touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #56866
[Bug 1424154] [NEW] apparmor sysfs remount rejection on lxc-start
Public bug reported:
When starting up an ubuntu lxc container in vivid, I'm seeing the
following apparmor rejection:
Feb 21 01:30:41 vivid-i386 kernel: [ 2121.606513] audit: type=1400
audit(1424511041.643:125): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-container-default"
name="/sys/" pid=20698 comm="mount" flags="rw, nosuid, nodev, noexec,
remount"
The container still started up,and I couldn't see anything problematic
within it related to sysfs.
Adding the following remount apparmor rule to
/etc/apparmor.d/abstractions/lxc/container-base allows the remount
operatoin to succeed:
remount options=(rw, nosuid, nodev, noexec) /sys/,
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0-0ubuntu1 [modified: usr/lib/i386-linux-gnu/lxc/lxc-net]
ProcVersionSignature: Ubuntu 3.18.0-13.14-generic 3.18.5
Uname: Linux 3.18.0-13-generic i686
ApportVersion: 2.16.1-0ubuntu2
Architecture: i386
Date: Sat Feb 21 01:43:55 2015
InstallationDate: Installed on 2014-12-12 (70 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha i386 (20141212)
ProcEnviron:
TERM=screen
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_US.UTF-8
XDG_RUNTIME_DIR=<set>
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
modified.conffile..etc.apparmor.d.abstractions.lxc.container.base: [modified]
modified.conffile..etc.default.lxc: [modified]
mtime.conffile..etc.apparmor.d.abstractions.lxc.container.base: 2015-02-21T01:34:23.031703
mtime.conffile..etc.default.lxc: 2015-02-20T18:15:56.552501
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor apport-bug i386 third-party-packages vivid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1424154
Title:
apparmor sysfs remount rejection on lxc-start
Status in lxc package in Ubuntu:
New
Bug description:
When starting up an ubuntu lxc container in vivid, I'm seeing the
following apparmor rejection:
Feb 21 01:30:41 vivid-i386 kernel: [ 2121.606513] audit: type=1400
audit(1424511041.643:125): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-container-default"
name="/sys/" pid=20698 comm="mount" flags="rw, nosuid, nodev, noexec,
remount"
The container still started up,and I couldn't see anything problematic
within it related to sysfs.
Adding the following remount apparmor rule to
/etc/apparmor.d/abstractions/lxc/container-base allows the remount
operatoin to succeed:
remount options=(rw, nosuid, nodev, noexec) /sys/,
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0-0ubuntu1 [modified: usr/lib/i386-linux-gnu/lxc/lxc-net]
ProcVersionSignature: Ubuntu 3.18.0-13.14-generic 3.18.5
Uname: Linux 3.18.0-13-generic i686
ApportVersion: 2.16.1-0ubuntu2
Architecture: i386
Date: Sat Feb 21 01:43:55 2015
InstallationDate: Installed on 2014-12-12 (70 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha i386 (20141212)
ProcEnviron:
TERM=screen
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_US.UTF-8
XDG_RUNTIME_DIR=<set>
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
modified.conffile..etc.apparmor.d.abstractions.lxc.container.base: [modified]
modified.conffile..etc.default.lxc: [modified]
mtime.conffile..etc.apparmor.d.abstractions.lxc.container.base: 2015-02-21T01:34:23.031703
mtime.conffile..etc.default.lxc: 2015-02-20T18:15:56.552501
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424154/+subscriptions
Follow ups
References
