Public bug reported:
Issue description
=================
At the moment attempt to perform any apparmor operation on the system
with installed LXC results in error due to conflicting profiles.
This is result of both /etc/apparmor.d/usr.bin.lxc-start and
/etc/apparmor.d/usr.bin.lxc-copy containing *exact* same content:
root@aio1:/home/ubuntu/openstack-ansible# cat /etc/apparmor.d/usr.bin.lxc-start
abi <abi/4.0>,
#include <tunables/global>
/usr/bin/lxc-start flags=(attach_disconnected) {
#include <abstractions/lxc/start-container>
}
root@aio1:/home/ubuntu/openstack-ansible# cat /etc/apparmor.d/usr.bin.lxc-copy
abi <abi/4.0>,
#include <tunables/global>
/usr/bin/lxc-start flags=(attach_disconnected) {
#include <abstractions/lxc/start-container>
}
root@aio1:/home/ubuntu/openstack-ansible#
Apparently, /etc/apparmor.d/usr.bin.lxc-copy should be responsible for
/usr/bin/lxc-copy binary, not lxc-start.
I did download https://launchpad.net/ubuntu/noble/amd64/liblxc-
common/1:5.0.3-2ubuntu7.1 and the package contained the same issue where
both profiles were trying to control lxc-start.
Environment
===========
Ubuntu 24.04
liblxc-common=1:5.0.3-2ubuntu7.1
How to reproduce
================
Try to execute any apparmor operation when liblxc-common is installed
Expected result
===============
# aa-disable usr.sbin.dnsmasq
Disabling /etc/apparmor.d/usr.sbin.dnsmasq.
# echo $?
0
Actual result
=============
# aa-disable usr.sbin.dnsmasq
ERROR: Conflicting profiles for /usr/bin/lxc-start defined in two files:
- /etc/apparmor.d/usr.bin.lxc-start
- /etc/apparmor.d/usr.bin.lxc-copy
# echo $?
1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: liblxc-common 1:5.0.3-2ubuntu7.1
ProcVersionSignature: Ubuntu 6.8.0-59.61-generic 6.8.12
Uname: Linux 6.8.0-59-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: openstack
CloudName: openstack
CloudPlatform: openstack
CloudSerial: 20250502.1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Wed May 14 12:30:08 2025
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug cloud-image noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110635
Title:
usr.bin.lxc-copy apparmor profile is containing wrong binary reference
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2110635/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
