Can't use apparmor-utils in nspawn container

Bug #1765130 reported by Matthias Pfau on 2018-04-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

On a debian stretch host with a working apparmor installation, I created a container (nspawn) and installed apparmor within that container.

Within the container, apparmor can't be started. `systemctl status apparmor` returns "ConditionSecurity=apparmor was not met". I also noted that the whole /sys/modules tree is missing within the container. Invoking `cat /sys/module/apparmor/parameters/enabled` on the host returns "Y".

Is AA virtualizable for containers? E.g. can multiple containers load their own AA profiles? If so, what is exactly needed to run apparmor in a container?

Thanks!

Cheers,
Matthias

Matthias Pfau (matthiaspfau) wrote :
Changed in apparmor (Ubuntu):
status: New → Confirmed
status: Confirmed → New
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions