(PVE 4.4, upgraded to latest patches) I've build up a LXC container based on debian 9 (stretch), but after installing PHP i've started to have in logs in the container:
Jul 20 16:09:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted Jul 20 16:09:14 vglpi systemd[6345]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied Jul 20 16:09:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK Jul 20 16:09:14 vglpi systemd[1]: Failed to start Clean php session files. Jul 20 16:09:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state. Jul 20 16:09:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'. Jul 20 16:39:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted Jul 20 16:39:14 vglpi systemd[6364]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied Jul 20 16:39:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK Jul 20 16:39:14 vglpi systemd[1]: Failed to start Clean php session files. Jul 20 16:39:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state. Jul 20 16:39:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'. and on the host: Jul 20 16:09:14 tessier kernel: [22451057.039944] audit: type=1400 audit(1500559754.627:239): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=10038 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:09:14 tessier kernel: [22451057.039949] audit: type=1400 audit(1500559754.627:240): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=10038 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:09:14 tessier kernel: [22451057.039953] audit: type=1400 audit(1500559754.627:241): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=10038 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:09:14 tessier kernel: [22451057.039956] audit: type=1400 audit(1500559754.627:242): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=10038 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:39:14 tessier kernel: [22452857.015429] audit: type=1400 audit(1500561554.627:243): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=12677 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:39:14 tessier kernel: [22452857.015434] audit: type=1400 audit(1500561554.627:244): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=12677 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:39:14 tessier kernel: [22452857.015438] audit: type=1400 audit(1500561554.627:245): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=12677 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 20 16:39:14 tessier kernel: [22452857.015441] audit: type=1400 audit(1500561554.627:246): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=12677 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Why? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
