Disclaimer: I use lxc 1.0.7 on a custom built 3.12 kernel with preempt-rt patch.
I've come across some (well known) problems with dpkg-divert failing inside the container. $ sudo apt-get install dictionaries-common ... Adding 'diversion of /usr/share/dict/words to /usr/share/dict/words.pre-dictionaries-common by dictionaries-common' dpkg: unrecoverable fatal error, aborting: failed to fstat previous diversions file: No such file or directory E: Sub-process /usr/bin/dpkg returned an error code (2) dmesg on the lxc host contains the following error: [ 1961.389983] type=1400 audit(1434694597.570:129): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=4750 profile="/usr/bin/lxc-start" name="/var/lib/dpkg/diversions" pid=4771 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 So I tried to set "lxc.aa_profile = unconfined", but it does not have any effect. The aa_profile is never changed from /usr/bin/lxc-start on kernel 3.12 (aa-status shows a lot of process beeing in enfore with /usr/bin/lxc-start, no log entry from "lxc_apparmor" during lxc-start. 3.16 works as expected, the profile is changed during the start of the container and I also get corresponding log entries from lxc-start. Any ideas? My current workaround is to just disable apparmor for lxc-start. Christoph _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
