Hi, Quoting Pierre-Elliott Bécue (2020-01-01 16:25:24) > I'm sorry but lxc unprivileged containers can't run with any apparmor > profile. You have to set this parameter to unconfined for your unprivileged > containers. Setting a default profile for unconfined containers is a hard > thing as only etc/default/lxc.conf is an option, but it'd also apply to > privileged containers.
but I don't understand why this is a wontfix? If lxc unprivileged containers cannot run with any apparmor profile, then why do files like /usr/share/lxc/config/userns.conf not include a line like: lxc.aa_profile=unconfined Thanks! cheers, josch
signature.asc
Description: signature
