$ uname -a
Linux c2d.mgmt.sdeziel.info 4.15.0-64-generic #73+lp1844186 SMP Thu Sep 26 15:17:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: works!
Bionic/5.0:
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-8-generic #9+lp1844186 SMP Thu Sep 26 15:03:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: doesn't work/couldn't test properly. That kernel doesn't let me load an Apparmor policy in the container:
root@ns0:~# aa-status
apparmor module is loaded.
You do not have enough privilege to read the profile set.
Maybe it's just too old or the kernel isn't compatible with the Apparmor version from Bionic? The binary/service starts fine with NoNewPrivileges=yes but there is no Apparmor policy loaded in the container, only in the host.
Tests results on Bionic:
Bionic/4.15:
$ uname -a sdeziel. info 4.15.0-64-generic #73+lp1844186 SMP Thu Sep 26 15:17:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Linux c2d.mgmt.
*result*: works!
Bionic/5.0:
$ uname -a sdeziel. info 5.0.0-8-generic #9+lp1844186 SMP Thu Sep 26 15:03:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Linux c2d.mgmt.
*result*: doesn't work/couldn't test properly. That kernel doesn't let me load an Apparmor policy in the container:
root@ns0:~# aa-status
apparmor module is loaded.
You do not have enough privilege to read the profile set.
Maybe it's just too old or the kernel isn't compatible with the Apparmor version from Bionic? The binary/service starts fine with NoNewPrivileges=yes but there is no Apparmor policy loaded in the container, only in the host.