Feel free to send this patchset to the Debian BTS -- we can see about adding an Ubuntu vendor switch so we don't maintain a delta.
You should also consider talking with Upstream about getting this fixed in 1.3 Thanks for your work! On Tue, Oct 7, 2014 at 3:05 PM, Jamie Strandboge <ja...@ubuntu.com> wrote: > lxc-docker-1.2.0 is the upstream package. docker.io is the Ubuntu package. > This should be fixed in the Ubuntu packaging in 1.2.0~dfsg1-1ubuntu1: > docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium > > * debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to > by in sync with LXC. Specifically this: > - reorganizes the rules to allow for easier comparison with other > container policy > - adds comments for many rules > - adds bare dbus rule > - adds ptrace rule to allow ptracing ourselves > - adds deny mount options=(ro, remount, silent) -> / > - allows hugetlbfs > - adds cgmanager mount > - adds /sys/fs/pstore mount > - more specific /sys/kernel/security mount options > - more specific /sys mount options > - more specific /proc/sys/kernel/* deny rules > - more specific /proc/sys/net deny rules > - more specific /sys/class deny rules > - more specific /sys/devices deny rules > - more specific /sys/fs deny rules > > Specifically: > # Allow us to ptrace ourselves > ptrace peer=@{profile_name}, > > > ** Changed in: docker.io (Ubuntu) > Status: Confirmed => Fix Released > > -- > You received this bug notification because you are a member of Docker > Ubuntu Maintainers, which is subscribed to docker.io in Ubuntu. > https://bugs.launchpad.net/bugs/1320869 > > Title: > apparmor="DENIED" operation="ptrace" profile="docker-default" > > Status in “docker.io” package in Ubuntu: > Fix Released > > Bug description: > when starting a container with -p / -P i'm starting to get many error > messages in the syslog which looks like this > > May 19 08:25:47 localhost kernel: [916087.208505] type=1400 > audit(1400477147.264:2353): apparmor="DENIED" operation="ptrace" > profile="docker-default" pid=12619 comm=706D323A20536174616E204461656D > requested_mask="trace" denied_mask="trace" peer="docker-default" > > » lsb_release -rd > Description: Ubuntu 14.04 LTS > Release: 14.04 > > » apt-cache policy docker.io > docker.io: > Installed: 0.9.1~dfsg1-2 > Candidate: 0.9.1~dfsg1-2 > Version table: > *** 0.9.1~dfsg1-2 0 > 500 http://mirror.isoc.org.il/pub/ubuntu/ trusty/universe amd64 > Packages > 100 /var/lib/dpkg/status > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions -- All programmers are playwrights, and all computers are lousy actors. #define sizeof(x) rand() :wq -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1320869 Title: apparmor="DENIED" operation="ptrace" profile="docker-default" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs