Hi, On Sun, Nov 05, 2017 at 01:09:10PM +0100, intrigeri wrote: > Hi, > > Antonio Terceiro: > > The workaround that works is using the setting in the container > > configuration: > > > lxc.aa_profile = unconfined > > > with disables apparmor entirely. > > > I have just uploaded lxc 1:2.0.9-4 setting this for all containers. This > > is not the greatest solution, but it's also not worse than the state of > > affairs before apparmor was enabled by default in the Debian kernel: it > > was already not possible to use lxc with apparmor in Debian. > > Fully agreed: top priority is to ensure AppArmor doesn't break things, > so let's disable any profile that is not ready for prime time. > > Adding AppArmor confinement where we had none previously can > come later. FWIW, since apparmor 2.11.1-4 this issue is no longer reproducible, so I am closing this bug. I will also make a new lxc upload removing the workaround mentioned above.
Attachment:
signature.asc
Description: PGP signature