Unload AppArmor profile for container management process

If we run the management process with the AppArmor profile loaded from snap-confine various ashmem/binder operations are failing with permission denied errors. To workaround this until this problem is fixed we simply unload the AppArmor profile and continue to execute completely without any profile loaded.

Unload AppArmor profile for container management process
If we run the management process with the AppArmor profile loaded from snap-confine various ashmem/binder operations are failing with permission denied errors. To workaround this until this problem is fixed we simply unload the AppArmor profile and continue to execute completely without any profile loaded.
a8704556 · Simon Fels · b31d79ca · a8704556 · a8704556
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

scripts/container-manager.sh scripts/container-manager.sh +1 -1

snapcraft.yaml snapcraft.yaml +4 -0

未找到文件。
--- a/scripts/container-manager.sh
+++ b/scripts/container-manager.sh
@@ -29,4 +29,4 @@ chmod 666 /dev/ashmem
 # this path.
 mkdir -p $SNAP_COMMON/lxc

-exec $SNAP/bin/anbox-wrapper.sh container-manager
+exec $SNAP/usr/sbin/aa-exec -p unconfined -- $SNAP/bin/anbox-wrapper.sh container-manager
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -36,6 +36,10 @@ parts:
      - bin/anbox-bridge.sh
      - bin/anbox-wrapper.sh
      - bin/container-manager.sh
+  apparmor:
+    plugin: nil
+    stage-packages:
+      - apparmor
  lxc:
    source: git://github.com/morphis/lxc
    source-branch: snappy-support