[lxc-devel] [lxd/master] lxd/apparmor/instance: Fix invalid aa profile generation when lxd binary has changed/gone

tomponline on Github lxc-bot at linuxcontainers.org
Thu Sep 17 11:02:19 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 957 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200917/a5bf01ac/attachment.bin>
-------------- next part --------------
From 77af9a5267a00b958fbfd62a8d0a9f00ba1c5087 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 17 Sep 2020 11:55:56 +0100
Subject: [PATCH] lxd/apparmor/instance: Fix invalid aa profile generation when
 lxd binary has changed/gone

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/apparmor/instance.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
index 77d266befd..45da348b5b 100644
--- a/lxd/apparmor/instance.go
+++ b/lxd/apparmor/instance.go
@@ -175,9 +175,13 @@ func instanceProfile(state *state.State, inst instance) (string, error) {
 			}
 		}
 
+		// The value from GetExecPath can include " (deleted)" if the lxd binary has been removed/changed
+		// since the lxd process was started, which can cause the appamor profile load to fail.
+		execPathCleaned := strings.TrimSpace(strings.Replace(util.GetExecPath(), "(deleted)", "", 1))
+
 		err = qemuProfileTpl.Execute(sb, map[string]interface{}{
 			"devPaths":    inst.DevPaths(),
-			"exePath":     util.GetExecPath(),
+			"exePath":     execPathCleaned,
 			"libraryPath": strings.Split(os.Getenv("LD_LIBRARY_PATH"), ":"),
 			"logPath":     inst.LogPath(),
 			"name":        InstanceProfileName(inst),


More information about the lxc-devel mailing list