Source: debci Severity: wishlist Hi,
atm, debci runs on stable, i.e. AppArmor is not active by default. Once buster is released, this is likely going to change. autopktest with lxc as backend and AppArmor confinement enabled is problematic atm, at least for certain packages. E.g. if I try to run autopkgtest for systemd on sid in a AA-confined LXC container, it explodes left and right, whereas it passes with AA-confinement turned off. It is my understanding, that Ubuntu itself turns off AA-confinement in their LXC based CI or at least ship a AA policy which is much less strict [1]. Looking ahead at the buster release, we either need to turn off AA confinement in our Debian CI as well, ship a custom AA policy or provide a way for individual packages to opt out of AA confinement. In the latter case, this will probably need some changes to autopkgtest as well. Would welcome your input on this. Regards, Michael [1] https://github.com/systemd/systemd/issues/10166#issuecomment-428523883 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
