dnsmasq profile prevents LXD container to launch
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
High
|
Tyler Hicks |
Bug Description
LXD 2.0 has dropped lxcbr0 for lxdbr0 as its default bridge configuration.
Since then, having usr.sbin.dnsmasq profile in enforce mode will prevent LXD containers to launch:
Apr 6 12:55:06 franck-
Apr 6 12:55:06 franck-
Of course, switching to complain mode works the problem around, but maybe allowing write to /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10-3ubuntu2
ProcVersionSign
Uname: Linux 4.4.0-17-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 6 17:34:12 2016
InstallationDate: Installed on 2015-10-04 (185 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
PackageArchitec
ProcKernelCmdline: BOOT_IMAGE=
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
modified.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
summary: |
- dnsmasq profile prevents LDX container to launch + dnsmasq profile prevents LXD container to launch |
Changed in apparmor (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
In the initial bug report against LXD, S. Graber suggests that maybe "The apparmor dnsmasq profile should only apply to the system wide daemon (/etc/init. d/dnsmasq) and not to other daemons".
Not sure what to think about it...