touch-packages team mailing list archive

Thread
Date

[Bug 1432683] Re: apt-get install lxc doesn't load required apparmor profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Oleg Strikov <oleg.strikov@xxxxxxxxxxxxx>
Date: Tue, 17 Mar 2015 11:48:39 -0000
Reply-to: Bug 1432683 <1432683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Serge,

Many thanks for looking at the bug.
Here is information you requested.

ubuntu@vivid-lxc-bug:~$ uname -a
Linux vivid-lxc-bug 3.19.0-9-generic #9-Ubuntu SMP Wed Mar 11 17:50:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@vivid-lxc-bug:~$ sudo aa-status 
apparmor module is loaded.
6 profiles are loaded.
6 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
1 processes are unconfined but have a profile defined.
   /sbin/dhclient (508)

/tmp/debug.out:
http://paste.ubuntu.com/10614837/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1432683

Title:
  apt-get install lxc doesn't load required apparmor profiles

Status in lxc package in Ubuntu:
  Incomplete

Bug description:
  I'm trying to use LXC on my openstack instance which runs vivid daily:

  $ sudo apt-get install lxc -y

  $ sudo lxc-create -t ubuntu-cloud --name=vivid -- --flush-cache
  --stream=daily --release=vivid

  $ sudo lxc-start --name vivid --logfile=lxc.log
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  In the log file (lxc.log) I observe the following error:
  lxc-start 1426516387.814 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default

  This profile *exists* under /etc/apparmor.d/lxc/lxc-default but was
  not loaded appropriately.

  This issue disappears if I:
  (a) reload apparmor profile manually: sudo /etc/init.d/apparmor reload
  or
  (b) reboot the instance

  I'd expect that 'apt-get install lxc' has to load all appropriate
  apparmor profiles to allow starting containers w/o profile reloading /
  rebooting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1432683/+subscriptions

References

[Bug 1432683] [NEW] apt-get install lxc doesn't load required apparmor profiles
From: Oleg Strikov, 2015-03-16