Hi Paul,
thanks for your immediate response.
Your assumption is right, booting into kernel 4.19.0-16 causes
lxc-attach to behave as expected, no more apparmor related errors.
Cheers Bernd
Am 21.06.21 um 19:06 schrieb Paul Gevers:
Hi Bernd,
Thanks for your report.
On 21-06-2021 18:04, Bernd Breuer wrote:
after the recent upgrade to Buster 10.10 (including a kernel upgrade) the
command 'lxc-attach' (out of the Linux Container (lxc) set of commands), typed
in like
"sudo lxc-attach <container-name>"
stopped working with the error message
"lxc-attach: <container-name>: lsm/lsm.c: lsm_process_label_set_at: 174 Operation not
permitted - Failed to set AppArmor label "unconfined"
The conainer itself is starting, but apparmor related config lines like
"lxc.apparmor.profile = unconfined"
produce the above mentioned error, also on another machine after the
same packages upgrade.
I expect lxc-attach to provide me a root shell in the running lxc-container
like it was the case before the recent upgrade.
As we didn't upgrade lxc during the point release, this *may* be caused
by the updated Linux kernel. What happens if you reboot using the
previous kernel?
Paul
