Apparmor problem inside a lxd container
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I've been running /usr/sbin/sshd in a custom Apparmor profile [*] for a long time and it works well.
When I loaded the same profile in a lxd container (named ganymede), it didn't work at all:
apparmor="DENIED" operation=
Additional information about my environment:
Both the host and the guest are up to date Xenials.
root@jupiter:~# apt-cache policy linux-image-
linux-image-
Installed: 4.4.0-63.84
Candidate: 4.4.0-63.84
Version table:
*** 4.4.0-63.84 500
500 http://
500 http://
100 /var/lib/
apparmor:
Installed: 2.10.95-0ubuntu2.5
Candidate: 2.10.95-0ubuntu2.5
Version table:
*** 2.10.95-0ubuntu2.5 500
500 http://
100 /var/lib/
2.
500 http://
openssh-server:
Installed: 1:7.2p2-4ubuntu2.1
Candidate: 1:7.2p2-4ubuntu2.1
Version table:
*** 1:7.2p2-4ubuntu2.1 500
500 http://
500 http://
100 /var/lib/
1:7.2p2-4 500
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2.5
ProcVersionSign
Uname: Linux 4.4.0-63-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Tue Feb 21 21:25:55 2017
InstallationDate: Installed on 2016-12-19 (64 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Beta amd64 (20161219)
ProcKernelCmdline: BOOT_IMAGE=
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
Hi Simon, could you capture the output of apparmor_parser -p on your sshd profile? There's no 'unix' rules in the portion pasted to github.
Also, does 'peer="---"' ring any bells for you?
Thanks