[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: containerd-app (Ubuntu Noble) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: containerd-app (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: containerd-app (Ubuntu Focal) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Thank you for the clarification and thank you for your work! Cheers! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
It is fixed in the development release (when there is not specific series the default is development, in this case oracular). I am adding tasks for the supported series as well. The backport is a follow-up work. The server team will be doing that once we find the time. ** Also affects: containerd-app (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: containerd-app (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: containerd-app (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
I can see the updated package in oracular, but noble is still at 1.7.12-0ubuntu4. Well the package be updated in noble as well? Without, I wouldn't consider that fixed. Thanks for your efforts, cheers! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
This bug was fixed in the package containerd-app - 1.7.19-0ubuntu1 --- containerd-app (1.7.19-0ubuntu1) oracular; urgency=medium * New upstream release. * d/t/basic-smoke: set proxy environment variables. -- Lucas Kanashiro Wed, 03 Jul 2024 18:52:03 -0300 ** Changed in: containerd-app (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
FYI: Uploaded by Lucas but atm stuck in proposed for networking issues in the test -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
** Changed in: containerd-app (Ubuntu) Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
** Changed in: containerd-app (Ubuntu) Status: Confirmed => Triaged ** Tags added: server-todo ** Changed in: containerd-app (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Apparently, that's the fate of early adopters... I've managed to "hand-craft" following apparmor profile and place it in: /etc/apparmor.d/cri-containerd.apparmor.d as a temporary solution for this problem. ** Attachment added: "Temporary working profile for apparmor" https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+attachment/5780797/+files/cri-containerd.apparmor.d -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
I am to some extend amazed considering so few users participate in this discussion. I'd expect every user of Kubernetes, using containerd and app_armor on an Ubuntu 24.04 to be affected. To get my clusters in a sustainable state, I deactivated app_armor for containerd as a stop-gap measure, expecting the need for bumping containerd to be high and an updated package to appear soon. Am I in some respect wrong in my assumption? Is running K8S on 24.04 with app_armor-ed containerd an edge case? Thanks for your consideration. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Forgot to paste link to PR related to issue above :/ https://github.com/containerd/containerd/pull/10129 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: containerd-app (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065423] Re: Update AppArmor template to allow confined runc to kill containers
Seeing this in Noble containerd 1.7.12-0ubuntu4 Seems to be https://github.com/containerd/containerd/pull/10123 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs