Quoting Stéphane Graber (<email address hidden>):
> Public bug reported:
>
> This bug affects all arkose containers.
>
> Since the recent change to implement per-container apparmor profile, arkose stopped working, printing:
> lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default
>
>
> Trying to reproduce this with a standard container, I tracked it down to the lack of /proc defined in LXC's fstab.
Ok, I see. So we should switch to aa_change_onexec() and run it before we
do our pivot_root(). I couldn't do that before, but IIUC aa_change_onexec()
has been fixed and this should now work.
Quoting Stéphane Graber (<email address hidden>): default
> Public bug reported:
>
> This bug affects all arkose containers.
>
> Since the recent change to implement per-container apparmor profile, arkose stopped working, printing:
> lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-
>
>
> Trying to reproduce this with a standard container, I tracked it down to the lack of /proc defined in LXC's fstab.
Ok, I see. So we should switch to aa_change_onexec() and run it before we
do our pivot_root(). I couldn't do that before, but IIUC aa_change_onexec()
has been fixed and this should now work.
Thanks for submitting this bug.