Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: isc-dhcp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1326865
Title:
libvirt cannot kill dhcp in containers
Status in isc-dhcp package in Ubuntu:
Confirmed
Bug description:
If I create a ubuntu container and start it as a libvirt-lxc
container, it runs under the host dhcp profile. Then when I try virsh
-c lxc:/// destroy c1, libvirtd tries to kill dhcp in the container
but fails:
Jun 5 17:54:14 t1 kernel: [ 2563.620698] type=1400 audit(1401983654.375:28):
apparmor="DENIED" operation="signal" profile="/sbin/dhclient" pid=4304
comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/libvirtd"
Jun 5 17:54:14 t1 kernel: [ 2563.660491] type=1400 audit(1401983654.415:29):
apparmor="DENIED" operation="signal" profile="/sbin/dhclient" pid=4293
comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/libvirtd"
Jun 5 17:54:14 t1 kernel: [ 2563.660600] type=1400 audit(1401983654.415:30):
apparmor="DENIED" operation="signal" profile="/sbin/dhclient" pid=4293
comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/libvirtd"
I don't actually understand the mechanisms here (that a profile should
be able to refuse receiving signals), and it seems like the proper fix
is to have libvirt-lxc start containers confined in a container
policy, but Jamie seemed to have another solution, which would be
great.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1326865/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
