Use unconfined apparmor profiles on Debian Buster.

This seems related to systemd >= 240 and this issue https://discuss.linuxcontainers.org/t/apparmor-denied-operation-mount/2424/13 Change-Id: Icc7c0f7fa08ad6e21b574b236e71c7e08558ec8c
2019-12-03 13:25:55 +00:00 · 2019-12-03 13:25:55 +00:00 · 6729ad4232
commit 6729ad4232
parent be43605882
1 changed files with 1 additions and 1 deletions
--- a/inventory/group_vars/all_containers.yml
+++ b/inventory/group_vars/all_containers.yml
@ -16,7 +16,7 @@
 # This is the default LXC AppArmor profile
 # Groups which need the unbound profile have a specific override
 lxc_container_config_list:
-  - "lxc.aa_profile=lxc-openstack"
+  - "{{ (hostvars[physical_host]['ansible_distribution'] == 'Debian' and hostvars[physical_host]['ansible_distribution_major_version'] == '10' ) | ternary('lxc.aa_profile=unconfined', 'lxc.aa_profile=lxc-openstack') }}"

 # Needed by playbooks/common-tasks/os-lxc-container-setup.yml
 lxc_container_log_path: "/var/log/lxc"