AppArmor has difficulties mediating filesystem access when overlayfs is involved. That's a known issue but isn't one that is easily solved due to the internal design of overlayfs and its use of private vfsmounts. It also isn't something that we're planning to fix for the 17.10 cycle.
I thought that we recently investigated a similar issue to this and determined that MAAS wouldn't enable AppArmor when it is initially provisioning a machine. I can't remember the exact details and I'm not confident that was the final solution but maybe that rings some bells for the others that were involved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1701297 Title: NTP reload failure (causing deployment failures with MAAS) Status in cloud-init: Incomplete Status in apparmor package in Ubuntu: Confirmed Status in cloud-init package in Ubuntu: Incomplete Status in linux package in Ubuntu: Confirmed Bug description: After update [1] of cloud-init in Ubuntu (which landed in xenial- updates on 2017-06-27), it is causing NTP reload failures. https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-153-g16a7302f- 0ubuntu1~16.04.1 In MAAS scenarios, this is causing the machine to fail to deploy. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1701297/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
