Your message dated Tue, 18 Mar 2025 01:05:06 +0000 with message-id <e1tuloe-000txf...@fasolo.debian.org> and subject line Bug#1098521: fixed in lxc 1:6.0.3-2 has caused the Debian Bug report #1098521, regarding apparmor 4.x breaks systemd user namespacing in lxc containers to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1098521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098521 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: apparmor Version: 4.1.0~beta5-2 Severity: important When upgrading apparmor (and libapparmor1) to 4.1.0~beta5-2, multiple services spawned by systemd in lxc containers fail to start, with denied permissions errors. Errors similar to the following ones can be found in the kernel logs: apparmor="DENIED" operation="userns_create" class="namespace" profile="lxc-fediverse_</srv/containers>" pid=1215864 comm="(snac)" requested="userns_create" denied="userns_create" apparmor="DENIED" operation="userns_create" class="namespace" profile="lxc-forge_</srv/containers>" pid=1203690 comm="(s-server)" requested="userns_create" denied="userns_create" ("s-server" here is "redis-server") Downgrading to apparmor + libapparmor1 3.1.7-4 gets rid of these problems. Such errors are not triggered in lxc containers that use OpenRC as the init system, only the ones using systemd are impacted. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.12-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: lxc Source-Version: 1:6.0.3-2 Done: Mathias Gibbens <gib...@debian.org> We believe that the bug you reported is fixed in the latest version of lxc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1098...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathias Gibbens <gib...@debian.org> (supplier of updated lxc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Mar 2025 00:19:26 +0000 Source: lxc Architecture: source Version: 1:6.0.3-2 Distribution: unstable Urgency: medium Maintainer: pkg-lxc <pkg-lxc-de...@lists.alioth.debian.org> Changed-By: Mathias Gibbens <gib...@debian.org> Closes: 1098521 1099042 Changes: lxc (1:6.0.3-2) unstable; urgency=medium . [ Mathias Gibbens ] * d/control: - No longer Suggest cgroupfs-mount, since it has been removed from the archive (Closes: #1099042) - Add a Conflicts against lava-lxc-mocker for bin:lxc (spotted by Salsa CI "missing-breaks" job) - Update minimum version of apparmor - Update Standards-Version to 4.7.2 (no changes needed) - Drop vestigial ${lxcfs:Depends} use * Extend apparmor patch to include two more profiles * Update years in d/copyright * Cleanup patch names . [ Nicolas Schier ] * d/p.u/1000-ubuntu-apparmor-userns.patch: replace mistyped filename lxc-start by lxc-copy (LP: #2080358) * Apply AppArmor API and userns patch also on Debian (Closes: #1098521) Checksums-Sha1: 24168c17a49b94525b33a097962e17fbee078352 2904 lxc_6.0.3-2.dsc 515efdfd3b37760f00b1452db45826c67d443967 964210 lxc_6.0.3.orig.tar.gz e3beed1af439a3a6c1a478ff555107494d804629 833 lxc_6.0.3.orig.tar.gz.asc 30cada14c77035a74974d130c9b99e655c29aed5 53852 lxc_6.0.3-2.debian.tar.xz 3b09ea3d96e48d32239116f75d29c350083aea82 13973 lxc_6.0.3-2_amd64.buildinfo Checksums-Sha256: 7e267a275092d443dc7d5d93317812bb43a5c109ed59abe107bc3d54f8cd4006 2904 lxc_6.0.3-2.dsc adac0837d2abfd2903916eaf56f60756f131327311f4f25ad917f6a71f73f98c 964210 lxc_6.0.3.orig.tar.gz f14e822359921212a14f8d15ed20cd3677ad22c7ac1d7e8e6d930fba520be450 833 lxc_6.0.3.orig.tar.gz.asc 4fbe20a1dc5ba9e0ed6915b25dfcd0a4f0b456219c65d54a8bb9d746e38ed562 53852 lxc_6.0.3-2.debian.tar.xz 488390afec9bc49b41ee0293fb53223e36c62daa27ba37f22284717feabc0253 13973 lxc_6.0.3-2_amd64.buildinfo Files: 3f1aaebe34ae31a081420920bf1d49bf 2904 admin optional lxc_6.0.3-2.dsc f9a7c92f8442b4e0bb83619fd8e2c944 964210 admin optional lxc_6.0.3.orig.tar.gz 6745301c2026c5113ebdeb34583ba646 833 admin optional lxc_6.0.3.orig.tar.gz.asc 7adceabd5aeabfbbc466eb0d1166d412 53852 admin optional lxc_6.0.3-2.debian.tar.xz b1cdeb9f72cb0f0eca76b8a993b1a561 13973 admin optional lxc_6.0.3-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmfYvtYSHGdpYm1hdEBk ZWJpYW4ub3JnAAoJECnu4tbs9EL543AQAI6LGSPC2iuCdNogU7XcATGKex96tcqL dr7JpRtKn0UBDOMcj3PyJ4OR8vHer+RfQ/U5pZavzAgZY1RUZCaeOhE3XxFuzVBG jakW9AnVxWSX7o02+XY6RUQ06JHJENzWFgSBVFvQJbTOTLhCGiGDFajHRn1m/D9b S9QnnozJiEHWujYr7aEXKxIWbofwyylbg96mDcL8W2xveEVjOk3rl/8ezJzVfQ1u WCYiJJtTofTaHtGCwc39dnvmHNHOkapDl7xviUXR33mIQ1TbcJ1cSQyIPKA/q/k8 zWZXtIEu9ePVKGIbON1eCMU2gZ4A5MK5/r4hAw7ZimTY+PXCYKDjJ7TR9tsItQhI TK/rpYy1sd+btdhDrQpC2+epftttpPZaEmuyqx/OkLgSr/tnV7rn32S2JRjRYwa0 EN3Bv0F/YIOw4qMoGBu1bRr+stGOodAQ3F9JNt0ShtC/Yy4lpyN7Gjr47wbpS/WK wUg2cEAbHCdUQPQ6OOmP2U1kiy8KvZ/zX7mbKsB8sfzCAjrGPz4rnBqbP/znEy9T AUbAvDYzYEhV+Wtd2TSr6O4YfpHh3GRCq+sLgN6EINgSHY9nu42q3m05oA1G1lBe j16LCKU3Mo9GbRzIyu3nTbzenahTiXZBaldWqcgiZtf6VxseVRl0mRSAxQw5Z5z0 uxL6rz5P3zWg =2F7g -----END PGP SIGNATURE-----
pgp8nTJsf_bZG.pgp
Description: PGP signature
--- End Message ---
