@fnordahl Hi! Let's keep the discussion about bug 1701297 in that bug
since it is focused on the change in behavior between the Xenial release
kernel and the HWE kernel. That's not what this bug is about. John is
investigating the change in behavior issue. Jamie's previous
investigations of overlay
@andreserl
There are severe security implications of doing 2) from now until all
future, and unfortunately I have seen that this is being done in the
wild.
I would be much more comfortable by actually finding the root cause of
the issue at hand and fixing that.
This is what I am currently pursui
@Frode,
Users running 2.2 *already* have the apparmor=0 work around for
*ephemeral* environments only.
For users running previous versions, we recommend you upgrade
immediately, provided that 2.0 and 2.1 are out of support. If you decide
not to upgrade, your options are:
1. Use a HWE kernel (suc
@Frode, I can yes, when I file them. I need to do a bit of work for
simple reproducers/etc/etc to file them. I've added an item to add a
comment to this bug when I do.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
This problem has surfaced again with recent MAAS Ubuntu images. One
report in bug 1701297. I have information about at least two other end
users hit by the problem.
Adding a workaround by setting apparmor=0 kernel parameter in MAAS 2.2
will not help users that are running previous versions.
@jdst
Closing the MAAS task as it the referenced bug is marked Fix Release. If
there are issues there still, please see my previous comment and look at
the code in that snap-- there are viable ways to use overlayfs with
chroot and an apparmor alias rule, or overlayfs with private mount,
chroot and pivot_
Actually, I marked the MAAS task as incomplete in case people want to
give feedback.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
To
Ok, I spent quite a bit of time evaluating this and believe this bug can
be closed, but other bugs open.
In looking at this I created https://code.launchpad.net/~jdstrand/+git
/test-overlay (to build simply git clone, run 'snapcraft', install the
snap and then run 'test-overlay' for instructions o
@lamont does this need to have a MAAS task? Are we going to address it
somehow in MAAS?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
** Tags removed: kernel-da-key
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
To manage notifications about this bug go to:
https://bu
This bug causes maas testing to fail (at least the ntp test, because of
overlayfs and apparmor and ntp having a profile.) See
https://bugs.launchpad.net/maas/+bug/1677336
Hardware testing is a requirement for MAAS 2.2.
--
You received this bug notification because you are a member of Ubuntu
Bugs
** Also affects: maas
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
To manage notificatio
Hi! What kind of (realistic) timeline can we expect here? (With the move
to ZFS for containers, I wonder :)
E.g. is this part of your goals for 16.10? (I mean: for the AppArmor
/Ubuntu-specific parts, as I've learnt to be patient wrt. the
upstreaming to Linux mainline.)
Thanks for your work on Ap
** Changed in: linux (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
To manage notificatio
** Description changed:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
** Description changed:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
** Tags removed: kernel-key
** Tags added: kernel-da-key
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
To manage notifications about
** Summary changed:
- allow defining the attach root for attach_disconnected
+ attach_disconnected not sufficient for overlayfs
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_d
18 matches
Mail list logo
