[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
I'm going to mark as Fix Released for now then. Please open a new bug if you see this again. ** Changed in: linux (Ubuntu) Status: Incomplete = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “linux” package in Ubuntu: Fix Released Status in “lxc” package in Ubuntu: Fix Released Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
Works for me, thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “linux” package in Ubuntu: Fix Released Status in “lxc” package in Ubuntu: Fix Released Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
** Changed in: lxc (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: Fix Released Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
Does the kernel in comment #4 address this issue? ** No longer affects: apparmor (Ubuntu) ** Changed in: linux (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “linux” package in Ubuntu: Incomplete Status in “lxc” package in Ubuntu: Fix Released Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
I couldn't reproduce it before, with the same kernel. It's a race of some kind and I was unlucky. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “linux” package in Ubuntu: Incomplete Status in “lxc” package in Ubuntu: Fix Released Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
** Changed in: linux (Ubuntu) Assignee: (unassigned) = John Johansen (jjohansen) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
It's not happening anymore. I tried the same dpkg build command just a bit later and it just worked... :( Do you think a race is involved and I was lucky? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
Re: [Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
@Andreas, yes that's definately what it sounds like. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
I have uploaded a kernel with the potential fix to http://people.canonical.com/~jj/lp1357103/ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
This looks like it might be caused by bug in path lookups and bind mount handling that I have a test patch for. I will build a test kernel for trusty (14.04). Please let me know if there are any other kernels you would like to test on. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1357103] Re: apparmor denied a golang build inside a container
I believe the bug has the necessary log snippets, marking as confirmed. ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1357103 Title: apparmor denied a golang build inside a container Status in “apparmor” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: New Bug description: First, the error, while building a package inside a precise container: (...) make[1]: Entering directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/gocheck github.com/lib/pq github.com/glacjay/goini GOPATH=/home/ubuntu/deb/landscape-server-13.09.3~bzr544/src/landscape/go /usr/bin/go install launchpad.net/landscape/cmd/packagesearch launchpad.net/landscape/cmd/license-audit launchpad.net/landscape/cmd/valid-license-audit # launchpad.net/landscape/cmd/license-audit /usr/lib/go/pkg/tool/linux_amd64/6g: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Permission denied make[1]: *** [install] Error 2 make[1]: Leaving directory `/home/ubuntu/deb/landscape-server-13.09.3~bzr544' make: *** [install] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 In dmesg: [226141.740150] type=1400 audit(1408053388.352:106): apparmor=DENIED operation=file_mmap profile=lxc-container-default name=landscape/cmd/valid-license-audit/ pid=389 comm=6g requested_mask=mr denied_mask=mr fsuid=1000 ouid=0 The host is trusty, running 3.13.0-32-lowlatency #57 My /var/lib/lxc is btrfs: /dev/mapper/ubuntu--vg-containers on /var/lib/lxc type btrfs (rw) Filesystem Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-containers 50G 15G 35G 30% /var/lib/lxc How I created the precise container: lxc-create -n andreas-test -t ubuntu -- -S /home/andreas/.ssh/id_rsa.pub -r precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1357103/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
