apparmor breaks lxc-start-ephemeral (apparmor+overlayfs returns -EINVAL)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
lxc (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Precise |
Invalid
|
High
|
Unassigned |
Bug Description
Repro:
$ sudo lxc-create -t ubuntu -n precise -f /etc/lxc/local.conf -- -r precise -a i686 -b gary
$ sudo lxc-start-ephemeral -o precise
Setting up ephemeral container...
Starting up the container...
lxc-start: Invalid argument - failed to open /var/lib/
lxc-start: failed to read configuration file
Workaround (thanks to wgrant):
$ sudo ln -s /etc/apparmor.
usr.bin.firefox usr.sbin.rsyslogd
$ sudo ln -s /etc/apparmor.
isable/
$ sudo apparmor_parser -R /etc/apparmor.
$ sudo lxc-start-ephemeral -o precise
Setting up ephemeral container...
Starting up the container...
precise-
You connect with the command:
sudo lxc-console -n precise-
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: NVidia [HDA NVidia], device 0: Cirrus Analog [Cirrus Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Card0.Amixer.info:
Card hw:0 'NVidia'/'HDA NVidia at 0xe7480000 irq 21'
Mixer name : 'Cirrus Logic CS4206'
Components : 'HDA:10134206,
Controls : 18
Simple ctrls : 9
CurrentDmesg:
Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
dmesg: write failed: Broken pipe
DistroRelease: Ubuntu 12.04
MachineType: Apple Inc. MacBookPro5,3
NonfreeKernelMo
Package: lxc 0.7.5-3ubuntu16
PackageArchitec
ProcEnviron:
PATH=(custom, user)
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
Tags: precise running-unity precise running-unity
Uname: Linux 3.2.0-12-generic x86_64
UpgradeStatus: Upgraded to precise on 2012-01-23 (9 days ago)
UserGroups: libvirtd sudo
WifiSyslog:
dmi.bios.date: 06/15/09
dmi.bios.vendor: Apple Inc.
dmi.bios.version: MBP53.88Z.
dmi.board.
dmi.board.name: Mac-F22587C8
dmi.board.vendor: Apple Inc.
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: Apple Inc.
dmi.chassis.
dmi.modalias: dmi:bvnAppleInc
dmi.product.name: MacBookPro5,3
dmi.product.
dmi.sys.vendor: Apple Inc.
summary: |
- apparmor breaks lxc-start-ephemeral + apparmor breaks lxc-start-ephemeral (apparmor+overlayfs returns -EINVAL) |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | added: bot-stop-nagging |
Changed in linux (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04-beta-1 |
tags: | added: rls-p-tracking |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu): | |
milestone: | ubuntu-12.04-beta-1 → ubuntu-12.04-beta-2 |
Changed in lxc (Ubuntu Precise): | |
status: | Confirmed → Invalid |
lxc-start: Invalid argument - failed to open /var/lib/ lxc/pp1- temp-nZopjKs/ config
type=AVC msg=audit( 1328124899. 479:187) : apparmor="ALLOWED" operation="open" info="Failed name lookup" error=-22 parent=18229 profile= "/usr/bin/ lxc-start" name="" pid=18230 comm="lxc-start" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 1328124899. 479:187) : arch=c000003e syscall=2 success=no exit=-22 a0=1b48120 a1=0 a2=1b6 a3=7fff7b243290 items=0 ppid=18229 pid=18230 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=29 comm="lxc-start" exe="/usr/ bin/lxc- start" key=(null)
type=SYSCALL msg=audit(
But /var/lib/ lxc/pp1- temp-nZopjKs/ config does exist.