-
-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid mount rules according to the specification (no leading '/' with mountpoint) #886
Comments
jdstrand
changed the title
invalid mount rules according to the specification
invalid mount rules according to the specification (no leading '/' with mountpoint)
May 22, 2024
stgraber
added a commit
to stgraber/incus
that referenced
this issue
May 22, 2024
Closes lxc#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Fyi, John responded and said that the current syntax should continue to be supported: https://bugs.launchpad.net/lxc/+bug/2064144/comments/4. |
stgraber
added a commit
that referenced
this issue
May 27, 2024
Closes #886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
simondeziel
pushed a commit
to simondeziel/lxd
that referenced
this issue
Jun 4, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
simondeziel
pushed a commit
to simondeziel/lxd
that referenced
this issue
Jun 4, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0
simondeziel
pushed a commit
to simondeziel/lxd
that referenced
this issue
Jun 4, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0
hamistao
pushed a commit
to hamistao/lxd
that referenced
this issue
Jun 6, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0
tomponline
pushed a commit
to tomponline/lxd
that referenced
this issue
Jun 6, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0
tomponline
pushed a commit
to tomponline/lxd
that referenced
this issue
Jun 6, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0
tomponline
pushed a commit
to tomponline/lxd
that referenced
this issue
Sep 13, 2024
Closes lxc/incus#886 Signed-off-by: Stéphane Graber <stgraber@stgraber.org> (cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7) Signed-off-by: Simon Deziel <simon.deziel@canonical.com> License: Apache-2.0 (cherry picked from commit e896a21)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I came across https://bugs.launchpad.net/lxc/+bug/2064144 which states that rules like this:
are non-compliant with the apparmor specification due to the mountpoint not having a leading
/
: "man 5 apparmor.d ==> [mountpoint] must start with ’/’ (after variable expansion).".While this is talking about logprof (which won't interact with incus rules since there are no rules on disk (though it does impact the LXC project)), the response in the bug says "this restriction is only enforced in AppArmor since version 4.0" (referring to the parser) so incus likely is affected when run on systems with AppArmor 4.0 (note, there are still open questions to John on what to do; I just wanted you to be aware of the discussion).
Example of location of problematic AppArmor rule in incus: https://github.com/lxc/incus/blob/main/internal/server/apparmor/instance_lxc.go#L512
The text was updated successfully, but these errors were encountered: