[Lxc-users] Read-only container /proc
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Sep 18 18:48:49 UTC 2013
Quoting Andre Nathan (andre at digirati.com.br):
> Hi Serge
>
> On 09/18/2013 01:55 PM, Serge Hallyn wrote:
> > An unfortunate known bug - try the package in raring-proposed.
> > (You'll need lxc-start to be running unconfined as well, but if
> > that worked for you in precise I assume you already have that).
>
> I am using that package (I reported those ipv6 and aa_profile bugs). I
d'oh.
> thought this could be a separate issue, but this behavior means it's
> still trying to change the profile even when it's unconfined right?
Double-d'oh. The package in raring-proposed doesn't yet have the needed
fix, which is below. It's in upstream git. Do you mind opening a new
bug so we can SRU this?
commit c3cb8580407b6f6b49949e6c58e175eec81db692
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Sep 10 17:23:22 2013 -0500
apparmor.c: drop newline when reading current profile
Otherwise we fail to recognize if we are already unconfined. Then,
if we want to *start* unconfined, and /proc is readonly, start fails
even though it should be able to proceed.
With this patch, that situation works.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Reported-by: Andre nathan <andre at digirati.com.br>
diff --git a/src/lxc/apparmor.c b/src/lxc/apparmor.c
index 3941d3f..4dad801 100644
--- a/src/lxc/apparmor.c
+++ b/src/lxc/apparmor.c
@@ -77,6 +77,9 @@ again:
free(buf);
return NULL;
}
+ space = index(buf, '\n');
+ if (space)
+ *space = '\0';
space = index(buf, ' ');
if (space)
*space = '\0';
More information about the lxc-users
mailing list