Feel free to send this patchset to the Debian BTS -- we can see about
adding an Ubuntu vendor switch so we don't maintain a delta.
You should also consider talking with Upstream about getting this fixed
in 1.3
Thanks for your work!
On Tue, Oct 7, 2014 at 3:05 PM, Jamie Strandboge ja...@ubuntu.com wrote:
lxc-docker-1.2.0 is the upstream package. docker.io is the Ubuntu package.
This should be fixed in the Ubuntu packaging in 1.2.0~dfsg1-1ubuntu1:
docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium
* debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
by in sync with LXC. Specifically this:
- reorganizes the rules to allow for easier comparison with other
container policy
- adds comments for many rules
- adds bare dbus rule
- adds ptrace rule to allow ptracing ourselves
- adds deny mount options=(ro, remount, silent) - /
- allows hugetlbfs
- adds cgmanager mount
- adds /sys/fs/pstore mount
- more specific /sys/kernel/security mount options
- more specific /sys mount options
- more specific /proc/sys/kernel/* deny rules
- more specific /proc/sys/net deny rules
- more specific /sys/class deny rules
- more specific /sys/devices deny rules
- more specific /sys/fs deny rules
Specifically:
# Allow us to ptrace ourselves
ptrace peer=@{profile_name},
** Changed in: docker.io (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Docker
Ubuntu Maintainers, which is subscribed to docker.io in Ubuntu.
https://bugs.launchpad.net/bugs/1320869
Title:
apparmor=DENIED operation=ptrace profile=docker-default
Status in “docker.io” package in Ubuntu:
Fix Released
Bug description:
when starting a container with -p / -P i'm starting to get many error
messages in the syslog which looks like this
May 19 08:25:47 localhost kernel: [916087.208505] type=1400
audit(1400477147.264:2353): apparmor=DENIED operation=ptrace
profile=docker-default pid=12619 comm=706D323A20536174616E204461656D
requested_mask=trace denied_mask=trace peer=docker-default
» lsb_release -rd
Description:Ubuntu 14.04 LTS
Release:14.04
» apt-cache policy docker.io
docker.io:
Installed: 0.9.1~dfsg1-2
Candidate: 0.9.1~dfsg1-2
Version table:
*** 0.9.1~dfsg1-2 0
500 http://mirror.isoc.org.il/pub/ubuntu/ trusty/universe amd64
Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions
--
All programmers are playwrights, and all computers are lousy actors.
#define sizeof(x) rand()
:wq
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1320869
Title:
apparmor=DENIED operation=ptrace profile=docker-default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs