Quoting Fajar A. Nugraha (l...@fajar.net): > On Thu, Mar 8, 2012 at 1:16 AM, Stéphane Graber <stgra...@ubuntu.com> wrote: > > > I hope this helped explain what we're doing in 12.04. > > I'm planning on a generic "what's new in LXC for 12.04" blog post in > > the next few days, once we've turned apparmor back on and have > > somewhat secure containers again (hopefully later today). > > > > Again, please try an up to date Ubuntu 12.04 system and report any bug > > that you see, we're trying to closely look at LXC bugs and fix them as > > soon as possible. > > Hi Stephane, > > I just updated lxc on 12.04 to 0.7.5-3ubuntu40, which reenables > apparmor profile. My previously-working lxc containers now refused to > start. > > $ sudo lxc-start -n precise > lxc-start: Permission denied - failed to mount 'proc' on > '/usr/lib/lxc/root//proc' > lxc-start: failed to setup the mounts for 'precise' > lxc-start: failed to setup the container > lxc-start: invalid sequence number 1. expected 2 > lxc-start: failed to spawn 'precise' > lxc-start: Device or resource busy - failed to remove cgroup > '/sys/fs/cgroup/cpu//lxc/precise' > > Disabling the profile (symlink ../usr.bin.lxc-start on > /etc/apparmor.d/disable, and force-reloading apparmor) made it work > again. Any ideas?
It's possible you're not on the latest kernel. The mount restrictions stuff is new, and a few bugs needed to be shaken out. In fact there may still be one or two, but last night I was definately able (on an uptodate cloud instance) to create containers with apparmor enabled. -serge ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
