Ubuntu
apparmor package

Can't use apparmor-utils in nspawn container

Bug #1765130 reported by Matthias Pfau on 2018-04-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	New	Undecided	Unassigned

Bug Description

On a debian stretch host with a working apparmor installation, I created a container (nspawn) and installed apparmor within that container.

Within the container, apparmor can't be started. `systemctl status apparmor` returns "ConditionSecurity=apparmor was not met". I also noted that the whole /sys/modules tree is missing within the container. Invoking `cat /sys/module/apparmor/parameters/enabled` on the host returns "Y".

Is AA virtualizable for containers? E.g. can multiple containers load their own AA profiles? If so, what is exactly needed to run apparmor in a container?

Thanks!

Cheers,
Matthias

Revision history for this message

Matthias Pfau (matthiaspfau) wrote on 2018-04-18:

Probably related to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1652101

Changed in apparmor (Ubuntu):
status:	New → Confirmed
status:	Confirmed → New

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package

Can't use apparmor-utils in nspawn container

Bug Description

Other bug subscribers

Related questions

Remote bug watches

Ubuntu
apparmor package