Comment 10 for bug 131976
Revision history for this message
| John Johansen (jjohansen) wrote Re: fails to start: cannot apply additional memory protection after relocation | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
For both of these cases, if you look in /var/log/messages you can see that AppArmor is rejecting access to /rofs/lib/
A simple fix is to update the profiles to use
{/rofs,
AppArmor can block access to stacked filesystem paths depending on how the stacked fs is implemented.
The quickest solution at the moment is to modify the profiles, so that permissions are given for the given prefix.
I would probably setup a variable in global
@{LIB}=
and modify profiles to use the variable.
@{LIB}/
The other possible solution I can suggest is further modification of the unionfs patch for unionfs 2.x under AppArmor 2.1 code base. It is possible to further patch unionfs so that it passes the lower filesystem requests so that AppArmor doesn't mediate them. This would get rid of the need to update profiles as suggested above.