*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
On fresh install of LXC, apparmor service (a dependency) is not started.
In that case, it causes LXC guest startup to fail. apparmor postinstall
seems only to configure the service but does not start it:
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
if [ -x "/etc/init.d/apparmor" ]; then
update-rc.d apparmor start 37 S . >/dev/null || true
fi
fi
To me it is not clear, if this is just an apparmor/lxc combination issue
or may affect apparmor installs in general: in later case, machines
might be unprotected till the first reboot (which might be quite some
time on servers when there are no upstream security fixes requiring
reboot).
# lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
# apt-cache policy apparmor
apparmor:
Installed: 2.10.95-0ubuntu2
Candidate: 2.10.95-0ubuntu2
Version table:
*** 2.10.95-0ubuntu2 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: Expired
--
apparmor service not started on fresh install
https://bugs.launchpad.net/bugs/1594695
You received this bug notification because you are a member of Ubuntu Touch
seeded packages, which is subscribed to apparmor in Ubuntu.
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
