aims team mailing list archive

Thread
Date
[Bug 1507959] [NEW] Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")

To: aims@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1507959@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Oct 2015 19:19:25 -0000
Reply-to: Bug 1507959 <1507959@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
You have been subscribed to a public bug by Jan Groenewald (jan-aims):

Hello,
The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13

After installing those new kernel updates all lxc-start of a container fail with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"

with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied)

and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [  663.508664] type=1400 
                audit(1445331540.807:29): apparmor="DENIED" operation="mount" 
                info="failed type match" error=-13 profile="/usr/bin/lxc-start" 
                name="/dev/ptmx" pid=2897 comm="lxc-start" 
                srcname="/dev/pts/ptmx" flags="rw, bind"

After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.

Bad versions:
ii  linux-image-3.13.0-66-generic    3.13.0-66.108~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii  linux-image-3.2.0-92-generic     3.2.0-92.130                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP


Good versions:
ii  linux-image-3.13.0-61-generic    3.13.0-61.100~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii  linux-image-3.2.0-88-generic     3.2.0-88.126                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

>From kernel changelog maybe this other issue here maybe causing it but not verified:
  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430
--- 
AlsaVersion: Advanced Linux Sound Architecture Driver Version k3.13.0-61-generic.
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.11
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 12.04
HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274
IwConfig: Error: [Errno 2] No such file or directory
MachineType: FUJITSU PRIMERGY MX130 S1
MarkForUpload: True
Package: linux (not installed)
ProcEnviron:
 LANGUAGE=en_US
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80
ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-61-generic N/A
 linux-backports-modules-3.13.0-61-generic  N/A
 linux-firmware                             1.79.18
RfKill: Error: [Errno 2] No such file or directory
Tags:  precise
Uname: Linux 3.13.0-61-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
 
dmi.bios.date: 01/18/2011
dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
dmi.bios.version: 6.00 R1.01.2974.A1
dmi.board.asset.tag: -
dmi.board.name: D2974
dmi.board.vendor: FUJITSU
dmi.board.version: S26361-D2974-A1
dmi.chassis.type: 3
dmi.chassis.vendor: FUJITSU
dmi.chassis.version: MX130S1F
dmi.modalias: dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F:
dmi.product.name: PRIMERGY MX130 S1
dmi.sys.vendor: FUJITSU

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: apport-collected precise trusty
-- 
Regression: Kernel update breaks all lxc-containers lxc-start failing with  (apparmor="DENIED" operation="mount")
https://bugs.launchpad.net/bugs/1507959
You received this bug notification because you are a member of AIMS, which is subscribed to the bug report.