Re: why do I have to use backports kernel to make LXC work on Bookworm?
Hi Herald, On Thu, Dec 28, 2023 at 05:17:48PM +0100, Harald Dunkel wrote: > On 2023-12-28 14:40:30, Salvatore Bonaccorso wrote: > > > > Because it needs backporting work in 6.1.y upstream, which for John > > Johansen aimed to work on. You can read about the history and backlog > > in #1050256 . So far I have not got a reply from John on > > https://bugs.debian.org/1050256#215 . > > > > Oh, I thought he's a Debian maintainer. My bad. > > Thank you very much for your fast response. No problem! I will let some day pass and then ping him again to ask after the "holiday season". I think even if someone else will propose a target backport Greg will want an ack from the apparmor maintainers, and John ist the sole one listed n the upstream MAINTAINERS file: APPARMOR SECURITY MODULE M: John Johansen M: John Johansen L: appar...@lists.ubuntu.com (moderated for non-subscribers) S: Supported W: apparmor.net B: https://gitlab.com/apparmor/apparmor-kernel C: irc://irc.oftc.net/apparmor T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor T: https://gitlab.com/apparmor/apparmor-kernel.git F: Documentation/admin-guide/LSM/apparmor.rst F: security/apparmor/ I hope we can make it for the next point release. Regards, Salvatore
Re: why do I have to use backports kernel to make LXC work on Bookworm?
On 2023-12-28 14:40:30, Salvatore Bonaccorso wrote: Because it needs backporting work in 6.1.y upstream, which for John Johansen aimed to work on. You can read about the history and backlog in #1050256 . So far I have not got a reply from John on https://bugs.debian.org/1050256#215 . Oh, I thought he's a Debian maintainer. My bad. Thank you very much for your fast response.
Re: why do I have to use backports kernel to make LXC work on Bookworm?
Hi, On Thu, Dec 28, 2023 at 02:13:28PM +0100, Harald Dunkel wrote: > Hi folks, > > apparently LXC is affected by a bug around apparmor support for months, > see #1052934 and #1050256. The workaround is to set PrivateNetwork=false > (set by default as a security measure) or to use a backports kernel. > > AFAIU reason is a bug in 6.1. The fix (1cf26c3d2c4c) is not a one-liner, > but reasonably small, and it has already been verified, so how comes it > is still in the loop for weeks? Because it needs backporting work in 6.1.y upstream, which for John Johansen aimed to work on. You can read about the history and backlog in #1050256 . So far I have not got a reply from John on https://bugs.debian.org/1050256#215 . Regards, Salvatore