lxc-start on default vivid container fails on apparmor violation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
With latest vivid's LXC, starting a vivid container now fails on mounting the cgroups:
$ sudo lxc-create --name=v -t ubuntu -- -r vivid
$ sudo lxc-start -n v -F
Failed to mount cgroup at /sys/fs/
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Ubuntu Vivid Vervet (development branch)!
Set hostname to <v>.
Failed to install release agent, ignoring: No such file or directory
Failed to create root cgroup hierarchy: No such file or directory
Failed to allocate manager object: No such file or directory
This is due to an apparmor violation:
$ dmesg
[17921.831035] kvm [26603]: vcpu0 disabled perfctr wrmsr: 0xc1 data 0xffff
[17945.611375] device vethWK88T5 entered promiscuous mode
[17945.611487] IPv6: ADDRCONF(
[17945.651954] eth0: renamed from vethB6ASGB
[17945.692029] IPv6: ADDRCONF(
[17945.692104] lxcbr0: port 1(vethWK88T5) entered forwarding state
[17945.692116] lxcbr0: port 1(vethWK88T5) entered forwarding state
[17945.730478] audit: type=1400 audit(142840053
[17945.730505] audit: type=1400 audit(142840053
[17945.730931] audit: type=1400 audit(142840053
[17945.730963] audit: type=1400 audit(142840053
[17945.730993] audit: type=1400 audit(142840053
[17945.731020] audit: type=1400 audit(142840053
[17945.731049] audit: type=1400 audit(142840053
[17945.731077] audit: type=1400 audit(142840053
[17945.731106] audit: type=1400 audit(142840053
[17945.731133] audit: type=1400 audit(142840053
The workaround is to change the container config to use "lxc.aa_profile = unconfined", but I suppose we actually want the default profile to work.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.1-0ubuntu4
ProcVersionSign
Uname: Linux 3.19.0-12-generic x86_64
ApportVersion: 2.17-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Apr 7 11:55:09 2015
EcryptfsInUse: Yes
KernLog:
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.conf: lxc.lxcpath = /srv/lxc
Status changed to 'Confirmed' because the bug affects multiple users.