There is apparently still a bug in overlayfs with apparmor. If I do
mkdir /tmp/lower
mount -t overlayfs -o rw,upperdir=/tmp/lower,lowerdir=/ overlay /mnt
I can ls /mnt and see the overlay of / jsut fine. Then I create
/etc/apparmor.d/sergebashtest which contains:
===============
#include <tunables/global>
/bin/bash2 flags=(attach_disconnected) {
network,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability fsetid,
capability kill,
capability setgid,
capability setuid,
capability setpcap,
capability linux_immutable,
capability net_bind_service,
capability net_broadcast,
capability net_admin,
capability net_raw,
capability ipc_lock,
capability ipc_owner,
capability sys_module,
capability sys_rawio,
capability sys_chroot,
capability sys_ptrace,
capability sys_pacct,
capability sys_admin,
capability sys_boot,
capability sys_nice,
capability sys_resource,
capability sys_time,
capability sys_tty_config,
capability mknod,
capability lease,
capability audit_write,
capability audit_control,
capability setfcap,
capability mac_override,
capability mac_admin,
capability syslog,
/ rwklix,
/** rwklix,
}
==================
and insert that with 'apparmor_parser /etc/apparmor.d/sergebashtest, and cp
/bin/bash /bin/bash2.
Then I do /bin/bash2 and ls /mnt from there, and get:
root@sergelap:/etc/apparmor.d# ls /mnt
ls: cannot access /mnt: Invalid argument
though I can ls /tmp/lower and / just fine.
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/925028
Title:
apparmor breaks lxc-start-ephemeral
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/925028/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
