Quoting Rui Zang ([email protected]): > Greetings, > > I am trying to run an openstack (with neutron networking) deployed > by devstack in one LXC. The deployments seems completed but after a > while something odd was discovered. > > First of all, there have been tens of thousands of tap devices > created and hooked into ovs bridges. And the number is increasing. > > stack@devstack:~$ sudo ovs-vsctl show | wc -l > 14215 > > While I was trying to debug this, I found a thousand below message > in kernel log: > > [162823.239519] audit: type=1400 audit(1464323116.356:41707): > apparmor="DENIED" operation="mount" info="failed type match" > error=-13 profile="lxc-container-default" name="/run/netns/" > pid=40414 comm="ip" flags="rw, rshared" > > What does it mean? Shall I grant some privilege to this LXC? >
Yes, depending on how lazy or trusting you are feeling, you can just use the lxc-container-default-with-nesting profile, or else add mount options=(rw,rshared,bind) /run/** either to a new profile /etc/apparmor.d/lxc/lxc-default-netns, or just to /etc/apparmor.d/abstractions/lxc/container-base. -serge _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
