← Back to team overview

kernel-packages team mailing list archive

[Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")

 

Same problem here:

root@shuttle:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise
root@shuttle:~# uname -a
Linux shuttle 3.2.0-92-generic #130-Ubuntu SMP Mon Oct 5 21:43:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@shuttle:~# lxc-start --name Test
lxc-start: Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'
lxc-start: failed to setup the new pts instance
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'Test'

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1507959

Title:
  Regression: Kernel update breaks all lxc-containers lxc-start failing
  with  (apparmor="DENIED" operation="mount")

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Hello,
  The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13

  After installing those new kernel updates all lxc-start of a container fail with:
  "Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"

  with strace pointing to:
  13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied)

  and dmesg showing:
  Oct 20 10:59:00 titan226 kernel: [  663.508664] type=1400 
                  audit(1445331540.807:29): apparmor="DENIED" operation="mount" 
                  info="failed type match" error=-13 profile="/usr/bin/lxc-start" 
                  name="/dev/ptmx" pid=2897 comm="lxc-start" 
                  srcname="/dev/pts/ptmx" flags="rw, bind"

  After downgrading kernel version the problem immediately dissappeared
  and the lxc-start for containers works again as before.

  Bad versions:
  ii  linux-image-3.13.0-66-generic    3.13.0-66.108~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
  ii  linux-image-3.2.0-92-generic     3.2.0-92.130                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

  
  Good versions:
  ii  linux-image-3.13.0-61-generic    3.13.0-61.100~precise1            Linux kernel image for version 3.13.0 on 64 bit x86 SMP
  ii  linux-image-3.2.0-88-generic     3.2.0-88.126                      Linux kernel image for version 3.2.0 on 64 bit x86 SMP

  From kernel changelog maybe this other issue here maybe causing it but not verified:
    * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
      - LP: #1496430
  --- 
  AlsaVersion: Advanced Linux Sound Architecture Driver Version k3.13.0-61-generic.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu17.11
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  DistroRelease: Ubuntu 12.04
  HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274
  IwConfig: Error: [Errno 2] No such file or directory
  MachineType: FUJITSU PRIMERGY MX130 S1
  MarkForUpload: True
  Package: linux (not installed)
  ProcEnviron:
   LANGUAGE=en_US
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 radeondrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80
  ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-61-generic N/A
   linux-backports-modules-3.13.0-61-generic  N/A
   linux-firmware                             1.79.18
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  precise
  Uname: Linux 3.13.0-61-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  dmi.bios.date: 01/18/2011
  dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
  dmi.bios.version: 6.00 R1.01.2974.A1
  dmi.board.asset.tag: -
  dmi.board.name: D2974
  dmi.board.vendor: FUJITSU
  dmi.board.version: S26361-D2974-A1
  dmi.chassis.type: 3
  dmi.chassis.vendor: FUJITSU
  dmi.chassis.version: MX130S1F
  dmi.modalias: dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F:
  dmi.product.name: PRIMERGY MX130 S1
  dmi.sys.vendor: FUJITSU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions


References