Ubuntu
lxc package

apparmor profile for /var/lib/lxd denies mount operation on container creation

Bug #1537939 reported by Ian Nicholson on 2016-01-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	lxc (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

When I create a container using "lxc launch ubuntu", apparmor logs the following denial:

Jan 25 17:05:58 xxxxx kernel: [32910.202500] audit: type=1400 audit(1453763158.495:185): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxd-louche-ettie_</var/lib/lxd>" name="/sys/" pid=7619 comm="mount" flags="rw, nosuid, nodev, noexec, remount"

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: apparmor 2.10-0ubuntu6
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jan 25 17:07:32 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-11-13 (73 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-25-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:

UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Ian Nicholson (imnichol) wrote on 2016-01-25:

ApparmorPackages.txt Edit (422 bytes, text/plain; charset="utf-8")
ApparmorStatusOutput.txt Edit (4.2 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (5.5 KiB, text/plain; charset="utf-8")
JournalErrors.txt Edit (24.1 KiB, text/plain; charset="utf-8")
KernLog.txt Edit (7.2 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (112 bytes, text/plain; charset="utf-8")
PstreeP.txt Edit (30.4 KiB, text/plain; charset="utf-8")

Seth Arnold (seth-arnold) on 2016-01-25

affects:

apparmor (Ubuntu) → lxd (Ubuntu)

Revision history for this message

Stéphane Graber (stgraber) wrote on 2016-01-26:

Looks like systemd is unhappy with the way /sys is mounted and is remounting it. Those flags don't seem harmful so we probably can allow them.

Changed in lxd (Ubuntu):
status:	New → Triaged
importance:	Undecided → Low

Stéphane Graber (stgraber) on 2016-02-16

Changed in lxd (Ubuntu):
status:	Triaged → Fix Committed
affects:	lxd (Ubuntu) → lxc (Ubuntu)

Stéphane Graber (stgraber) on 2020-03-26

Changed in lxc (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulxc package