Hi,
Peter Palfrader wrote (15 Dec 2015 08:24:25 GMT) :
https://bugs.torproject.org/17754 reports that tor no longer works in LXC containers.
I have set up an ubuntu wily VM, and a wily LXC container in it, and I can confirm that with the AppArmorProfile= line in the service file, tor will not launch.
Given the logs I see on the ticket, it looks like systemd was not allowed by the container to apply our AppArmor policy. Linux namespaces support more and more stuff these days, but they didn't go as far as supporting stacking AppArmor policies yet:
https://bugs.launchpad.net/apparmor/+bug/1379535
... not even mentioning limitations that AppArmor has with stacked filesystems such as aufs and overlayfs, which are commonly used for containers.
Do you have any ideas how to properly fix this? Or what the best workaround would be to document?
Sadly, I don't know what we can do better at the moment than disabling AppArmor when running in such environments, like: https://trac.torproject.org/projects/tor/ticket/17754#comment:6
Cheers, -- intrigeri