[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
Raised https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1188501 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
@Neil, yes, please do raise a new bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
I guess given the release date that this fix is in Raring? Should I raise a new bug since I'm getting a similar error in Raring? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
** Tags removed: needssru -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
This bug was fixed in the package lxc - 0.7.5-3ubuntu56 --- lxc (0.7.5-3ubuntu56) precise-proposed; urgency=low * Fix Ubuntu template to install the host architecture of the required mutli-arch packages (when using qemu-user-static) instead of hardcoded "amd64" version. (LP: #999187) lxc (0.7.5-3ubuntu55) precise-proposed; urgency=low * 0082-umount-old-proc: fix proc auto-mount. If /proc is already mounted, make sure that /proc/self points to 1, since we are container init. Otherwise, assume proc is an old one, and umount it and remount our own. If we keep the old proc mounted, apparmor transitions will by tried for wrong task and fail. Also move check for whether apparmor is enabled so that it is called by lxc-execute. (LP: #993706) * debian/control: add cloud-utils to lxc Recommends, as lxc-ubuntu-cloud needs it. (LP: #995361) * debian/lxc.upstart: load apparmor profiles before auto-starting containers. (LP: #989853) * debian/control: add apparmor to lxc Depends (LP: #997681) * debian/local/lxc-start-ephemeral: quote $line so its contents don't get expanded (LP: #997687) -- Stephane GraberTue, 15 May 2012 12:00:18 -0400 ** Changed in: lxc (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
Marking verification-done based on above comment. ** Changed in: lxc (Ubuntu Precise) Status: Fix Released => Fix Committed ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
Pleased to report that the fix to lxc reached us through our mirror today (!) and that lxc-execute is working now. Nicely done. AfC ** Changed in: lxc (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
** Branch linked: lp:ubuntu/precise-proposed/lxc -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
Hello Andrew, or anyone else affected, Accepted lxc into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: lxc (Ubuntu Precise) Status: Confirmed => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu Precise) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
** Description changed: + = + SRU Justification: + 1. impact: lxc-execute fails when apparmor transition is requested (as it is by default) + 2. development fix: make sure the container's own proc is mounted before attempting apparmor context transition + 3. stable fix: same as development fix + 4. test case: +lxc-execute -n foo /bin/bash + 5. Regression potential: apparmor transitions could break for containers if this is done wrong. However, the lxc testsuite passed with these patches + == + On a Precise system, LXC is no longer working: # lxc-execute -n foo /bin/bash lxc-execute: Permission denied - failed to change apparmor profile to lxc-container-default lxc-execute: invalid sequence number 1. expected 2 lxc-execute: failed to spawn 'foo' # At a minimum, I'm guessing lxc-execute needs a profile similar to lxc- start, but trying to run lxc-start failed with the same error. AfC -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
** Branch linked: lp:ubuntu/lxc -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu5 --- lxc (0.8.0~rc1-4ubuntu5) quantal; urgency=low * 0082-umount-old-proc: fix proc auto-mount. If /proc is already mounted, make sure that /proc/self points to 1, since we are container init. Otherwise, assume proc is an old one, and umount it and remount our own. If we keep the old proc mounted, apparmor transitions will by tried for wrong task and fail. Also move check for whether apparmor is enabled so that it is called by lxc-execute. (LP: #993706) * update 0074-lxc-execute-find-init to look for lxc-init in LXCINITDIR/lxc/lxc-init * debian/control: add cloud-utils to lxc Recommends, as lxc-ubuntu-cloud needs it. (LP: 995361) * debian/lxc.upstart: load apparmor profiles before auto-starting containers. (LP: #989853) * pop 06-bash.patch and 0075-lxc-ls-bash. lxc-clone also has bashims, just stick to using bash until upstream is also converted (so we are safe against patches). -- Serge HallynMon, 07 May 2012 21:22:26 + ** Changed in: lxc (Ubuntu Quantal) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 993706] Re: Fix lxc-execute without rootfs failing apparmor transitions
(The problem is actually that we need to make sure to mount our own /proc, else, when using lxc.rootfs=/, we leave the host's /proc mounted, and the apparmor library tries to set the lxc profile for the wrong task) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/993706 Title: Fix lxc-execute without rootfs failing apparmor transitions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
