This is indeed upstream, and works as far as it goes. There are currently issues when crossing system namespace boundaries but those are being treated as separate issues. The stacking it self works policy when crossing ns boundaries has to be aware of it and more relaxed than we would like.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1379535 Title: policy namespace stacking Status in AppArmor: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Tracking bug for supporting stacked policy namesapaces (ie, different profiles on host, container, container in a container, etc) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1379535/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
