Hello, Am Freitag, 24. November 2017 schrieb Knurpht - Gertjan Lettink:
The above combo gives an internal server error when using collabora online in my nextcloud setup on a TW server . When I reboot into kernel 4.13 everything works as expected. I've tried reconfiguring the whole setup to make it work with 4.14 ( incl reïnstalling docker after removing all configs and data in / var ) only to find out that I didn't make any mistakes ( i.e. with 4.13 everything works fine ). Any hints, clues ?
Without seeing any error messages, I can only guess. At least the fact that booting with 4.13 solves the problem gives a hint, therefore my guess is... Maybe it's related to AppArmor - in 4.14, support for mount, signal and pivot_root rules was upstreamed, so you might need to adjust your AppArmor profiles. Check /var/log/audit/audit.log for DENIED messages. You can update your profiles manually or using aa-logprof [1]. I tested quite a few things with 4.14rc kernels to find out which profiles need an update (it mostly affected libvirt), but I have to admit I don't use docker and therefore didn't test if its AppArmor profile [2] needs some additions. There's also a kernel bug that was fixed today, but isn't in any snapshot yet: https://bugzilla.opensuse.org/show_bug.cgi?id=1069562 If you are affected by this, keep 4.13.x until the fixed kernel reaches Tumbleweed. Regards, Christian Boltz [1] aa-logprof doesn't support adding mount and pivot_root rules because their usage is too rare and because I'm lazy ;-) Docker _might_ be one of the few programs that need such rules. If in doubt, open a bugreport and attach your audit.log, and I'll check which rules you need. [2] Last time I checked the Docker AppArmor profile, I copied some lines from it to my "AppArmor Crash Course" slides where they now serve as a bad example. And that was _after_ I helped to fix some issues with it... -- Wäre es nicht eine Verbesserung, wenn bei der nächsten Win Version anstatt der beängstigenden Meldung "schwerer Ausnahmefehler" ein beruhigendes "ärgerliches Standardproblem" den bevorstehenden Absturz ankündigte? [Hans Goebl in de.etc.bahn.eisenbahn] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org