Hi, Pierre-Elliott Bécue: > This bugreport raises an interesting question regarding the tradeoff > between the solution we implemented to fix bug #916639.
> Cc-ing intrigeri: I'm reconsidering the /etc/lxc/default.conf setting > regarding apparmor.profile. Putting generated breaks many unpriv > containers as they have no apparmor.profile set in their configuration. I'd love to help but I'll need more info to understand why the current setup breaks "many unpriv containers", e.g.: - Is this specific to unprivileged containers? - Is it because "apparmor.profile = generated" is not suitable for unprivileged containers? Finally, I wonder if "Suggests: apparmor" expresses strongly enough the current status of the LXC + AppArmor integration in Debian. Thankfully the Linux images will pull apparmor via Recommends… except on systems where the administrator has disabled installation of Recommends. Cheers, -- intrigeri
