Control: done -1 2.11.1-4
intrigeri:
> I believe the blockers have been resolved in current testing/sid: the
> kernel now has mount mediation support and the pinned feature set in
> the apparmor package enables it. I see no bug with "apparmor" in its
> title on the src:lxc BTS page and its debia
Control: tag -1 + moreinfo
Hi,
I believe the blockers have been resolved in current testing/sid: the
kernel now has mount mediation support and the pinned feature set in
the apparmor package enables it. I see no bug with "apparmor" in its
title on the src:lxc BTS page and its debian/changelog r
Hi,
(I noticed this parser failure on the LXC profiles thanks to the red
line in `systemctl list-units' output here. It's unclear to me which
bug report is actually the one about the shipped profiles being buggy.
Sorry if that's not the right one.)
John Goerzen wrote (02 Jun 2014 02:49:40 GMT) :
On 06/01/2014 05:13 PM, Daniel Baumann wrote:
> On 06/02/2014 12:06 AM, John Goerzen wrote:
>> Everything I have read says one must use either AppArmor or user
>> namespaces to make it secure.
>
> or, like i said, you can r/o mount certain pseudo-fs and drop a bunch of
> capabilities, like lxc-deb
On 06/01/2014 04:51 PM, Daniel Baumann wrote:
> On 06/01/2014 10:47 PM, John Goerzen wrote:
>> 1) Installing lxc renders AppArmor unusable on the entire system because
>> the LXC profiles have syntax errors.
>
> i take it you're using apparmor and are familiar with it. would you be
> so kind in pr
On 06/02/2014 12:06 AM, John Goerzen wrote:
> Everything I have read says one must use either AppArmor or user
> namespaces to make it secure.
or, like i said, you can r/o mount certain pseudo-fs and drop a bunch of
capabilities, like lxc-debconfig in lxc-stuff does by default (and
lxc-debian in d
On 06/01/2014 04:43 PM, Daniel Baumann wrote:
> On 06/01/2014 10:27 PM, John Goerzen wrote:
>> Here are some links that describe AppArmor and why it's important to LXC:
> i'm aware that lxc can use apparmor, but as said previously, it is not
> required to make a container secure.
Everything I hav
On 06/01/2014 10:47 PM, John Goerzen wrote:
> 1) Installing lxc renders AppArmor unusable on the entire system because
> the LXC profiles have syntax errors.
i take it you're using apparmor and are familiar with it. would you be
so kind in preparing a patch to apply in lxc to make the missing piec
On 06/01/2014 10:27 PM, John Goerzen wrote:
> Here are some links that describe AppArmor and why it's important to LXC:
i'm aware that lxc can use apparmor, but as said previously, it is not
required to make a container secure.
> http://blog.bofh.it/debian/id_413 is an exploit that is usable to
>
Daniel et al,
Here are some links that describe AppArmor and why it's important to LXC:
https://www.stgraber.org/2014/01/01/lxc-1-0-security-features/
http://blog.bofh.it/debian/id_413 is an exploit that is usable to
compromise the host's root on any LXC container that doesn't use app
armor or u
reopen 750107
thanks
Daniel,
There are two different bugs here.
1) Installing lxc renders AppArmor unusable on the entire system because
the LXC profiles have syntax errors.
How to reproduce:
apt-get install apparmor
reboot with security=apparmor apparmor=1 on kernel command line
apt-get insta
11 matches
Mail list logo
