Control: tag -1 + moreinfo Hi,
Alistair Young (2021-05-07): > Specifically, systemd-detect-virt detects WSL as a container, > technically accurately, but this then causes the apparmor.systemd > script to decline to start apparmor. I'm trying to understand what's, at the end of the day, the desirable behavior here, and why. I understand you would like apparmor.service to start in a WSL environment, i.e. you would like the AppArmor policy to be loaded. Correct so far? May I infer that a container run under WSL can actually load and enforce AppArmor policy? In that case, IMO it would make much more sense to have is_container_with_internal_policy return true (0) for WSL containers, rather than tweaking apparmor.systemd to treat them as non-containers. Or is there any other reason why you want apparmor.service to start under WSL? Cheers!
