Comment 10 for bug 1628285
Revision history for this message
| Tyler Hicks (tyhicks) wrote Re: [Bug 1628285] Re: apparmor should be allowed to start in containers | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On 11/12/2016 12:36 PM, Steve Langasek wrote:
>> IMPORTANT: There is a known regression that may be seen by
>> users of `lxc exec`. See bug #1641243 for details.
>
> I don't see any mention of an lxc exec regression in bug #1641243.
> Please explain here what the known regression is, and why this is
> thought to be acceptable in an SRU.
That was a copy and paste error. I've updated the description to point
to the correct bug (bug #1641236).
It may not be acceptable for an SRU but it is low impact. I think we
need to weigh our options here. See below...
> Please also elaborate why support for loading apparmor profiles in a
> 14.04 container on a 16.04 host is an appropriate rationale for an SRU.
> Is this related to supporting snappy inside a 14.04 container? I
> understand the argument for supporting snappy on a 14.04 host; I'm less
> clear on the rationale for users to want snappy support in a 14.04 lxd
> container, as opposed to simply spinning up a 16.04 lxd container to get
> snappy support.
If we don't care to support snaps inside of a 14.04 container, then I
can back out the various apparmor changes that allow loading of policy
inside of lxd containers and I can also drop the upstart SRU.
I haven't heard of a hard requirement to support snaps inside of 14.04
LXD containers so I'll ask around to gauge the interest.