On 12/16/18 9:23 PM, intrigeri wrote:
Hi,
intrigeri:
Ivan Sergio Borgonovo:
As you said probably apparmor seems not to be the culprit.
Nov 04 20:21:13 kerberos audit[1280]: AVC apparmor="DENIED" operation="mount" info="failed type match" error=-13
profile="lxc-container-default-cgns" name="/sys/fs/cgroup/unified/" pid=1280 comm="systemd" fstype="cgroup2"
srcname="cgroup2" flags="rw, nosuid, nodev, noexec"
This one looks like a bug in the LXC AppArmor profiles, please report
it against the lxc package.
[...]
… and many more processes confined under the
lxc-container-default-cgns profile.
Are you actually running dovecot, tor, postgres, sshd, smdb, Postfix,
dhclient etc. in LXC containers? Or is the lxc-container-default-cgns
profile somehow erroneously applied to these processes?
Gentle ping on this?
Sorry.
Yes, I'm actually running tor, postgres, samba, postfix, dovecot,
spamassassin/spamd...
The problem is still there eg.
Dec 16 15:01:57 caronte systemd[1]: Starting The PHP 7.0 FastCGI Process
Manager
Dec 16 15:04:36 caronte systemd[1]: Started The PHP 7.0 FastCGI Process
Manager.
--
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net
