Merge Enable AppArmor to run properly under WSL/systemd

The AppArmor systemd scripts correctly detect the Windows Subsystem for Linux as a container, since all Linux distros executing under WSL 2 are containerized; however, unlike the majority of containers (since there is no accessible host distribution above them trying to set AppArmor policies that might interfere), AppArmor itself functions without problems in the WSL environment. This patch adds WSL detection to the is_container_with_internal_policy function, allowing AppArmor to be started and operate normally in a WSL-plus-systemd environment. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/812 Acked-by: John Johansen <john@jjmx.net>
2025-08-22 10:07:12 +00:00 · 2022-02-04 10:25:14 +00:00 · 2022-02-04 10:25:14 +00:00 · 72c06c4d35
commit 72c06c4d35
parent 0b8ea047e8 a6360d9db2
1 changed files with 6 additions and 1 deletions
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@ -68,7 +68,7 @@ is_apparmor_present() {
 # something like `systemd-detect-virt --container`.
 #
 # The only known container environments capable of supporting internal policy
-# are LXD and LXC environment.
+# are LXD and LXC environments, and Windows Subsystem for Linux.
 #
 # Returns 0 if the container environment is capable of having its own internal
 # policy and non-zero otherwise.
@ -90,6 +90,11 @@ is_container_with_internal_policy() {
 	local ns_stacked
 	local ns_name

+	# WSL needs to be detected explicitly
+	if [ $(systemd-detect-virt --container) = "wsl" ]; then
+		return 0
+	fi
+
 	if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
 		return 1
 	fi