Control: tag -1 + moreinfo Hi Ivan,
Ivan Sergio Borgonovo: > I've a lxc guest running apache php fpm for horde. > lxc guest and host both were running apparmor. > Host was updated from 2.12-5 to 2.13-6. > Guest was updated from 2.13-4 to 2.13-6. Can you confirm this happens on Debian testing? What exact kernel are you running? > After upgrading apparmor horde stopped working. > I downgraded apparmor on the host and still horde on the guest was not > working. > After downgrading apparmor on the guest horde started to work again. > Problems seems related to apparmor recipes rather than in binaries since by > mistake > I forgot to downgrade the apparmor package in the guest and things were > working. I'm curious how AppArmor is involved, because AFAIK Debian testing does not enable any AppArmor confinement for Apache/PHP: - do you have libapache2-mod-apparmor installed? did you do anything to enable and use it? - I see that recent php-fpm have support for switching AppArmor "hats"; did you enable this? > related log entries may be > Aug 1 19:46:50 caronte kernel: [265475.231940] audit: type=1400 > audit(1533145610.777:245): apparmor="STATUS" operation="profile_replace" > info="same > as current profile, skipping" profile="unconfined" name="klogd" pid=19732 > comm="apparmor_parser" Sadly, this one is irrelevant. Please provide some more info: - the output of "journalctl -b | grep apparmor" - the output of "aa-status" Also, https://wiki.debian.org/AppArmor/Debug might help. Cheers, -- intrigeri
