docker.io doesn't work with apparmor 3.0 RC1 kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Utopic |
Invalid
|
Undecided
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
docker.io (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Utopic |
Invalid
|
Undecided
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Utopic |
Fix Released
|
High
|
John Johansen | ||
Vivid |
Fix Released
|
High
|
John Johansen |
Bug Description
Steps to reproduce (from https:/
1. sudo apt-get install docker.io # 1.2.0~dfsg1-1
2. sudo docker pull ubuntu:trusty
3. sudo docker run ubuntu:trusty uptime
2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9
What is expected? uptime to return something like:
$ sudo docker run ubuntu:trusty uptime
20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03
I set 'sudo sysctl -w kernel.
FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic, which will affect docker.io in Ubuntu. Workaround until this bug is fixed is to boot into 3.16.0-16.22 or earlier.
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
Changed in apparmor (Ubuntu): | |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
tags: | added: kernel-da-key |
summary: |
- docker.io doesn't work with 3.0 RC1 kernel + docker.io doesn't work with apparmor 3.0 RC1 kernel |
description: | updated |
tags: | added: apparmor |
Changed in linux (Ubuntu): | |
milestone: | none → ubuntu-14.10 |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Utopic): | |
status: | New → Fix Released |
importance: | Undecided → High |
assignee: | nobody → John Johansen (jjohansen) |
milestone: | none → ubuntu-14.10 |
Changed in linux (Ubuntu Vivid): | |
milestone: | ubuntu-14.10 → ubuntu-14.12 |
status: | Fix Released → Fix Committed |
Changed in docker.io (Ubuntu Utopic): | |
status: | New → Invalid |
Changed in apparmor (Ubuntu Utopic): | |
status: | New → Invalid |
a failure in change_profile from unconfined is NOT expected to log a message.
Can you please verify that the target profile is loaded. The only reason apparmor rejects change_profile for unconfined is that the profile could not be found.