Public bug reported:
It seems on recent kernels - 6.17, 7.0 - it's no longer possible to
access a unit socket inside a lxd container. Reports are that this works
still in 6.14 kernel.
Bootstrapping a juju controller on LXD, the controller runs a dqlite
node which can now no longer open a unit socket.
Mar 31 10:32:55 resolute kernel: audit: type=1400
audit(1774953175.712:2034): apparmor="DENIED" operation="connect"
class="net" info="failed af match" error=-13 namespace="root//lxd-
juju-7fd800-0_<var-snap-lxd-common-lxd>"
profile="/snap/snapd/26382/usr/lib/snapd/snap-confine" pid=11842
comm="jujud" family="unix" sock_type="stream" protocol=0 requested="send
receive accept" denied="send receive accept"
addr="@dqlite-3297041220608546238" peer_addr=none peer="unconfined"
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2146972
Title:
denied: access to unix socket inside lxd container
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2146972/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
