On 02/27/2016 09:37 PM, Evgeni Golov wrote:
Hi Ivan,
On Sun, Feb 07, 2016 at 03:06:54AM +0100, Ivan Sergio Borgonovo wrote:
got this after upgrade 1:1.0.8-1 -> 1:1.1.5-1
lxc-start 1454809870.985 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start
this container, set
lxc-start 1454809870.985 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1
lxc-start 1454809870.985 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:171 - in your container
configuration file
Stricly speaking this is not an regression but an improvement.
1.0.x did silently ignore apparmor if you did not have "complete" apparmor
support in the kernel (read: no mount restrictions which are only available in Ubuntu).
See [1] for details about the behaviour.
With 1.1.x LXC actually errors out when it detecs you want apparmor but don't have the
right kernel for it. You can set "lxc.aa_allow_incomplete = 1" to allow it to
use whatever apparmor support is available, skipping the cool mount stuff.
That said I would love to close this as not-a-bug, if you do not disagree.
There was no news in apt-listchanges.
I did find how to fix the problem googling the error and I had to
understand what I was really doing adding that option but I wouldn't
have incurred in the problem if:
- the package itself would have made the change to the configurations
(not sure if it is a good idea)
or
- there was a notice in apt-listchange.
I'm ok if you close the bug but I'm thinking about the other poor souls
that may upgrade lxc and find their containers not running without any
notice.
I hope once this bug will be indexed by google, understanding what is
the problem will be enough to help other people to fix it quicker.
Nothing terrible, I'm aware I'm using sid and probably once there will
be a new kernel this won't be an issue.
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
