[pkg-lxc-devel] Bug#947863: lxc: apparmor denied mount with unprivileged lxc
Johannes Schauer
josch at debian.org
Wed Jan 1 16:13:50 GMT 2020
Hi,
Quoting Pierre-Elliott Bécue (2020-01-01 16:25:24)
> I'm sorry but lxc unprivileged containers can't run with any apparmor
> profile. You have to set this parameter to unconfined for your unprivileged
> containers. Setting a default profile for unconfined containers is a hard
> thing as only etc/default/lxc.conf is an option, but it'd also apply to
> privileged containers.
but I don't understand why this is a wontfix?
If lxc unprivileged containers cannot run with any apparmor profile, then why
do files like /usr/share/lxc/config/userns.conf not include a line like:
lxc.aa_profile=unconfined
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200101/c6f5c63e/attachment-0001.sig>
More information about the Pkg-lxc-devel
mailing list