[Kernel-packages] [Bug 1496430] Re: Docker-1.8.2 can't create container, due to apparmor denying 'disconnected path'

Mon, 19 Oct 2015 09:18:18 -0700 

This bug was fixed in the package linux - 3.2.0-92.130

---------------
linux (3.2.0-92.130) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1500854

  [ dan.street...@canonical.com ]

  * [Config] HOTPLUG_PCI_ACPI=y
    - LP: #1479031

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Upstream Kernel Changes ]

  * RDS: verify the underlying transport exists before creating a
    connection
    - LP: #1496232
    - CVE-2015-6937
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1484793
    - CVE-2015-5156

 -- Brad Figg <brad.f...@canonical.com>  Mon, 05 Oct 2015 13:50:43 -0700

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1496430

Title:
  Docker-1.8.2 can't create container, due to apparmor denying
  'disconnected path'

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Released
Status in linux-lts-utopic source package in Wily:
  Invalid

Bug description:
  I'm trying to get docker-1.8.2-rc1 to work on snappy, while doing so I
  got this apparmor denial:

  Sep 10 09:12:35 localhost.localdomain audit[1320]: AVC
  apparmor="DENIED" operation="mount" info="Failed name lookup -
  disconnected path" error=-13 profile="docker_docker-
  daemon_IAUSSaDNVTJR" name="/run/docker/netns/6901f2b6dd4c/" pid=1320
  comm="exe" srcname="" flags="rw, bind"

  and trying to chase it I got:
  http://paste.ubuntu.com/12341612/

  so docker is trying to issue this mount: 
  syscall.Mount("/proc/self/ns/net", /var/run/docker/netns/5b9b1ba4437b, 
"bind", 4096 (syscall.MS_BIND), "")

  from https://golang.org/pkg/syscall/#Mount
  func Mount(source string, target string, fstype string, flags uintptr, data 
string) (err error)

  which is denied as if there wasn't a source?

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1496430/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to