[pkg-apparmor] Bug#1050256: autopkgtest fails on debci
Michael Biebl
biebl at debian.org
Thu Aug 31 07:55:06 BST 2023
Am 31.08.23 um 08:41 schrieb Michael Biebl:
> On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl <biebl at debian.org> wrote:
>> Source: systemd
>> Version: 254.1-2
>> Severity: important
>>
>>
>> Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
>> systemd has been failing on debci since about the beginning of May.
>>
>> Asking around on #debci, this might be kernel related, as the debci
>> related systems were upgraded to bookworm around that time.
>>
>>
>
> What we found so far is, that the AppArmor policy of lxc breaks any
> systemd service using PrivateNetwork=yes or PrivateIPC=yes when being
> run under lxc (running under bookworm using the bookworm kernel).
>
> I wonder what the best course of action is here.
> Should we disable the AA policy of lxc via a stable upload of the lxc
> package until the root cause is found?
>
> Unfortunately I know too little about AppArmor and lxc's AppArmor policy
> and my attempts to ask around for help weren't successful so far.
>
I.e. by setting `lxc.apparmor.profile = unconfined` in
/etc/lxc/default.conf and regenerating the autopkgtest container on
bookworm, the failures are gone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20230831/2bea5f5c/attachment.sig>
More information about the pkg-apparmor-team
mailing list