touch-packages team mailing list archive

Thread
Date

[Bug 1432683] Re: apt-get install lxc doesn't load required apparmor profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jens Elkner <1432683@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Jun 2015 02:37:55 -0000
Reply-to: Bug 1432683 <1432683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It appears, that something is still broken. Because systemd doesn't
work, I installed  upstart + upstart-sysv (and uninstalled systemd-
sysv), but unfortunately sssd doesn't come up (has exactly the same
config, as in other < 14.10 zones, where it works as expected). And
because sssd doesn't come up, other depending services like autofs
doesn't come up either.

The problem seems to be /lib/init/apparmor-profile-load as well, which returns with 1 and thus probably causes start always fail.
As a workaround I modified  /etc/init/sssd.conf:
...
pre-start script
	test -f /etc/sssd/sssd.conf || { stop; exit 0; }
	/lib/init/apparmor-profile-load usr.sbin.sssd || true
end script
...

which makes it work, however, I still wonder, what apparmor-profile-load
causes to return != 0 ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1432683

Title:
  apt-get install lxc doesn't load required apparmor profiles

Status in apparmor package in Ubuntu:
  Fix Released
Status in init-system-helpers package in Ubuntu:
  Triaged
Status in lxc package in Ubuntu:
  Fix Committed
Status in squid3 package in Ubuntu:
  Fix Released
Status in upstart package in Ubuntu:
  Triaged

Bug description:
  I'm trying to use LXC on my openstack instance which runs vivid daily:

  $ sudo apt-get install lxc -y

  $ sudo lxc-create -t ubuntu-cloud --name=vivid -- --flush-cache
  --stream=daily --release=vivid

  $ sudo lxc-start --name vivid --logfile=lxc.log
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  In the log file (lxc.log) I observe the following error:
  lxc-start 1426516387.814 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default

  This profile *exists* under /etc/apparmor.d/lxc/lxc-default but was
  not loaded appropriately.

  This issue disappears if I:
  (a) reload apparmor profile manually: sudo /etc/init.d/apparmor reload
  or
  (b) reboot the instance

  I'd expect that 'apt-get install lxc' has to load all appropriate
  apparmor profiles to allow starting containers w/o profile reloading /
  rebooting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432683/+subscriptions

Follow ups

Re: [Bug 1432683] Re: apt-get install lxc doesn't load required apparmor profiles
From: Serge Hallyn, 2015-06-08

References

[Bug 1432683] [NEW] apt-get install lxc doesn't load required apparmor profiles
From: Oleg Strikov, 2015-03-16