a failure in change_profile from unconfined is NOT expected to log a message.
Can you please verify that the target profile is loaded. The only reason apparmor rejects change_profile for unconfined is that the profile could not be found. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
