kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #140888
[Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
Same problem here:
root@shuttle:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise
root@shuttle:~# uname -a
Linux shuttle 3.2.0-92-generic #130-Ubuntu SMP Mon Oct 5 21:43:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@shuttle:~# lxc-start --name Test
lxc-start: Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'
lxc-start: failed to setup the new pts instance
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'Test'
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1507959
Title:
Regression: Kernel update breaks all lxc-containers lxc-start failing
with (apparmor="DENIED" operation="mount")
Status in linux package in Ubuntu:
Confirmed
Bug description:
Hello,
The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13
After installing those new kernel updates all lxc-start of a container fail with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"
with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied)
and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [ 663.508664] type=1400
audit(1445331540.807:29): apparmor="DENIED" operation="mount"
info="failed type match" error=-13 profile="/usr/bin/lxc-start"
name="/dev/ptmx" pid=2897 comm="lxc-start"
srcname="/dev/pts/ptmx" flags="rw, bind"
After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.
Bad versions:
ii linux-image-3.13.0-66-generic 3.13.0-66.108~precise1 Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-92-generic 3.2.0-92.130 Linux kernel image for version 3.2.0 on 64 bit x86 SMP
Good versions:
ii linux-image-3.13.0-61-generic 3.13.0-61.100~precise1 Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-88-generic 3.2.0-88.126 Linux kernel image for version 3.2.0 on 64 bit x86 SMP
From kernel changelog maybe this other issue here maybe causing it but not verified:
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version k3.13.0-61-generic.
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.11
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 12.04
HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274
IwConfig: Error: [Errno 2] No such file or directory
MachineType: FUJITSU PRIMERGY MX130 S1
MarkForUpload: True
Package: linux (not installed)
ProcEnviron:
LANGUAGE=en_US
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80
ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22
RelatedPackageVersions:
linux-restricted-modules-3.13.0-61-generic N/A
linux-backports-modules-3.13.0-61-generic N/A
linux-firmware 1.79.18
RfKill: Error: [Errno 2] No such file or directory
Tags: precise
Uname: Linux 3.13.0-61-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
dmi.bios.date: 01/18/2011
dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
dmi.bios.version: 6.00 R1.01.2974.A1
dmi.board.asset.tag: -
dmi.board.name: D2974
dmi.board.vendor: FUJITSU
dmi.board.version: S26361-D2974-A1
dmi.chassis.type: 3
dmi.chassis.vendor: FUJITSU
dmi.chassis.version: MX130S1F
dmi.modalias: dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F:
dmi.product.name: PRIMERGY MX130 S1
dmi.sys.vendor: FUJITSU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions
References