Re: [pkg-apparmor] Bug#880502: [pkg-lxc-devel] Bug#880502: lxc: cannot start container with kernel 4.13.10

To: Antonio Terceiro <terceiro@debian.org>
Cc: Evgeni Golov <evgeni@debian.org>, 880502@bugs.debian.org, pkg-apparmor-team@lists.alioth.debian.org, debian-kernel@lists.debian.org
Subject: Re: [pkg-apparmor] Bug#880502: [pkg-lxc-devel] Bug#880502: lxc: cannot start container with kernel 4.13.10
From: intrigeri <intrigeri@debian.org>
Date: Sun, 05 Nov 2017 13:09:10 +0100
Message-id: <[🔎] 85a801x6zd.fsf@boum.org>
In-reply-to: <[🔎] 20171102150657.d5tv4ysh2tfattfp@debian.org> (Antonio Terceiro's message of "Thu, 2 Nov 2017 13:06:57 -0200")
References: <[🔎] 20171101133231.bjcvcpayaezafxvp@debian.org> <[🔎] 20171101133231.bjcvcpayaezafxvp@debian.org> <[🔎] 20171101140012.m5amxxdl72cgdh6u@debian.org> <[🔎] 20171101133231.bjcvcpayaezafxvp@debian.org> <[🔎] 20171101143823.m3ro65t7rimbmfl3@nana.phantasia.die-welt.net> <[🔎] 20171101133231.bjcvcpayaezafxvp@debian.org> <[🔎] 20171102130410.rxsdyfv5nhrpbchi@debian.org> <[🔎] 20171102150657.d5tv4ysh2tfattfp@debian.org>

Hi,

Antonio Terceiro:
> The workaround that works is using the setting in the container
> configuration:

> lxc.aa_profile = unconfined

> with disables apparmor entirely.

> I have just uploaded lxc 1:2.0.9-4 setting this for all containers. This
> is not the greatest solution, but it's also not worse than the state of
> affairs before apparmor was enabled by default in the Debian kernel: it
> was already not possible to use lxc with apparmor in Debian.

Fully agreed: top priority is to ensure AppArmor doesn't break things,
so let's disable any profile that is not ready for prime time.

Adding AppArmor confinement where we had none previously can
come later.

Cheers,
-- 
intrigeri

Reply to:

References:
- Bug#880502: lxc: cannot start container (kernel related?)
  - From: Antonio Terceiro <terceiro@debian.org>
- Re: Bug#880502: lxc: cannot start container with kernel 4.13.10
  - From: Antonio Terceiro <terceiro@debian.org>
- Re: [pkg-lxc-devel] Bug#880502: lxc: cannot start container with kernel 4.13.10
  - From: Evgeni Golov <evgeni@debian.org>
- Re: Bug#880502: [pkg-lxc-devel] Bug#880502: lxc: cannot start container with kernel 4.13.10
  - From: Antonio Terceiro <terceiro@debian.org>
- Re: Bug#880502: [pkg-lxc-devel] Bug#880502: lxc: cannot start container with kernel 4.13.10
  - From: Antonio Terceiro <terceiro@debian.org>

Prev by Date: Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs
Next by Date: Re: [pkg-apparmor] Bug#880502: lxc: cannot start container with kernel 4.13.10
Previous by thread: Re: [pkg-apparmor] Bug#880502: lxc: cannot start container with kernel 4.13.10
Next by thread: Re: [debian/stretch64] lxc-copy: Snapshot with OverlayFS backingstorage fails with Linux-4.9.y
Index(es):
- Date
- Thread