[Bug 978297] Re: apparmor should quietly return success in a container

Thu Apr 12 02:45:39 UTC 2012

Here is Serge's patch.

** Also affects: apparmor (Ubuntu Precise)
   Importance: High
     Assignee: Serge Hallyn (serge-hallyn)
       Status: In Progress

** Also affects: upstart (Ubuntu Precise)
   Importance: High
     Assignee: Serge Hallyn (serge-hallyn)
       Status: In Progress

** Changed in: upstart (Ubuntu Precise)
    Milestone: None => ubuntu-12.04

** Changed in: apparmor (Ubuntu Precise)
    Milestone: None => ubuntu-12.04

** Patch added: "upstart_1.5-0ubuntu4.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/978297/+attachment/3050359/+files/upstart_1.5-0ubuntu4.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/978297

Title:
  apparmor should quietly return success in a container

Status in “apparmor” package in Ubuntu:
  In Progress
Status in “upstart” package in Ubuntu:
  In Progress
Status in “apparmor” source package in Precise:
  In Progress
Status in “upstart” source package in Precise:
  In Progress

Bug description:
  In precise, containers are not allowed to load profiles.  This will be
  allowed later, but for now apparmor should not prevent things from
  starting in a container because of failures to load or transition to
  profiles.

  1. /etc/init.d/apparmor should return 0 if in a container

  2. /lib/init/apparmor-profile-load should do nothing and return 0 if
  in a container.

  Since the container is already locked into a (customizable) container
  profile, this is ok.

  (Note that admins can have containers running unconfined and with all
  capabilities, but that is a special case.)

  THis is needed for bug 978147.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/978297/+subscriptions