> On November 16, 2015 at 12:33 PM Dietmar Maurer <[email protected]> wrote: > > On November 16, 2015 at 11:48 AM Wolfgang Bumiller <[email protected]> > > wrote: > > > On November 11, 2015 at 6:04 PM Serge Hallyn <[email protected]> > > > wrote: > > > Oh, right. I forget that even when starting as root, this only works > > > for the rootfs itself, not other mounts. (Lxd actually does handle this, > > > but at the cost of having a MS_SLAVE mount per container) > > > > So we ended up doing just that, but now with the latest lxcfs > > upgrades (I suspect cgmanager/cgfs changes) AppArmor suddenly > > denies lxc-start to bind mount something. Here's what happens > > with raw lxc-start commands > > Seems to be related to lxc update. lxc 1.1.4 works with latest lxcfs. > so the problem is introduced between lxc 1.1.4 and lxc 1.1.5
Ah actually it seems it's the change from --enable-cgmanager to --disable-cgmanager we made between those versions. (read: --enable-cgmanager works with 1.1.4 and 1.1.5, --disable with neither). Still don't know how that connects to AppArmor, though. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
