| === himcesjf_ is now known as him-cesjf | ||
| === zyga_ is now known as zyga | ||
| hallyn | jsalisbury: https://wiki.ubuntu.com/Kernel/ points to https://wiki.ubuntu.com/Kernel/Release , which does not exist | 19:38 |
|---|---|---|
| hallyn | hm, lxd network under hwe kernel on xenial seems busted? | 19:54 |
| hallyn | maybe i messed up something else, still comparing... | 19:54 |
| hallyn | jjohansen: running linux-generic-hwe-16.04 on a xenial host. it doesn't have the apparmor stacking fix? | 20:27 |
| hallyn | is there a scheduled release of thatkernel with that fix? | 20:28 |
| hallyn | do i have to wait until august? | 20:32 |
| hallyn | oh should i use -edge? | 20:34 |
| * hallyn tries | 20:36 | |
| hallyn | prolly living on the edge at this point | 20:37 |
| hallyn | no even that doesn't fix it. | 20:54 |
| hallyn | jjohansen: stgraber: do you know of a list that woudl show which kernels for xenial would have the apparmor ns fix ? | 20:55 |
| hallyn | looking for that plus namespaced filecaps (else i'd just stick with 4.4) | 20:55 |
| hallyn | i'm surprised hwe-16.04-edge doesn't work | 20:55 |
| stgraber | oh right, you're hitting the broken ns support because of empty label thing again | 20:55 |
| hallyn | right. is that fix only going into artful and bionic? | 20:56 |
| stgraber | it should go everywhere once it finally lands... | 20:58 |
| stgraber | want the ugly workaround until then? | 20:58 |
| stgraber | echo lxd-$(hostname) > /root/ns | 20:59 |
| stgraber | mount --bind /root/ns /sys/kernel/security/apparmor/.ns_name | 20:59 |
| stgraber | systemctl restart apparmor | 20:59 |
| stgraber | hallyn: ^ I said it's ugly :) | 20:59 |
| TJ- | wow! thanks stgraber I have been wondering about that one as well | 21:03 |
| hallyn | stgraber: I'm wondering when "whenit finally lands" will be :) | 21:07 |
| hallyn | hm, what would be the easiest way to automated that. | 21:08 |
| hallyn | i guess a systemd service in the images :( | 21:08 |
| hallyn | thanks stgraber i guess i'll go that route :) | 21:09 |
| jjohansen | hallyn: hrmmm, I'll have to dig, I did send the fix to the kt | 22:30 |
| hallyn | jjohansen: thx, here's hoping it goes in soon :) | 22:38 |
| hallyn | for now i've just updated the lxd images to add a startup job with stgraber's fix | 22:38 |
| jjohansen | hallyn: it seems to have been dropped, probably in one of the many rebases during the whole spectre/meltdown mess | 22:46 |
| jjohansen | I will resend | 22:46 |
| hallyn | cool, thanks | 22:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!