[lxc-devel] stable-1.0 broken on 14.04

S.Çağlar Onur caglar at 10ur.org
Wed Dec 3 18:16:37 UTC 2014 

On Wed, Dec 3, 2014 at 12:05 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Tue, Dec 02, 2014 at 10:34:56PM -0500, Stéphane Graber wrote:
>> On Tue, Dec 02, 2014 at 10:02:34PM -0500, S.Çağlar Onur wrote:
>> > Hey,
>> >
>> > Seems like [1] is causing problems for trusty (I'm using daily stable
>> > builds) as its AppArmor version does not understand "unix" directive
>> >
>> > [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload
>> >  * Reloading AppArmor profiles
>> >
>> > ppArmor parser error for /etc/apparmor.d/lxc-containers in
>> > /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax
>> > error, unexpected TOK_OPENPAREN, expecting TOK_MODE
>> >
>> > Commenting out following helps but not sure whether that's a correct thing to do
>> >
>> >  37   # Allow receive via unix sockets from anywhere. Note: if per-container
>> >  38   # profiles are supported, for container isolation this should be
>> > changed to
>> >  39   # something like:
>> >  40   #   unix (receive) peer=(label=unconfined),
>> >  41 #unix (receive),
>> >  42
>> >  43   # Allow all unix in the container
>> >  44 #unix peer=(label=@{profile_name}),
>> >
>> > [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372
>> >
>> > Best,
>>
>> Good catch, I'll update the stable PPA packaging to drop the unix lines
>> on 14.04. We already have a bunch of those (detecting apparmor version
>> and stripping the stanzas that go introduced in later versions).
>>
>> So yeah, removing or commenting out those lines is the right thing to
>> do, but the packaging should do that for you usually :)
>>
>> --
>> Stéphane Graber
>> Ubuntu developer
>> http://www.ubuntu.com
>
> I updated the packaging branch and a build is currently in progress, the
> next PPA upload should work fine on 14.04.

Thanks Stéphane!

> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>



-- 
S.Çağlar Onur <caglar at 10ur.org>

More information about the lxc-devel mailing list