Comment 7 for bug 969299
Revision history for this message
| John Johansen (jjohansen) wrote Re: apparmor prevents dpkg-divert and localedef from working in a container | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
This does indeed seem to be the problem. The current labeling done by apparmor is not enough to avoid needing the mediate_deleted flag on the lxc profiles. Adding the flag will force apparmor to do a name lookup for entries that have been deleted (the name can be reliably be reconstructed), instead of using the default of the cached file label.
I have opened Bug #970647 for the failure to log rejects due to the deleted entry logic.