lxd/apparmor: Tweak default set of rules
Bug #1814986 reported by
km
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lxc (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
branches cosmic & disco
the impact of current lxc aa rules in conjunction with systemd v240 is outlined here https:/
Whilst LXC committed the patch to its master
https:/
it has not arrived downstream and thus would be appreciated to be merged, both in cosmic and disco since impacting users of both branches, e.g. arch linux guest that already deploy systemd v240 without this patch particular ubuntu patch
Revision history for this message
| Stéphane Graber (stgraber) wrote | #1 |
| Changed in lxc (Ubuntu): | |
| status: | New → Invalid |
To post a comment you must log in.
This is a LXD commit, not a LXC one. LXC cannot be fixed in the same way as it has a single apparmor policy covering both privileged and unprivileged containers, until such time as the apparmor security issue is resolved, there's nothing we can do to fix this issue without causing a giant security hole in the process.