Fix apparmor inside container #5534
Conversation
This reverts commit fa1e390. Docker-DCO-1.1-Signed-off-by: Victor Vieux <[email protected]> (github: vieux)
|
|
|
YOU LIED TO ME??? |
|
There's gotta be a generic solution to this. Other people dind a lot too, even on Ubuntor. |
|
could we maybe check in IsEnabled to see if the place apparmor_parser tries to write is readable by us? |
|
s/readable/writable/ |
|
will not work |
|
Elaborate! |
|
apparmor should not run within a container, weird stuff happens |
|
Sure @vieux, blame me for trying to make the world a better place. :) |
|
yes, this is really @tianon 's fault from the start |
|
So if apparmor shouldn't be run in a container, why not set "container" universally? (yes, let's rehash that debate) I think this is a workaround at best, and kind of an ugly one. |
|
i thought the consensus was if you need to depend on container=whatever just use -e to add it |
|
So everyone doing dind now has to add "container=..." for some docker-specific switch? |
|
everyone |
|
btw I agree with you @tianon but I have no other idea |
Docker-DCO-1.1-Signed-off-by: Victor Vieux <[email protected]> (github: vieux)
|
LGTM |
|
I can live with this solution, at least for now. :) |
|
(especially since if it's in |
|
LGTM |
1 similar comment
|
LGTM |
Fix apparmor inside container
4 participants
#5532 doesn't work with #5529
ping @tianon