Package: lxc Version: 1:5.0.2-1 Severity: normal On a fresh bookworm install, after doing a `sudo apt install lxc` and following the instructions at https://linuxcontainers.org/lxc/getting-started/ for creating unprivileged containers as a user, containers fail to start with the following error:
lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: apparmor_prepare: 1080 Cannot use generated profile: apparmor_parser not available This is because `apparmor_prepare` is located in /sbin/, which isn't in a normal user's $PATH. If you add /sbin/ to $PATH, you then get a different apparmor error: lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: make_apparmor_namespace: 869 Permission denied - Error creating AppArmor namespace: /sys/kernel/security/apparmor/policy/namespaces/lxc-bookworm_<-home-gibmat-.local-share-lxc> lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: apparmor_prepare: 1086 Failed to load generated AppArmor profile We should try to fix this so unprivileged containers work out-of-box. Mathias
signature.asc
Description: This is a digitally signed message part
