kernel-packages team mailing list archive

[Stefan Huehner <1507959@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Hello,
The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13

After installing those new kernel updates all lxc-start of a container fail with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"

with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied)

and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [  663.508664] type=1400 
                audit(1445331540.807:29): apparmor="DENIED" operation="mount" 
                info="failed type match" error=-13 profile="/usr/bin/lxc-start" 
                name="/dev/ptmx" pid=2897 comm="lxc-start" 
                srcname="/dev/pts/ptmx" flags="rw, bind"

After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.

Bad versions:
ii  linux-image-3.13.0-66-generic    3.13.0-66.108~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii  linux-image-3.2.0-92-generic     3.2.0-92.130                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP


Good versions:
ii  linux-image-3.13.0-61-generic    3.13.0-61.100~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii  linux-image-3.2.0-88-generic     3.2.0-88.126                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

>From kernel changelog maybe this other issue here maybe causing it but not verified:
  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1507959

Title:
  Regression: Kernel update breaks all lxc-containers lxc-start failing
  with  (apparmor="DENIED" operation="mount")

Status in linux package in Ubuntu:
  New

Bug description:
  Hello,
  The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13

  After installing those new kernel updates all lxc-start of a container fail with:
  "Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"

  with strace pointing to:
  13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied)

  and dmesg showing:
  Oct 20 10:59:00 titan226 kernel: [  663.508664] type=1400 
                  audit(1445331540.807:29): apparmor="DENIED" operation="mount" 
                  info="failed type match" error=-13 profile="/usr/bin/lxc-start" 
                  name="/dev/ptmx" pid=2897 comm="lxc-start" 
                  srcname="/dev/pts/ptmx" flags="rw, bind"

  After downgrading kernel version the problem immediately dissappeared
  and the lxc-start for containers works again as before.

  Bad versions:
  ii  linux-image-3.13.0-66-generic    3.13.0-66.108~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
  ii  linux-image-3.2.0-92-generic     3.2.0-92.130                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

  
  Good versions:
  ii  linux-image-3.13.0-61-generic    3.13.0-61.100~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
  ii  linux-image-3.2.0-88-generic     3.2.0-88.126                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

  From kernel changelog maybe this other issue here maybe causing it but not verified:
    * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
      - LP: #1496430

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions