=== himcesjf_ is now known as him-cesjf
=== zyga_ is now known as zyga
[19:38] <hallyn> jsalisbury: https://wiki.ubuntu.com/Kernel/   points to https://wiki.ubuntu.com/Kernel/Release , which does not exist
[19:54] <hallyn> hm, lxd network under hwe kernel on xenial seems busted?
[19:54] <hallyn> maybe i messed up something else, still comparing...
[20:27] <hallyn> jjohansen: running linux-generic-hwe-16.04 on a xenial host.  it doesn't have the apparmor stacking fix?
[20:28] <hallyn> is there a scheduled release of thatkernel with that fix?
[20:32] <hallyn> do i have to wait until august?
[20:34] <hallyn> oh should i use -edge?
[20:36]  * hallyn tries
[20:37] <hallyn> prolly living on the edge at this point
[20:54] <hallyn> no even that doesn't fix it.
[20:55] <hallyn> jjohansen: stgraber: do you know of a list that woudl show which kernels for xenial would have the apparmor ns fix ? 
[20:55] <hallyn> looking for that plus namespaced filecaps (else i'd just stick with 4.4)
[20:55] <hallyn> i'm surprised hwe-16.04-edge doesn't work
[20:55] <stgraber> oh right, you're hitting the broken ns support because of empty label thing again
[20:56] <hallyn> right.  is that fix only going into artful and bionic?
[20:58] <stgraber> it should go everywhere once it finally lands...
[20:58] <stgraber> want the ugly workaround until then?
[20:59] <stgraber> echo lxd-$(hostname) > /root/ns
[20:59] <stgraber> mount --bind /root/ns /sys/kernel/security/apparmor/.ns_name
[20:59] <stgraber> systemctl restart apparmor
[20:59] <stgraber> hallyn: ^ I said it's ugly :)
[21:03] <TJ-> wow! thanks stgraber I have been wondering about that one as well
[21:07] <hallyn> stgraber: I'm wondering when "whenit finally lands" will be :)
[21:08] <hallyn> hm, what would be the easiest way to automated that.
[21:08] <hallyn> i guess a systemd service in the images :(
[21:09] <hallyn> thanks stgraber i guess i'll go that route :)
[22:30] <jjohansen> hallyn: hrmmm, I'll have to dig, I did send the fix to the kt
[22:38] <hallyn> jjohansen: thx, here's hoping it goes in soon :)
[22:38] <hallyn> for now i've just updated the lxd images to add a startup job with stgraber's fix
[22:46] <jjohansen> hallyn: it seems to have been dropped, probably in one of the many rebases during the whole spectre/meltdown mess
[22:46] <jjohansen> I will resend
[22:48] <hallyn> cool, thanks