[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
** Changed in: apparmor (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
** Tags added: aa-feature -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Any chance this will be fixed in saucy? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Confirmed fixed in 3.13.0-2-generic, where in 3.13.0-1-generic it was still failing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Quoting Iain Lane (i...@orangesquash.org.uk): > On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote: > > Quoting Iain Lane (i...@orangesquash.org.uk): > > > I get this (newly?) when trying to update within sbuild within lxc > > > > > > [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED" > > > operation="getattr" info="Failed name lookup - deleted entry" error=-2 > > > parent=11717 profile="/usr/bin/lxc-start" name="/var/lib/schroot/mount > > > > lxc-start -> that is not the profile you should be under. > > > > Is this by chance a 3.12 kernel? > > Sure is. 3.12.0-1-generic The fix for that should be in the trusty kernel I believe mid-next week. Would you mind opening a new bug against lxc saying that if the container is in profile lxc-start, and apparmor support is lacking, it must run unconfined or refuse to run? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote: > Quoting Iain Lane (i...@orangesquash.org.uk): > > I get this (newly?) when trying to update within sbuild within lxc > > > > [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED" > > operation="getattr" info="Failed name lookup - deleted entry" error=-2 > > parent=11717 profile="/usr/bin/lxc-start" name="/var/lib/schroot/mount > > lxc-start -> that is not the profile you should be under. > > Is this by chance a 3.12 kernel? Sure is. 3.12.0-1-generic -- Iain Lane [ i...@orangesquash.org.uk ] Debian Developer [ la...@debian.org ] Ubuntu Developer [ la...@ubuntu.com ] -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Quoting Iain Lane (i...@orangesquash.org.uk): > I get this (newly?) when trying to update within sbuild within lxc > > [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED" > operation="getattr" info="Failed name lookup - deleted entry" error=-2 > parent=11717 profile="/usr/bin/lxc-start" name="/var/lib/schroot/mount lxc-start -> that is not the profile you should be under. Is this by chance a 3.12 kernel? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
I get this (newly?) when trying to update within sbuild within lxc [ 1927.282880] type=1400 audit(1383816970.374:86): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=11717 profile="/usr/bin/lxc-start" name="/var/lib/schroot/mount /trusty-amd64-c7aa6e25-c1a2-401f-864d- d0b82f4002b5/var/lib/dpkg/diversions" pid=12244 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Francesco, The DENIED message doesn't look right. It says your containern is running in the lxc-start pfofile? it should have transitioned to a container profile when /sbin/init was executed. I think it is worth opening a new bug about your issue, so we can make sure there isn't more going on. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Serge, see comments on bug 970647, there is some progress but I have not found a specific bug affecting logging of this case. The larger fix which is the extended labeling, is in progress and will enter into the apparmor- dev ppa soon for testing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Francesco, The mediate_deleted flag should fix the rejection shown in comment #12 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
I'm sorry if this is not the place to report this, but running localedef into a lxc ubuntu container it's affecting quantal right now. The log line is [26775.302073] type=1400 audit(1353478924.553:73): apparmor="DENIED" operation="chmod" info="Failed name lookup - deleted entry" error=-2 parent=14028 profile="/usr/bin/lxc-start" name="/usr/lib/locale/locale- archive.fyr1kX" pid=14336 comm="localedef" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 I just fixed adding mediate_deleted into /etc/apparmor.d/usr.bin.lxc- start, but i don't know it this is the right fix. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Based on the duplicates, I'm not sure the workaround is working as well as we'd hoped. John, what are the prospects of bug 970647? How complicated is the fix for it? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
Marking the apparmor task as Won't Fix since the lxc work around is in place. If we pursue this in SRU, it will be through bug #970647. ** Changed in: apparmor (Ubuntu Precise) Importance: Critical => Undecided ** Changed in: apparmor (Ubuntu Precise) Status: Confirmed => Won't Fix ** Changed in: apparmor (Ubuntu Precise) Milestone: ubuntu-12.04 => None -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
** Tags added: rls-mgr-p-tracking -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
** Branch linked: lp:ubuntu/lxc -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
This bug was fixed in the package lxc - 0.7.5-3ubuntu49 --- lxc (0.7.5-3ubuntu49) precise; urgency=low * debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299) -- Serge HallynMon, 02 Apr 2012 09:38:21 -0500 ** Changed in: lxc (Ubuntu Precise) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969299] Re: apparmor prevents dpkg-divert and localedef from working in a container
** Also affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969299 Title: apparmor prevents dpkg-divert and localedef from working in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
