** Tags added: aa-feature
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage
** Changed in: apparmor (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working
** Tags added: aa-feature
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications about this
** Changed in: apparmor (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
Any chance this will be fixed in saucy?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To
Any chance this will be fixed in saucy?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage
Confirmed fixed in 3.13.0-2-generic, where in 3.13.0-1-generic it was
still failing.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and
Confirmed fixed in 3.13.0-2-generic, where in 3.13.0-1-generic it was
still failing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup - deleted entry error=-2
parent=11717 profile=/usr/bin/lxc-start name=/var/lib/schroot/mount
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup - deleted entry error=-2
parent=11717 profile=/usr/bin/lxc-start
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup -
Quoting Iain Lane (i...@orangesquash.org.uk):
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup - deleted entry error=-2
parent=11717 profile=/usr/bin/lxc-start name=/var/lib/schroot/mount
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup - deleted entry error=-2
parent=11717 profile=/usr/bin/lxc-start
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86): apparmor=DENIED
operation=getattr info=Failed name lookup -
Quoting Iain Lane (i...@orangesquash.org.uk):
On Thu, Nov 07, 2013 at 03:20:29PM -, Serge Hallyn wrote:
Quoting Iain Lane (i...@orangesquash.org.uk):
I get this (newly?) when trying to update within sbuild within lxc
[ 1927.282880] type=1400 audit(1383816970.374:86):
Francesco,
The mediate_deleted flag should fix the rejection shown in comment #12
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and
Serge,
see comments on bug 970647, there is some progress but I have not found
a specific bug affecting logging of this case. The larger fix which is
the extended labeling, is in progress and will enter into the apparmor-
dev ppa soon for testing.
--
You received this bug notification because
Francesco,
The DENIED message doesn't look right. It says your containern is
running in the lxc-start pfofile? it should have transitioned to a
container profile when /sbin/init was executed.
I think it is worth opening a new bug about your issue, so we can make
sure there isn't more going on.
Francesco,
The mediate_deleted flag should fix the rejection shown in comment #12
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from
Serge,
see comments on bug 970647, there is some progress but I have not found
a specific bug affecting logging of this case. The larger fix which is
the extended labeling, is in progress and will enter into the apparmor-
dev ppa soon for testing.
--
You received this bug notification because
Francesco,
The DENIED message doesn't look right. It says your containern is
running in the lxc-start pfofile? it should have transitioned to a
container profile when /sbin/init was executed.
I think it is worth opening a new bug about your issue, so we can make
sure there isn't more going on.
I'm sorry if this is not the place to report this, but running localedef
into a lxc ubuntu container it's affecting quantal right now.
The log line is
[26775.302073] type=1400 audit(1353478924.553:73): apparmor=DENIED
operation=chmod info=Failed name lookup - deleted entry error=-2
parent=14028
I'm sorry if this is not the place to report this, but running localedef
into a lxc ubuntu container it's affecting quantal right now.
The log line is
[26775.302073] type=1400 audit(1353478924.553:73): apparmor=DENIED
operation=chmod info=Failed name lookup - deleted entry error=-2
parent=14028
Based on the duplicates, I'm not sure the workaround is working as well
as we'd hoped.
John, what are the prospects of bug 970647? How complicated is the fix
for it?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
Based on the duplicates, I'm not sure the workaround is working as well
as we'd hoped.
John, what are the prospects of bug 970647? How complicated is the fix
for it?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags added: rls-mgr-p-tracking
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage
Marking the apparmor task as Won't Fix since the lxc work around is in
place. If we pursue this in SRU, it will be through bug #970647.
** Changed in: apparmor (Ubuntu Precise)
Importance: Critical = Undecided
** Changed in: apparmor (Ubuntu Precise)
Status: Confirmed = Won't Fix
**
** Tags added: rls-mgr-p-tracking
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications
Marking the apparmor task as Won't Fix since the lxc work around is in
place. If we pursue this in SRU, it will be through bug #970647.
** Changed in: apparmor (Ubuntu Precise)
Importance: Critical = Undecided
** Changed in: apparmor (Ubuntu Precise)
Status: Confirmed = Won't Fix
**
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from
This bug was fixed in the package lxc - 0.7.5-3ubuntu49
---
lxc (0.7.5-3ubuntu49) precise; urgency=low
* debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299)
-- Serge Hallyn serge.hal...@ubuntu.com Mon, 02 Apr 2012 09:38:21 -0500
** Changed in: lxc (Ubuntu
** Branch linked: lp:ubuntu/lxc
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage
@JP
great! Thanks for that. I'll add that for now as a workaround.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
This bug was fixed in the package lxc - 0.7.5-3ubuntu49
---
lxc (0.7.5-3ubuntu49) precise; urgency=low
* debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299)
-- Serge Hallyn serge.hal...@ubuntu.com Mon, 02 Apr 2012 09:38:21 -0500
** Changed in: lxc (Ubuntu
** Branch linked: lp:ubuntu/lxc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
apparmor prevents dpkg-divert and localedef from working in a
container
To manage notifications about
This does indeed seem to be the problem. The current labeling done by
apparmor is not enough to avoid needing the mediate_deleted flag on the
lxc profiles. Adding the flag will force apparmor to do a name lookup
for entries that have been deleted (the name can be reliably be
reconstructed),
Friend of mine solved this, asked me if I can post it, so here goes:
/etc/apparmor.d/lxc/lxc-default profile needs 'flags=(mediate_deleted)'
appended to it, and the problem should go away. Documentation reference
for this is at http://wiki.apparmor.net/index.php/FAQ
** Attachment added: lxc-upgrader01
https://bugs.launchpad.net/bugs/969299/+attachment/2968319/+files/lxc-upgrader01
** Changed in: apparmor (Ubuntu)
Importance: Undecided = Critical
** Also affects: apparmor (Ubuntu Precise)
Importance: Critical
Status: New
** Changed in:
Reason for critical is that it's making random commands in container fail.
We've already got a few bug reports against udev, postgresql, ... all caused by
that issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Interestingly when I ser the lxc-container-default profile to complain:
sudo aa-complain /etc/apparmor.d/lxc/lxc-default
I no longer get the issue in the lxc instance - however neither do I get
any complaints.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/969299
Title:
While I haven't tried this yet, my initial thought when seeing it works
in complain mode, but there are no messages is that this is something
that is being specifically denied in the profile.
to confirm this we need to disable quieting of explicitly denied
messages, we can do this as root with
44 matches
Mail list logo
