Public bug reported:
I've been running /usr/sbin/sshd in a custom Apparmor profile [*] for a long
time and it works well.
When I loaded the same profile in a lxd container (named ganymede), it didn't
work at all:
apparmor="DENIED" operation="file_perm" namespace="root//lxd-ganymede_
<var-lib-lxd>" profile="/usr/sbin/sshd" pid=30870 comm="sshd"
family="unix" sock_type="stream" protocol=0 requested_mask="send
receive" denied_mask="send receive" addr=none peer_addr=none peer="---"
Additional information about my environment:
Both the host and the guest are up to date Xenials.
root@jupiter:~# apt-cache policy linux-image-4.4.0-63-generic apparmor
openssh-server
linux-image-4.4.0-63-generic:
Installed: 4.4.0-63.84
Candidate: 4.4.0-63.84
Version table:
*** 4.4.0-63.84 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
100 /var/lib/dpkg/status
apparmor:
Installed: 2.10.95-0ubuntu2.5
Candidate: 2.10.95-0ubuntu2.5
Version table:
*** 2.10.95-0ubuntu2.5 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.10.95-0ubuntu2 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
openssh-server:
Installed: 1:7.2p2-4ubuntu2.1
Candidate: 1:7.2p2-4ubuntu2.1
Version table:
*** 1:7.2p2-4ubuntu2.1 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
100 /var/lib/dpkg/status
1:7.2p2-4 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
*:
https://github.com/simondeziel/aa-profiles/blob/4d7fbd9fcca4bd62d97e8d0ba2cdc35e8d48d096/16.04/usr.sbin.sshd
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2.5
ProcVersionSignature: Ubuntu 4.4.0-63.84-generic 4.4.44
Uname: Linux 4.4.0-63-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Tue Feb 21 21:25:55 2017
InstallationDate: Installed on 2016-12-19 (64 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Beta amd64
(20161219)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.4.0-63-generic.efi.signed
root=UUID=b23cf18f-e8d0-4a4f-9e8d-6aa47569e86b ro possible_cpus=2
nmi_watchdog=0 kaslr vsyscall=none transparent_hugepage=never
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug third-party-packages xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1666748
Title:
Apparmor problem inside a lxd container
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1666748/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
