I had been considering splitting the lxc apparmor profile loading to its own upstart job so it would happen sooner, but that will only make the container start weirdly due to lxc-net not having started. What we need is a way for lxc-start to know that it shouldn't run yet.
I propose we add a 'lxc.wait_on_file = /run/lxc/ready' to the container config format. We add that entry to the /etc/lxc/lxc.conf in ubuntu, and have /etc/init/lxc.conf create /run/lxc/ready when all is set. lxc- start will simply wait until the condition is satisfied to actually start the container (logging a message that it is doing so), rather than failing to start. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1227937 Title: lxc-start is unconfined but has a profile defined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1227937/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
