Bug#990140: upgrade-reports: lxc-attach does not start with apparmor problem after ugrade to 10.10
Hi Paul, I just did an apt upgrade, error is history now. Thank you, the QA team, the kernel team and all the people at Debian for their hard, efficient and professional work behind the curtains now, in the past and in the future - I respect and appreciate very much. Wich you all the best, cheers Bernd Am 21.06.21 um 19:06 schrieb Paul Gevers: Hi Bernd, Thanks for your report. On 21-06-2021 18:04, Bernd Breuer wrote: after the recent upgrade to Buster 10.10 (including a kernel upgrade) the command 'lxc-attach' (out of the Linux Container (lxc) set of commands), typed in like "sudo lxc-attach " stopped working with the error message "lxc-attach: : lsm/lsm.c: lsm_process_label_set_at: 174 Operation not permitted - Failed to set AppArmor label "unconfined" The conainer itself is starting, but apparmor related config lines like "lxc.apparmor.profile = unconfined" produce the above mentioned error, also on another machine after the same packages upgrade. I expect lxc-attach to provide me a root shell in the running lxc-container like it was the case before the recent upgrade. As we didn't upgrade lxc during the point release, this *may* be caused by the updated Linux kernel. What happens if you reboot using the previous kernel? Paul
Bug#990140: upgrade-reports: lxc-attach does not start with apparmor problem after ugrade to 10.10
Hi Paul, thanks for your immediate response. Your assumption is right, booting into kernel 4.19.0-16 causes lxc-attach to behave as expected, no more apparmor related errors. Cheers Bernd Am 21.06.21 um 19:06 schrieb Paul Gevers: Hi Bernd, Thanks for your report. On 21-06-2021 18:04, Bernd Breuer wrote: after the recent upgrade to Buster 10.10 (including a kernel upgrade) the command 'lxc-attach' (out of the Linux Container (lxc) set of commands), typed in like "sudo lxc-attach " stopped working with the error message "lxc-attach: : lsm/lsm.c: lsm_process_label_set_at: 174 Operation not permitted - Failed to set AppArmor label "unconfined" The conainer itself is starting, but apparmor related config lines like "lxc.apparmor.profile = unconfined" produce the above mentioned error, also on another machine after the same packages upgrade. I expect lxc-attach to provide me a root shell in the running lxc-container like it was the case before the recent upgrade. As we didn't upgrade lxc during the point release, this *may* be caused by the updated Linux kernel. What happens if you reboot using the previous kernel? Paul
Bug#990140: upgrade-reports: lxc-attach does not start with apparmor problem after ugrade to 10.10
Hi Bernd, Thanks for your report. On 21-06-2021 18:04, Bernd Breuer wrote: > after the recent upgrade to Buster 10.10 (including a kernel upgrade) the > command 'lxc-attach' (out of the Linux Container (lxc) set of commands), > typed in like > > "sudo lxc-attach " > > stopped working with the error message > > "lxc-attach: : lsm/lsm.c: lsm_process_label_set_at: 174 > Operation not permitted - Failed to set AppArmor label "unconfined" > > The conainer itself is starting, but apparmor related config lines like > > "lxc.apparmor.profile = unconfined" > > produce the above mentioned error, also on another machine after the > same packages upgrade. > > I expect lxc-attach to provide me a root shell in the running lxc-container > like it was the case before the recent upgrade. As we didn't upgrade lxc during the point release, this *may* be caused by the updated Linux kernel. What happens if you reboot using the previous kernel? Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#990140: upgrade-reports: lxc-attach does not start with apparmor problem after ugrade to 10.10
Package: upgrade-reports Severity: normal Dear Maintainer, after the recent upgrade to Buster 10.10 (including a kernel upgrade) the command 'lxc-attach' (out of the Linux Container (lxc) set of commands), typed in like "sudo lxc-attach " stopped working with the error message "lxc-attach: : lsm/lsm.c: lsm_process_label_set_at: 174 Operation not permitted - Failed to set AppArmor label "unconfined" The conainer itself is starting, but apparmor related config lines like "lxc.apparmor.profile = unconfined" produce the above mentioned error, also on another machine after the same packages upgrade. I expect lxc-attach to provide me a root shell in the running lxc-container like it was the case before the recent upgrade. -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-17-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
