[lxc-users] docker in lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Aug 28 13:48:38 UTC 2015
Quoting Tamas Papp (tompos at martos.bme.hu):
> hi,
>
> I would like to achieve, what is in subject.
>
>
> However, I cannot get over on this apparmor issue:
>
> [7690496.246952] type=1400 audit(1440757904.938:1130):
> apparmor="DENIED" operation="mount" info="failed flags match"
> error=-13 profile="lxc-docker" name="/var/lib/docker/aufs/"
> pid=32534 comm="docker" flags="rw, private"
>
>
> I read some post on various forums, that I need to run the lxc
> container with unconfined profile.
> Is still the case?
Excellent, I've been wanting to bring this up here :)
Maxim at Odin has been working on a proxy graphdriver for
docker. The PR is at
https://github.com/docker/docker/pull/15594
I'm hoping to test that today and see what else is still
needed. I would assume a custom apparmor policy will still
be needed, but since the host is doing most of the mounting
you should be able to avoid just being unconfined.
More information about the lxc-users
mailing list