[Bug 978297] [NEW] apparmor should quietly return success in a container

Serge Hallyn 978297 at bugs.launchpad.net
Tue Apr 10 19:31:17 UTC 2012 

Public bug reported:

In precise, containers are not allowed to load profiles.  This will be
allowed later, but for now apparmor should not prevent things from
starting in a container because of failures to load or transition to
profiles.

1. /etc/init.d/apparmor should return 0 if in a container

2. /lib/init/apparmor-profile-load should do nothing and return 0 if in
a container.

Since the container is already locked into a (customizable) container
profile, this is ok.

(Note that admins can have containers running unconfined and with all
capabilities, but that is a special case.)

THis is needed for bug 978147.

** Affects: apparmor (Ubuntu)
     Importance: High
     Assignee: Serge Hallyn (serge-hallyn)
         Status: In Progress

** Affects: upstart (Ubuntu)
     Importance: High
     Assignee: Serge Hallyn (serge-hallyn)
         Status: In Progress

** Also affects: upstart (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: apparmor (Ubuntu)
       Status: New => In Progress

** Changed in: upstart (Ubuntu)
       Status: New => In Progress

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => High

** Changed in: upstart (Ubuntu)
   Importance: Undecided => High

** Changed in: apparmor (Ubuntu)
     Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

** Changed in: upstart (Ubuntu)
     Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/978297

Title:
  apparmor should quietly return success in a container

Status in “apparmor” package in Ubuntu:
  In Progress
Status in “upstart” package in Ubuntu:
  In Progress

Bug description:
  In precise, containers are not allowed to load profiles.  This will be
  allowed later, but for now apparmor should not prevent things from
  starting in a container because of failures to load or transition to
  profiles.

  1. /etc/init.d/apparmor should return 0 if in a container

  2. /lib/init/apparmor-profile-load should do nothing and return 0 if
  in a container.

  Since the container is already locked into a (customizable) container
  profile, this is ok.

  (Note that admins can have containers running unconfined and with all
  capabilities, but that is a special case.)

  THis is needed for bug 978147.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/978297/+subscriptions

More information about the foundations-bugs mailing list