Comment 9 for bug 1215386
Revision history for this message
| Serge Hallyn (serge-hallyn) wrote Re: [Bug 1215386] Re: lxc-start tries to change apparmor profile to unconfined | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Quoting Andre Nathan (<email address hidden>):
> You are correct, the error I'm seeing comes from the fact that I have
> this line on the container's fstab:
>
> proc /var/lib/
>
> That is, I was trying to mount /proc as read-only in the container. This
> works for me in 12.04 but not in 13.04.
Thank you - to make sure I understand, do you also have
/etc/apparmor.
then when the container starts it is already undefined,
then lxc is supposed to detect that it is already
unconfined and not transition at all. But if you have
the lxc-start profile still enabled, then the container is
started while in the lxc-start profile, and a transition
is required (requiring read-write proc).
So if it is failing for you with /etc/apparmor.
disabled, then let's open a new bug for that and I'll fix that in
a separate SRU.