[tor-dev] apparmor in lxc containers [#17754]
jess at docker.com
Tue Dec 15 15:34:03 UTC 2015
You can use a docker container with a custom apparmor profile.
On Dec 15, 2015, 02:40 -0800, intrigeri<intrigeri at boum.org>, wrote:
> Peter Palfrader wrote (15 Dec 2015 08:24:25 GMT) :
> > https://bugs.torproject.org/17754 reports that tor no longer works in
> > LXC containers.
> > I have set up an ubuntu wily VM, and a wily LXC container in it, and I
> > can confirm that with the AppArmorProfile= line in the service file, tor
> > will not launch.
> Given the logs I see on the ticket, it looks like systemd was not
> allowed by the container to apply our AppArmor policy.
> Linux namespaces support more and more stuff these days, but they
> didn't go as far as supporting stacking AppArmor policies yet:
> ... not even mentioning limitations that AppArmor has with stacked
> filesystems such as aufs and overlayfs, which are commonly used
> for containers.
> > Do you have any ideas how to properly fix this? Or what the best
> > workaround would be to document?
> Sadly, I don't know what we can do better at the moment than disabling
> AppArmor when running in such environments, like:
> tor-dev mailing list
> tor-dev at lists.torproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev