[lxc-users] docker in lxc
Tamas Papp
tompos at martos.bme.hu
Mon Aug 31 09:18:48 UTC 2015
On 08/28/2015 03:48 PM, Serge Hallyn wrote:
> Quoting Tamas Papp (tompos at martos.bme.hu):
>> hi,
>>
>> I would like to achieve, what is in subject.
>>
>>
>> However, I cannot get over on this apparmor issue:
>>
>> [7690496.246952] type=1400 audit(1440757904.938:1130):
>> apparmor="DENIED" operation="mount" info="failed flags match"
>> error=-13 profile="lxc-docker" name="/var/lib/docker/aufs/"
>> pid=32534 comm="docker" flags="rw, private"
>>
>>
>> I read some post on various forums, that I need to run the lxc
>> container with unconfined profile.
>> Is still the case?
> Excellent, I've been wanting to bring this up here :)
>
> Maxim at Odin has been working on a proxy graphdriver for
> docker. The PR is at
>
> https://github.com/docker/docker/pull/15594
>
> I'm hoping to test that today and see what else is still
> needed. I would assume a custom apparmor policy will still
> be needed, but since the host is doing most of the mounting
> you should be able to avoid just being unconfined.
hi,
For the first look it seems to be a big change, that requires a more
qualified one for testing.
Did you take a look?
Can it be safely used?
10x
tamas
More information about the lxc-users
mailing list