touch-packages team mailing list archive

Thread
Date

[Bug 1502604] Re: autopkgtests fail in LXC testbed

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Sun, 04 Oct 2015 12:55:54 -0000
Reply-to: Bug 1502604 <1502604@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

With just the default apparmor profile from above I get these AA
violations in dmesg:

[889413.230615] type=1400 audit(1443963008.728:498): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-adt" name="/sys/fs/cgroup/" pid=6897 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"
[889420.643901] type=1400 audit(1443963016.141:499): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-adt" name="/" pid=7553 comm="systemd-machine" flags="rw, rslave"
[889440.399211] type=1400 audit(1443963035.899:500): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-adt" name="/sys/fs/cgroup/" pid=8165 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1502604

Title:
  autopkgtests fail in LXC testbed

Status in Auto Package Testing:
  New
Status in lxc package in Ubuntu:
  New

Bug description:
  This spawned from
  https://plus.google.com/u/0/+MartinPitti/posts/JE8be51XRZy : lxc's
  autopkgtests currently fail on armhf/ppc64el where we run autopkgtests
  in an LXC container
  (http://autopkgtest.ubuntu.com/packages/l/lxc/wily/armhf/). This isn't
  a bug in LXC itself, but I started with this to get some appropriate
  subscribers.

  The testbeds use a custom and more liberal apparmor profile than the
  default LXC one (see http://bazaar.launchpad.net/~auto-package-
  testing-dev/auto-package-testing/trunk/view/head:/slave-admin/setup-
  adt-lxc.commands):

  profile lxc-container-adt flags=(attach_disconnected,mediate_deleted) {
    #include <abstractions/lxc/container-base>
    #include <abstractions/lxc/start-container>

    # Nesting
    mount fstype=cgroup -> /sys/fs/cgroup/**,
    mount fstype=proc -> /var/cache/lxc/**,
    mount fstype=sysfs -> /var/cache/lxc/**,
    mount options=(rw,bind) /var/cache/lxc/**/dev/shm/ -> /var/cache/lxc/**/run/shm/,

    # Required for lxc-tests
    mount options=(rw,bind) /lib/** -> /var/lib/lxc**,
    mount options=(rw,rbind) /var/lib/lxcsnaps/** -> /var/lib/lxcsnaps/**,

    # Allow containers to mount /proc, e. g. for sbuild/pbuilder tests
    mount options=(rw,bind),
    mount fstype=devpts,
    mount fstype=proc,
    mount fstype=sysfs,
  }

  But with just this they hang eternally and time out, and there are
  also some test failures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/auto-package-testing/+bug/1502604/+subscriptions

References

[Bug 1502604] [NEW] autopkgtests fail in LXC testbed
From: Martin Pitt, 2015-10-04