@Jamie may be right in his guesses but there is not enough information here to be sure. The stacking work exists in the Xenial, Yakkety, and Zesty kernels. But the patch Jamie is referring to only exists in the Zesty kernel (it did exist in Xenial and Yakkety until reverted).
Please attach the output of uname -a and apparmor_parser -V for both the host system and the container -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1655982 Title: cups-browsed fails to start in containers after apparmor stacking backport to xenial Status in apparmor package in Ubuntu: New Bug description: The SRU of apparmor stacking for the Ubuntu 16.04 LTS kernel causes a regression in cups-browsed (shipped by cups) which now fails to start and gets respawned in a loop by systemd until it completely gives up. To reproduce: - lxc launch ubuntu:16.04 xen - lxc exec xen -- apt update - lxc exec xen -- apt dist-upgrade -y - lxc exec xen -- apt install cups -y You'll get: root@xen:~# systemctl status cups-browsed ● cups-browsed.service - Make remote CUPS printers available locally Loaded: loaded (/lib/systemd/system/cups-browsed.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Thu 2017-01-12 14:09:38 UTC; 8min ago Main PID: 7725 (code=killed, signal=SEGV) Jan 12 14:09:38 xen systemd[1]: Started Make remote CUPS printers available locally. Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Main process exited, code=killed, status=11/SEGV Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Unit entered failed state. Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Failed with result 'signal'. And in dmesg (in a loop): [95217.312576] audit: type=1400 audit(1484230171.171:1004): apparmor="STATUS" operation="profile_load" label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=16941 comm="apparmor_parser" [95217.313011] audit: type=1400 audit(1484230171.171:1005): apparmor="STATUS" operation="profile_load" label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined" name="/usr/sbin/cupsd" pid=16941 comm="apparmor_parser" [95217.313202] audit: type=1400 audit(1484230171.171:1006): apparmor="STATUS" operation="profile_load" label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined" name="/usr/sbin/cupsd//third_party" pid=16941 comm="apparmor_parser" [95218.126005] audit: type=1400 audit(1484230171.983:1007): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000 [95218.126018] audit: type=1400 audit(1484230171.983:1008): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000 [95222.686493] audit: type=1400 audit(1484230176.542:1009): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000 [95222.686624] audit: type=1400 audit(1484230176.542:1010): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000 [95224.324494] audit: type=1400 audit(1484230178.182:1011): apparmor="STATUS" operation="profile_load" label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined" name="/usr/sbin/cups-browsed" pid=17681 comm="apparmor_parser" [95224.610016] audit: type=1400 audit(1484230178.466:1012): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765 comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000 [95224.610029] audit: type=1400 audit(1484230178.466:1013): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765 comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000 [95224.610046] audit: type=1400 audit(1484230178.466:1014): apparmor="DENIED" operation="file_mmap" namespace="root//lxd-xen_<var-lib-lxd>" profile="/usr/sbin/cups-browsed" name="/usr/sbin/cups-browsed" pid=17765 comm="cups-browsed" requested_mask="rm" denied_mask="rm" fsuid=100000 ouid=100000 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1655982/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
