Public bug reported:
LXD 2.0 has dropped lxcbr0 for lxdbr0 as its default bridge configuration.
Since then, having usr.sbin.dnsmasq profile in enforce mode will prevent LXD
containers to launch:
Apr 6 12:55:06 franck-ThinkPad-T430s kernel: [ 7029.101587] audit: type=1400
audit(1459940106.552:107): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/dnsmasq" name="/var/lib/lxd-bridge/dnsmasq.lxdbr0.leases"
pid=22292 comm="dnsmasq" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Apr 6 12:55:06 franck-ThinkPad-T430s lxd-bridge.start[22255]: dnsmasq: ne peut
ouvrir ou créer le fichiers de baux /var/lib/lxd-bridge//dnsmasq.lxdbr0.leases
: Permission non accordée
Of course, switching to complain mode works the problem around, but
maybe allowing write to /var/lib/lxd-bridge/ would be a good idea
(disclaimer: I'm not a security expert).
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10-3ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-17.33-generic 4.4.6
Uname: Linux 4.4.0-17-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 6 17:34:12 2016
InstallationDate: Installed on 2015-10-04 (185 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-17-generic.efi.signed
root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet
splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.bin.ping: [modified]
modified.conffile..etc.apparmor.d.sbin.klogd: [modified]
modified.conffile..etc.apparmor.d.sbin.syslog.ng: [modified]
modified.conffile..etc.apparmor.d.sbin.syslogd: [modified]
modified.conffile..etc.apparmor.d.usr.bin.chromium.browser: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.dovecot: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.identd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.mdnsd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.nmbd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.nscd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.smbd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd: [modified]
mtime.conffile..etc.apparmor.d.bin.ping: 2015-10-05T12:02:58.049761
mtime.conffile..etc.apparmor.d.sbin.klogd: 2015-10-05T12:04:03.854535
mtime.conffile..etc.apparmor.d.sbin.syslog.ng: 2015-10-05T12:03:21.918041
mtime.conffile..etc.apparmor.d.sbin.syslogd: 2015-10-05T12:03:15.705968
mtime.conffile..etc.apparmor.d.usr.bin.chromium.browser:
2015-10-05T12:02:05.273141
mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2015-10-05T11:59:18.903198
mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2016-04-06T17:25:47.252257
mtime.conffile..etc.apparmor.d.usr.sbin.dovecot: 2015-10-05T12:00:55.356323
mtime.conffile..etc.apparmor.d.usr.sbin.identd: 2015-10-05T12:01:02.204403
mtime.conffile..etc.apparmor.d.usr.sbin.mdnsd: 2015-10-05T12:02:37.861523
mtime.conffile..etc.apparmor.d.usr.sbin.nmbd: 2015-10-05T12:00:10.119794
mtime.conffile..etc.apparmor.d.usr.sbin.nscd: 2015-10-05T12:00:17.355879
mtime.conffile..etc.apparmor.d.usr.sbin.smbd: 2015-10-05T12:00:26.103981
mtime.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd:
2015-10-05T12:00:35.504091
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566944
Title:
dnsmasq profile prevents LDX container to launch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1566944/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
