[Touch-packages] [Bug 1607096] Re: lxc-container-default-with-mounting profile systemd permission denied

Stéphane Graber Wed, 25 Mar 2020 20:16:16 -0700

report matches a setup for 16.04 with upstart instead of systemd and no
cgroup-lite or similar pre-mounting the right cgroup, error is correct,
host setup is likely the issue.


** Changed in: lxc (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1607096

Title:
  lxc-container-default-with-mounting profile systemd permission denied

Status in lxc package in Ubuntu:
  Invalid

Bug description:
  On a fresh install of Xenial just install lxc. Run typical lxc init
  setup. lxc-create any Ubuntu version (Trusty/Wily/Xenial tested)
  container and configure it to use the lxc-container-default-with-
  mounting. No further configuration needed. Start the container. You
  will find in dmesg errors concerning problems mounting things in
  /sys/...

  [10870.395952] audit: type=1400 audit(1469484639.890:94):
  apparmor="DENIED" operation="mount" info="failed type match" error=-13
  profile="lxc-container-default-with-mounting"
  name="/sys/fs/cgroup/systemd/" pid=14796 comm="systemd"
  fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"

  The container will appear start and you can attach, but its broken.
  Things like networking won't work. You cannot lxc-stop the container
  without -k.

  Starting the container in foreground mode leads to the following
  error.

  Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission Denied
  [!!!!!] Failed to mount API fileysystems, freezing.
  Freezing execution.

  I found defect
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020 concerning
  Trusty. The issue seems similar but not specially calling out the aa
  profile. Also, I cannot actually recreate this problem in Trusty.

  (UPDATE: Forgot to mention I have 2 additional conf lines as follows)
  lxc.cgroup.devices.allow = b 7:* rwm
  lxc.cgroup.devices.allow = c 10:237 rwm

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1607096/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1607096] Re: lxc-container-default-with-mounting profile systemd permission denied

Reply via email to