In Cosmic /lib/systemd/system/apparmor.service pointed to "/etc/init.d/apparmor start"
This had some code, but it was not triggered:
if [ -x /usr/bin/systemd-detect-virt ] && \ systemd-detect-virt --quiet --container && \ ! is_container_with_internal_policy; then log_daemon_msg "Not starting AppArmor in container" log_end_msg 0 exit 0
The interesting bit here is /lib/apparmor/functions with the function is_container_with_internal_policy
That essentially detected stacked namespaces in LXD and made it continue to work.
In Disco this now uses /lib/apparmor/apparmor.systemd instead.
I still calls is_container_with_internal_policy which now is only slightly different and stored in /lib/apparmor/rc.apparmor.functions
We need to track down why this now no more returns true ...
In Cosmic /lib/systemd/ system/ apparmor. service pointed to "/etc/init. d/apparmor start" systemd- detect- virt ] && \
systemd- detect- virt --quiet --container && \
! is_container_ with_internal_ policy; then
log_ daemon_ msg "Not starting AppArmor in container"
log_ end_msg 0
exit 0
This had some code, but it was not triggered:
if [ -x /usr/bin/
The interesting bit here is /lib/apparmor/ functions with the function is_container_ with_internal_ policy
That essentially detected stacked namespaces in LXD and made it continue to work.
In Disco this now uses /lib/apparmor/ apparmor. systemd instead. with_internal_ policy which now is only slightly different and stored in /lib/apparmor/ rc.apparmor. functions
I still calls is_container_
We need to track down why this now no more returns true ...