Hi, On Sat, Feb 27, 2016 at 11:34:52PM +0100, Ivan Sergio Borgonovo wrote: > On 02/27/2016 09:37 PM, Evgeni Golov wrote: > >Hi Ivan, > > >On Sun, Feb 07, 2016 at 03:06:54AM +0100, Ivan Sergio Borgonovo wrote: > >>got this after upgrade 1:1.0.8-1 -> 1:1.1.5-1 > > >> lxc-start 1454809870.985 ERROR lxc_apparmor - > >>lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start > >>this container, set > >> lxc-start 1454809870.985 ERROR lxc_apparmor - > >>lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1 > >> lxc-start 1454809870.985 ERROR lxc_apparmor - > >>lsm/apparmor.c:apparmor_process_label_set:171 - in your container > >>configuration file > > >Stricly speaking this is not an regression but an improvement. > >1.0.x did silently ignore apparmor if you did not have "complete" apparmor > >support in the kernel (read: no mount restrictions which are only available > >in Ubuntu). > >See [1] for details about the behaviour. > > > >With 1.1.x LXC actually errors out when it detecs you want apparmor but > >don't have the right kernel for it. You can set "lxc.aa_allow_incomplete = > >1" to allow it to use whatever apparmor support is available, skipping the > >cool mount stuff. > > >That said I would love to close this as not-a-bug, if you do not disagree. > > There was no news in apt-listchanges. > I did find how to fix the problem googling the error and I had to understand > what I was really doing adding that option but I wouldn't have incurred in > the problem if: > - the package itself would have made the change to the configurations (not > sure if it is a good idea) > or > - there was a notice in apt-listchange. > > I'm ok if you close the bug but I'm thinking about the other poor souls that > may upgrade lxc and find their containers not running without any notice.
Fair enough, I will add a notice to the NEWS file to be picked up by apt-listchanges. > Nothing terrible, I'm aware I'm using sid and probably once there will be a > new kernel this won't be an issue. When the feature will get upstream, yeah. I am waiting for this too. Greets
