upstream discussion
https://gitlab.com/apparmor/apparmor/-/merge_requests/1247
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
Title:
apparmor unconfined profile blocks pivot_root
To manage
This issue is now occuring in lxd latest/edge builds after we merged
initial support for restricted user namespaces.
Is there an eta on a fix?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
It looks like the same issue happens with "kill" syscall:
Jul 01 15:52:45 kernel: audit: type=1400 audit(1719849165.951:291):
apparmor="DENIED" operation="signal" class="signal"
profile="lxd-v1_" pid=15369 comm="lxd"
requested_mask="receive" denied_mask="receive" signal=kill
This requires a v4.0 apparmor parser and Ubuntu not upstream kernel.
The ubuntu kernel carries a patch that is work toward splitting
unconfined and making so it can replaced and only cause mediation
overhead for the classes being mediated.
The 4.0 parser is setting mediated classes in unconfined
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
Title:
apparmor unconfined profile blocks pivot_root
To manage
