So this is a bug in the kernel. On the host unconfined gets to delegate the file opened by shell (redirect) to the application (free in this case).
However in the container we have a situation where we have a confinement stack, host policy stacked with container policy. While the container policy specifies unconfined in the namespace, the way the kernel tracks policy dependency for host kernel unconfined delegation will not work for the container case resulting in the container behaving differently than the host. Unfortunately this is not trivial to fix and is going to take some time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121552 Title: "free > file" blocked by apparmor inside questing lxd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121552/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
