy? In that case, IMO it would make much more
sense to have is_container_with_internal_policy return true (0) for
WSL containers, rather than tweaking apparmor.systemd to treat them as
non-containers.
Or is there any other reason why you want apparmor.service to start
under WSL?
Cheers!
More information about the pkg-apparmor-team
mailing list