Le dimanche 27 janvier 2019 à 19:47:59+0100, intrigeri a écrit : > Hi, > > Pierre-Elliott Bécue: > > We have to decide what solution I will implement. > > Right, thanks for following up. > > > I'm open to suggestions, although I'm considering the "disable > > apparmor profiles for lxc" solution for now. > > I think that disabling AppArmor by default for new LXC containers for > Buster would be an OK-ish fallback option, if nothing else can > realistically be made to work in time for the freeze; that would be > sad, but it would not be a regression vs. Stretch. I assume we are on > the same page regarding this: by all means, let's not ship a known > broken LXC + AppArmor default configuration in Buster :) > > Apart of this fallback, I can propose two options:
Hi, Please review and comment: - https://salsa.debian.org/lxc-team/lxc/commit/1e8ca3640eec0b82297314d10435b68918907fc8 (patch inclusion) - https://salsa.debian.org/lxc-team/lxc/commit/84df6216317542961bbad08a08e159f38e623de7 (minimalist default.conf) Could you also provide me with a paragraph I could put in README.Debian and NEWS regarding what end users should know about these profiles. You dived in it more than me and I don't rely on apparmor, so it'd be better if you write it. Otherwise I can try to write a relevant thing. Cheers! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them.
signature.asc
Description: PGP signature
