This prevents rsyslog from starting in the said container:
root@ganymede:~# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2017-02-24 11:54:24 EST; 30min ago
Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/
Process: 232 ExecStart=/usr/sbin/rsyslogd -n (code=exited, status=127)
Main PID: 232 (code=exited, status=127)
Feb 24 11:54:24 ganymede systemd[1]: Failed to start System Logging Service.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Unit entered failed state.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Failed with result 'exit-code'.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart.
Feb 24 11:54:24 ganymede systemd[1]: Stopped System Logging Service.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Start request repeated too quickly.
Feb 24 11:54:24 ganymede systemd[1]: Failed to start System Logging Service.
I don't know why rsyslog wants to read its own binary but it seems to really want to.
Both the host and the guest are up to date Xenials. Please not that the host runs the kernel from -proposed.
I'm not sure if it's a bug that belongs to Apparmor, rsyslog or even the kernel so please re-assign if needed.
Enabling rsyslog's Apparmor profile in a namespace generates this denial:
[ 3026.956651] audit: type=1400 audit(148795526 3.521:39) : apparmor="DENIED" operation= "file_mprotect" namespace= "root// lxd-ganymede_ <var-lib- lxd>" profile= "/usr/sbin/ rsyslogd" name="/ usr/sbin/ rsyslogd" pid=4165 comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=165536 ouid=165536
This prevents rsyslog from starting in the said container:
root@ganymede:~# systemctl status rsyslog system/ rsyslog. service; enabled; vendor preset: enabled) www.rsyslog. com/doc/ /usr/sbin/ rsyslogd -n (code=exited, status=127)
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/
Active: inactive (dead) (Result: exit-code) since Fri 2017-02-24 11:54:24 EST; 30min ago
Docs: man:rsyslogd(8)
http://
Process: 232 ExecStart=
Main PID: 232 (code=exited, status=127)
Feb 24 11:54:24 ganymede systemd[1]: Failed to start System Logging Service.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Unit entered failed state.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Failed with result 'exit-code'.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart.
Feb 24 11:54:24 ganymede systemd[1]: Stopped System Logging Service.
Feb 24 11:54:24 ganymede systemd[1]: rsyslog.service: Start request repeated too quickly.
Feb 24 11:54:24 ganymede systemd[1]: Failed to start System Logging Service.
I don't know why rsyslog wants to read its own binary but it seems to really want to.
Both the host and the guest are up to date Xenials. Please not that the host runs the kernel from -proposed.
root@jupiter:~# apt-cache policy linux-image- 4.4.0-65- generic apparmor rsyslog 4.4.0-65- generic: dpkg/status archive. ubuntu. com/ubuntu xenial-updates/main amd64 Packages dpkg/status 10.95-0ubuntu2 500 archive. ubuntu. com/ubuntu xenial/main amd64 Packages archive. ubuntu. com/ubuntu xenial/main amd64 Packages dpkg/status
linux-image-
Installed: 4.4.0-65.86
Candidate: 4.4.0-65.86
Version table:
*** 4.4.0-65.86 100
100 /var/lib/
apparmor:
Installed: 2.10.95-0ubuntu2.5
Candidate: 2.10.95-0ubuntu2.5
Version table:
*** 2.10.95-0ubuntu2.5 500
500 http://
100 /var/lib/
2.
500 http://
rsyslog:
Installed: 8.16.0-1ubuntu3
Candidate: 8.16.0-1ubuntu3
Version table:
*** 8.16.0-1ubuntu3 500
500 http://
100 /var/lib/
ProblemType: Bug ature: Ubuntu 4.4.0-65.86-generic 4.4.49 dules: zfs zunicode zcommon znvpair zavl /boot/vmlinuz- 4.4.0-65- generic. efi.signed root=UUID= b23cf18f- e8d0-4a4f- 9e8d-6aa47569e8 6b ro possible_cpus=2 nmi_watchdog=0 kaslr vsyscall=none transparent_ hugepage= never
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2.5
ProcVersionSign
Uname: Linux 4.4.0-65-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Fri Feb 24 12:17:34 2017
InstallationDate: Installed on 2016-12-19 (66 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Beta amd64 (20161219)
ProcKernelCmdline: BOOT_IMAGE=
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
Syslog: Feb 24 11:04:10 jupiter dbus[1812]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)