when i realized that theres missing apparmor profile, i went straight to github to checkout what loads those and also google search indicated a similar issue[1] which mentioned this. from github i got the systemd apparmor load script [2] which i then manually executed, to get my lxc setup going. I am pasting `dpkg -L ` output below for exact contents of the package: ---- /. /usr /usr/share /usr/share/apport /usr/share/apport/package-hooks /usr/share/apport/package-hooks/source_lxc.py /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/lxc /usr/share/lxc /usr/share/lxc/hooks /usr/share/lxc/hooks/clonehostname /usr/share/lxc/hooks/ubuntu-cloud-prep /usr/share/lxc/hooks/mountecryptfsroot /usr/share/lxc/hooks/squid-deb-proxy-client /usr/share/lxc/config /usr/share/lxc/config/fedora.userns.conf /usr/share/lxc/config/ubuntu-cloud.lucid.conf /usr/share/lxc/config/ubuntu.common.conf /usr/share/lxc/config/debian.common.conf /usr/share/lxc/config/ubuntu.userns.conf /usr/share/lxc/config/centos.userns.conf /usr/share/lxc/config/fedora.common.conf /usr/share/lxc/config/debian.userns.conf /usr/share/lxc/config/common.seccomp /usr/share/lxc/config/ubuntu.lucid.conf /usr/share/lxc/config/gentoo.moresecure.conf /usr/share/lxc/config/gentoo.userns.conf /usr/share/lxc/config/centos.common.conf /usr/share/lxc/config/plamo.common.conf /usr/share/lxc/config/oracle.userns.conf /usr/share/lxc/config/plamo.userns.conf /usr/share/lxc/config/ubuntu-cloud.userns.conf /usr/share/lxc/config/oracle.common.conf /usr/share/lxc/config/ubuntu-cloud.common.conf /usr/share/lxc/config/gentoo.common.conf /usr/share/lxc/lxc.functions /usr/share/lxc/selinux /usr/share/lxc/selinux/lxc.te /usr/share/lxc/selinux/lxc.if /usr/share/doc /usr/share/doc/lxc /usr/share/doc/lxc/README.Debian /usr/share/doc/lxc/examples /usr/share/doc/lxc/examples/lxc-macvlan.conf /usr/share/doc/lxc/examples/lxc-empty-netns.conf /usr/share/doc/lxc/examples/seccomp-v2.conf /usr/share/doc/lxc/examples/lxc-vlan.conf /usr/share/doc/lxc/examples/lxc-complex.conf /usr/share/doc/lxc/examples/seccomp-v1.conf /usr/share/doc/lxc/examples/seccomp-v2-blacklist.conf /usr/share/doc/lxc/examples/lxc-phys.conf /usr/share/doc/lxc/examples/lxc-no-netns.conf /usr/share/doc/lxc/examples/lxc-veth.conf /usr/share/doc/lxc/copyright /usr/share/doc/lxc/changelog.Debian.gz /usr/share/man /usr/share/man/man5 /usr/share/man/man5/lxc.container.conf.5.gz /usr/share/man/man5/lxc-usernet.5.gz /usr/share/man/man5/lxc.system.conf.5.gz /usr/share/man/man5/lxc.conf.5.gz /usr/share/man/man1 /usr/share/man/man1/lxc-unfreeze.1.gz /usr/share/man/man1/lxc-user-nic.1.gz /usr/share/man/man1/lxc-usernsexec.1.gz /usr/share/man/man1/lxc-monitor.1.gz /usr/share/man/man1/lxc-clone.1.gz /usr/share/man/man1/lxc-autostart.1.gz /usr/share/man/man1/lxc-top.1.gz /usr/share/man/man1/lxc-config.1.gz /usr/share/man/man1/lxc-ls.1.gz /usr/share/man/man1/lxc-execute.1.gz /usr/share/man/man1/lxc-wait.1.gz /usr/share/man/man1/lxc-snapshot.1.gz /usr/share/man/man1/lxc-destroy.1.gz /usr/share/man/man1/lxc-device.1.gz /usr/share/man/man1/lxc-console.1.gz /usr/share/man/man1/lxc-start-ephemeral.1.gz /usr/share/man/man1/lxc-attach.1.gz /usr/share/man/man1/lxc-start.1.gz /usr/share/man/man1/lxc-unshare.1.gz /usr/share/man/man1/lxc-cgroup.1.gz /usr/share/man/man1/lxc-freeze.1.gz /usr/share/man/man1/lxc-info.1.gz /usr/share/man/man1/lxc-stop.1.gz /usr/share/man/man1/lxc-checkconfig.1.gz /usr/share/man/man1/lxc-create.1.gz /usr/share/man/ja /usr/share/man/ja/man5 /usr/share/man/ja/man5/lxc.container.conf.5.gz /usr/share/man/ja/man5/lxc-usernet.5.gz /usr/share/man/ja/man5/lxc.system.conf.5.gz /usr/share/man/ja/man5/lxc.conf.5.gz /usr/share/man/ja/man1 /usr/share/man/ja/man1/lxc-unfreeze.1.gz /usr/share/man/ja/man1/lxc-user-nic.1.gz /usr/share/man/ja/man1/lxc-usernsexec.1.gz /usr/share/man/ja/man1/lxc-monitor.1.gz /usr/share/man/ja/man1/lxc-clone.1.gz /usr/share/man/ja/man1/lxc-autostart.1.gz /usr/share/man/ja/man1/lxc-top.1.gz /usr/share/man/ja/man1/lxc-config.1.gz /usr/share/man/ja/man1/lxc-ls.1.gz /usr/share/man/ja/man1/lxc-execute.1.gz /usr/share/man/ja/man1/lxc-wait.1.gz /usr/share/man/ja/man1/lxc-snapshot.1.gz /usr/share/man/ja/man1/lxc-destroy.1.gz /usr/share/man/ja/man1/lxc-device.1.gz /usr/share/man/ja/man1/lxc-console.1.gz /usr/share/man/ja/man1/lxc-start-ephemeral.1.gz /usr/share/man/ja/man1/lxc-attach.1.gz /usr/share/man/ja/man1/lxc-start.1.gz /usr/share/man/ja/man1/lxc-unshare.1.gz /usr/share/man/ja/man1/lxc-cgroup.1.gz /usr/share/man/ja/man1/lxc-freeze.1.gz /usr/share/man/ja/man1/lxc-info.1.gz /usr/share/man/ja/man1/lxc-stop.1.gz /usr/share/man/ja/man1/lxc-checkconfig.1.gz /usr/share/man/ja/man1/lxc-create.1.gz /usr/share/man/ja/man7 /usr/share/man/ja/man7/lxc.7.gz /usr/share/man/man7 /usr/share/man/man7/lxc.7.gz /usr/bin /usr/bin/lxc-cgroup /usr/bin/lxc-clone /usr/bin/lxc-stop /usr/bin/lxc-usernsexec /usr/bin/lxc-start-ephemeral /usr/bin/lxc-snapshot /usr/bin/lxc-attach /usr/bin/lxc-destroy /usr/bin/lxc-unshare /usr/bin/lxc-create /usr/bin/lxc-execute /usr/bin/lxc-info /usr/bin/lxc-ls /usr/bin/lxc-config /usr/bin/lxc-wait /usr/bin/lxc-unfreeze /usr/bin/lxc-autostart /usr/bin/lxc-checkconfig /usr/bin/lxc-device /usr/bin/lxc-monitor /usr/bin/lxc-start /usr/bin/lxc-freeze /usr/bin/lxc-console /usr/lib /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu/lxc /usr/lib/x86_64-linux-gnu/lxc/lxc-monitord /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic /usr/sbin /usr/sbin/init.lxc /etc /etc/lxc /etc/lxc/default.conf /etc/bash_completion.d /etc/bash_completion.d/lxc /etc/dnsmasq.d-available /etc/dnsmasq.d-available/lxc /etc/apparmor.d /etc/apparmor.d/abstractions /etc/apparmor.d/abstractions/lxc /etc/apparmor.d/abstractions/lxc/container-base /etc/apparmor.d/abstractions/lxc/start-container /etc/apparmor.d/lxc-containers /etc/apparmor.d/lxc /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-mounting /etc/apparmor.d/lxc/lxc-default /etc/apparmor.d/usr.bin.lxc-start /etc/default /etc/default/lxc /etc/init /etc/init/lxc.conf /etc/init/lxc-instance.conf /etc/init/lxc-net.conf /var /var/lib /var/lib/lxc /var/log /var/log/lxc /var/cache /var/cache/lxc ----
[1]https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1432683 [2] https://github.com/lxc/lxc/blob/2d8632d5b75ce1e4b24f5714b9ec817a845881cf/config/init/systemd/lxc-apparmor-load On Tue, Sep 15, 2015 at 3:24 PM, Serge Hallyn <[email protected]> wrote: > Ok I've got a vm running 1.0.7+stable~20150828-2252-0ubuntu1~trusty > > It doesn't have /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load. But > /etc/init/lxc.conf calls /lib/apparmor/profile-load. Which... also > doesn't exist. > > Oddly, profiles are still being loaded. I guess the > /etc/apparmor.d/lxc-containers > file ensures that anything under /etc/apparmor.d/lxc/ gets loaded at > boot. But 'stop lxc; start lxc' doesn't cause those to get loaded. > > So Stéphane there does appear to be a bug in the packaging for that ppa > version. It should be shipping lxc-apparmor-load. I dunno where the > packaging > for stable ppas gets stored... > > Ranjib, you mention the newer script > /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load, > did you mention that one becuase newer upstream ships it, or does it > actually appear to be getting called somewhere in the ppa version? > > -serge > > Quoting Ranjib Dey ([email protected]): > > lxc-git-stable-1.0 ppa, i had installed it after lxc stopped working due > to > > sysfs mounting failure, after you sent out the email to test before 1.07 > > in this list > > > > On Tue, Sep 15, 2015 at 10:44 AM, Serge Hallyn <[email protected]> > > wrote: > > > > > Quoting Ranjib Dey ([email protected]): > > > > im seeing some failures of lxc-start due to missing apparmor > profiles. > > > lxc > > > > package does not ship > /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load, > > > > which in turn responsible for the missing apparmor profiles > (validated > > > by > > > > the lxc-start log and aa-status) > > > > > > > > lxc-version: 1.0.7+stable~20150828-2252-0ubuntu > > > > > > Sorry - where did this package version come from? > > > > > > The helper was introduced by commit > > > 2b24e2ff84c03a1e049449127958df8dc16a74fd so > > > you can grab it yourself from git if you need. > > > > > > > distro: ubuntu - trusty > > > > kernel: 3.19.0-28 > > > > > > > > i had to upgrade the kernel to vivid lts for sysfs related bug > > > > > > > > regards > > > > ranjib > > > > > > > _______________________________________________ > > > > lxc-users mailing list > > > > [email protected] > > > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > > _______________________________________________ > > > lxc-users mailing list > > > [email protected] > > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
