Package: lxc Version: 1:4.0.10-1 Severity: important Dear Maintainer,
running lxc containers with debian template privileged leads to failure of systemd.logind in each container. In the host, the following is repeatedly showing up in the syslog (line breaks and indentation inserted): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-with-nesting" name="/run/systemd/unit-root/" pid=228162 comm="(d-logind)" srcname="/" flags="rw, rbind" Obviously, the pid is varying. Inside the containers, systemd-logind shows as failing: Sep 30 07:37:05 xxxxxx systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 5. Sep 30 07:37:05 xxxxxx systemd[1]: Stopped User Login Management. Sep 30 07:37:05 xxxxxx systemd[1]: systemd-logind.service: Start request repeated too quickly. Sep 30 07:37:05 xxxxxx systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Sep 30 07:37:05 xxxxxx systemd[1]: Failed to start User Login Management. I understand that systemd-logind introduced such mounts to protect parts of the (container) system from potential vulnerabilites or malfunctions of services. I'd expect apparmor to grant these mounts. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lxc depends on: ii bridge-utils 1.7-1 ii debconf [debconf-2.0] 1.5.77 ii dnsmasq-base [dnsmasq-base] 2.85-1 ii iproute2 5.14.0-1 ii iptables 1.8.7-1 ii libc6 2.32-4 ii libcap2 1:2.44-1 ii libgcc-s1 11.2.0-7 ii liblxc1 1:4.0.10-1 ii libseccomp2 2.5.1-1 ii libselinux1 3.1-3 ii lsb-base 11.1.0 Versions of packages lxc recommends: ii apparmor 3.0.3-2 ii debootstrap 1.0.123 ii dirmngr 2.2.27-2 ii gnupg 2.2.27-2 ii libpam-cgfs 1:4.0.10-1 ii lxc-templates 3.0.4-5 ii lxcfs 4.0.7-1 ii openssl 1.1.1l-1 ii rsync 3.2.3-8 ii uidmap 1:4.8.1-1 ii wget 1.21-1+b1 Versions of packages lxc suggests: pn btrfs-progs <none> ii lvm2 2.03.11-2.1 ii python3-lxc 1:3.0.4-1+b4 -- Configuration Files: /etc/default/lxc-net changed: USE_LXC_BRIDGE="false" /etc/lxc/lxc.conf changed: lxcpath=/var/lib/lxc -- debconf information: lxc/auto_update_config: lxc/shutdown: stop lxc/directory: /var/lib/lxc lxc/title: lxc/auto: true