© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I believe this happens because, based on the following audit log,
AVC apparmor="AUDIT" operation="exec" info="ix fallback" profile=
lxd opens the file descriptor for stdout and stderr, and when tcpdump is executed, the container profile transitions to the tcpdump profile. AppArmor then reevaluates all opened fds, to check if the current task still has access to it. More implementation details here:
https:/
https:/
Since the policy for tcpdump did not have explicit access to stdout/stderr, they are blocked from reading/writing.
This does not happen in a normal host or VM because whichever program executes tcpdump (bash for example), is usually unconfined, so the fds are not reevaluated.