On Tue, Nov 02, 2021 at 05:21:12PM +0800, xiao sheng wen(肖盛文) wrote: > 在 2021/11/2 上午10:01, Colin Watson 写道: > > Interestingly, a bullseye VM does *not* exhibit the same issue, which > > suggests that it may be possible to track down a change to the kernel, > > AppArmor userspace, or Docker that fixed this (I'm guessing as to > > plausible packages). I haven't tried that yet since it's 2am here, but > > maybe somebody else can run with this. > > It's new version Docker in bullseye that fixed this. > > In bullseye, Docker has a docker-default profile for AppArmor[1], but > this profile don't exist in buster.
Ah yes, thanks for finding that. So I guess the plausible choices (without having checked feasibility) are: * cherry-pick the docker-default profile into buster's docker.io package as a stable update * backport the docker.io package wholesale from bullseye to buster-backports * ask Salsa admins to upgrade our runners to bullseye Does anyone have opinions on this? I've CCed the docker.io package maintainers in case they have any preferences. -- Colin Watson (he/him) [cjwat...@debian.org]
