*** This bug is a duplicate of bug 1780227 ***
https://bugs.launchpad.net/bugs/1780227
On Container restart I found a bunch of unrelated apparmor denies that look
like:
[1220983.698955] audit: type=1400 audit(1535545118.043:8745): apparmor="DENIED"
operation="mount" info="failed flags match" error=-13
profile="lxd-cpaelzer-cosmic-systemd_</var/lib/lxd>" name="/run/" pid=21102
comm="mount" flags="rw, nosuid, nodev, remount"
That is LXD on the Host being denied to do things
Further when restarting systemd-resolved I saw these:
[1221051.971026] audit: type=1400 audit(1535545186.315:8854): apparmor="DENIED"
operation="file_lock" profile="lxd-cpaelzer-cosmic-systemd_</var/lib/lxd>"
pid=22329 comm="(resolved)" family="unix" sock_type="dgram" protocol=0 addr=none
Knowing that I also realized that the broken systems all had no reboot for
quite some time, but the repro KVMs are obviously new.
With that in mind I found bug 1780227 sounds close enough I think.
Rebooted the host to a newer kernel and e voila that is it.
That said I'll make this a dup, but this is a rather "hard" impact.
We should make known that Cosmic since today fails to work in containers prior
to Kernels:
- 4.4.0-134.160
- 4.15.0-33.36
Unfortunately the Guest-Container can enforce no dependencies onto the host
kernel.
I'll discuss potential extra communication in standup today.
** This bug has been marked a duplicate of bug 1780227
locking sockets broken due to missing AppArmor socket mediation patches
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1789627
Title:
systemd-resolved of systemd 239 is failing in cosmic containers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1789627/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
