[lxc-devel] stable-1.0 broken on 14.04

Stéphane Graber stgraber at ubuntu.com
Wed Dec 3 03:34:56 UTC 2014


On Tue, Dec 02, 2014 at 10:02:34PM -0500, S.Çağlar Onur wrote:
> Hey,
> 
> Seems like [1] is causing problems for trusty (I'm using daily stable
> builds) as its AppArmor version does not understand "unix" directive
> 
> [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload
>  * Reloading AppArmor profiles
> 
> ppArmor parser error for /etc/apparmor.d/lxc-containers in
> /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax
> error, unexpected TOK_OPENPAREN, expecting TOK_MODE
> 
> Commenting out following helps but not sure whether that's a correct thing to do
> 
>  37   # Allow receive via unix sockets from anywhere. Note: if per-container
>  38   # profiles are supported, for container isolation this should be
> changed to
>  39   # something like:
>  40   #   unix (receive) peer=(label=unconfined),
>  41 #unix (receive),
>  42
>  43   # Allow all unix in the container
>  44 #unix peer=(label=@{profile_name}),
> 
> [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372
> 
> Best,

Good catch, I'll update the stable PPA packaging to drop the unix lines
on 14.04. We already have a bunch of those (detecting apparmor version
and stripping the stanzas that go introduced in later versions).

So yeah, removing or commenting out those lines is the right thing to
do, but the packaging should do that for you usually :)

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141202/e72d55e3/attachment.sig>


More information about the lxc-devel mailing list