AppArmor vs unix socket inside LXC containers
Bug #1428490 reported by
Toby Corkindale
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I know this seems like an odd bug, but I've spent all day chasing it down.
I was seeing problems with LDAP lookups inside an LXC container, and strace on getent lookups was showing that attempts to read from /var/run/
That file/UNIX socket is owned by nslcd, also running inside the LXC.
Back on the host machine, setting the LXC config to set lxc.aa_profile = unconfined (and restarting the container) then allowed that socket to start working freely.
This seems weird, as there's all sorts of other things using UNIX sockets inside containers that still function normally, but I thought I'd mention it, especially in case anyone hits this issue.
affects: | lxc → lxc (Ubuntu) |
To post a comment you must log in.
Toby,
what distro, release and kernel are you using?
And would you be willing to try a custom test kernel?