[pkg-lxc-devel] Bug#916639: LXC AppArmor confinement breaks systemd v240
Pierre-Elliott Bécue
peb at debian.org
Mon Feb 11 22:06:46 GMT 2019
Le dimanche 27 janvier 2019 à 19:47:59+0100, intrigeri a écrit :
> Hi,
>
> Pierre-Elliott Bécue:
> > We have to decide what solution I will implement.
>
> Right, thanks for following up.
>
> > I'm open to suggestions, although I'm considering the "disable
> > apparmor profiles for lxc" solution for now.
>
> I think that disabling AppArmor by default for new LXC containers for
> Buster would be an OK-ish fallback option, if nothing else can
> realistically be made to work in time for the freeze; that would be
> sad, but it would not be a regression vs. Stretch. I assume we are on
> the same page regarding this: by all means, let's not ship a known
> broken LXC + AppArmor default configuration in Buster :)
>
> Apart of this fallback, I can propose two options:
Hi,
Please review and comment:
- https://salsa.debian.org/lxc-team/lxc/commit/1e8ca3640eec0b82297314d10435b68918907fc8
(patch inclusion)
- https://salsa.debian.org/lxc-team/lxc/commit/84df6216317542961bbad08a08e159f38e623de7
(minimalist default.conf)
Could you also provide me with a paragraph I could put in README.Debian
and NEWS regarding what end users should know about these profiles.
You dived in it more than me and I don't rely on apparmor, so it'd be
better if you write it.
Otherwise I can try to write a relevant thing.
Cheers!
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20190211/67141a13/attachment.sig>
More information about the Pkg-lxc-devel
mailing list