[pkg-lxc-devel] Bug#919185: AppArmor: postinst fails on custom kernel without AppArmor

Philipp Matthias Hahn pmhahn at debian.org
Sun Jan 13 14:05:43 GMT 2019

Package: lxc
Version: 1:3.1.0+really3.0.3-2
Severity: normal

Dear Maintainer,

I compile my own kernel - without AppArmor. lxc.postinst fails to
configure as /sys/kernel/security/apparmor does not exist:

$ strace apparmor_parser -r -W -T /etc/apparmor.d/lxc-containers
stat("/sys/kernel/security/apparmor", 0x7ffdeab2b380) = -1 ENOENT

The package "apparmor" - which provides "apparmor_parser" - was never
installed by me, but got pulled in as a Recommends: from

The call to "apparmor_parser" should be put in a conditional block like
    # Reload the profile, including any abstraction updates
    if aa-status --enabled 2>/dev/null; then
        apparmor_parser -r -T -W "$APP_PROFILE" || true

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.14 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6                  2.28-5
ii  libcap2                1:2.25-1.2
ii  libgnutls30            3.6.5-2
ii  liblxc1                1:3.1.0+really3.0.3-2
ii  libseccomp2            2.3.3-3
ii  libselinux1            2.8-1+b1
ii  lsb-base               10.2018112800

Versions of packages lxc recommends:
ii  bridge-utils                 1.5-16
ii  debootstrap                  1.0.114
ii  dirmngr                      2.2.12-1
ii  dnsmasq-base [dnsmasq-base]  2.80-1
ii  gnupg                        2.2.12-1
ii  iproute2                     4.20.0-2
ii  iptables                     1.8.2-3
ii  libpam-cgfs                  1:3.1.0+really3.0.3-2
ii  lxc-templates                3.0.3-1
ii  lxcfs                        3.0.3-2
ii  nftables                     0.9.0-2
ii  openssl                      1.1.1a-1
ii  rsync                        3.1.3-1
ii  uidmap                       1:4.5-1.1

Versions of packages lxc suggests:
ii  apparmor     2.13.2-3
ii  btrfs-progs  4.19.1-2
ii  lvm2         2.03.02-1
ii  python3-lxc  1:3.0.3-1

-- debconf information excluded

More information about the Pkg-lxc-devel mailing list