*** This bug is a duplicate of bug 1813622 ***
https://bugs.launchpad.net/bugs/1813622
** This bug has been marked a duplicate of bug 1813622
systemd-resolved, systemd-networkd and others fail to start in lxc container
with v240 systemd
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1811248
Title:
systemd--networkd mounts denied for lxc guest
Status in apparmor package in Ubuntu:
New
Bug description:
Host unbuntu cosmic | lxc 3.0.3 | aa 2.12 | systemd 239-7
Guest Arch Linux | systemd 240.0
After having upgraded in the guest systemd from 239.370 to 240.0 the
host's AA is exhibiting
> audit: type=1400 audit(1547125168.853:722): apparmor="DENIED"
operation="mount" info="failed flags match" error=-13 profile="lxc-
container-default-cgns" name="/" pid=8426 comm="(networkd)" flags="rw,
rslave"
and the guest
> systemd-networkd.service: Failed to set up mount namespacing: Permission
denied
> systemd-networkd.service: Failed at step NAMESPACE spawning
/usr/lib/systemd/systemd-networkd: Permission denied
According to lxc bug tracker https://github.com/lxc/lxc/issues/2778
> While we'd like to allow such mounts we cannot do so until the
apparmor_parser is fixed to handle them correctly.
other cross references
https://github.com/systemd/systemd/issues/11371
https://bugs.archlinux.org/task/61313
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1811248/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
