[pkg-lxc-devel] Bug#925899: lxc: Unprivileged containers fail to start after recent updates
intrigeri
intrigeri at debian.org
Sat Mar 30 14:29:52 GMT 2019
Hi,
Pierre-Elliott BĂ©cue:
> This bugreport raises an interesting question regarding the tradeoff
> between the solution we implemented to fix bug #916639.
> Cc-ing intrigeri: I'm reconsidering the /etc/lxc/default.conf setting
> regarding apparmor.profile. Putting generated breaks many unpriv
> containers as they have no apparmor.profile set in their configuration.
I'd love to help but I'll need more info to understand why the current
setup breaks "many unpriv containers", e.g.:
- Is this specific to unprivileged containers?
- Is it because "apparmor.profile = generated" is not suitable
for unprivileged containers?
Finally, I wonder if "Suggests: apparmor" expresses strongly enough
the current status of the LXC + AppArmor integration in Debian.
Thankfully the Linux images will pull apparmor via Recommends…
except on systems where the administrator has disabled installation
of Recommends.
Cheers,
--
intrigeri
More information about the Pkg-lxc-devel
mailing list