Mailinglist Archive: opensuse-factory (765 mails)

< Previous Next >
Re: [opensuse-factory] kernel 4.14 and docker
Hello,

Am Samstag, 25. November 2017 schrieb Knurpht - Gertjan Lettink:

There are indeed "DENIED lines" re. docker and containerd in the
audit.log. Can't miss the server today, but will check tomorrow and
file a bug against apparmor.

I'll happily reassign it to the docker maintainer - but nevertheless,
please first report it against AppArmor and assign it to me.

Will testing with apparmor disabled be useful ?

No ;-)

Please use aa-complain /etc/apparmor.d/usr.sbin.docker (assuming
that's the profile filename - adjust as needed, and repeat for
containerd) to switch the profile to complain mode. This will allow
everything and log things that wouldn't be allowed by the profile.

Then use Docker as usual and check the audit.log for entries.
Note that the log lines contain apparmor="ALLOWED" for profiles in
complain mode.


BTW: the kernels that are currently building in Kernel:HEAD include the
fix for boo#1069562


Regards,

Christian Boltz
--
There is a limit to the value of statistics.
After all, there are lies, damn lies, and statistics.
[Richard Brown in opensuse-project]

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >