autopkgtests fail in LXC testbed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Auto Package Testing |
Invalid
|
Undecided
|
Unassigned | ||
lxc (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
This spawned from https:/
The testbeds use a custom and more liberal apparmor profile than the default LXC one (see http://
profile lxc-container-adt flags=(
#include <abstractions/
#include <abstractions/
# Nesting
mount fstype=cgroup -> /sys/fs/cgroup/**,
mount fstype=proc -> /var/cache/lxc/**,
mount fstype=sysfs -> /var/cache/lxc/**,
mount options=(rw,bind) /var/cache/
# Required for lxc-tests
mount options=(rw,bind) /lib/** -> /var/lib/lxc**,
mount options=(rw,rbind) /var/lib/
# Allow containers to mount /proc, e. g. for sbuild/pbuilder tests
mount options=(rw,bind),
mount fstype=devpts,
mount fstype=proc,
mount fstype=sysfs,
}
But with just this they hang eternally and time out, and there are also some test failures.
Reproducer: (tested on wily amd64):
adt-build-lxc ubuntu wily
echo "lxc.aa_profile = unconfined" | tee -a /var/lib/
adt-run lxc --- lxc -s adt-wily
Changed in lxc (Ubuntu): | |
importance: | Undecided → Medium |
Changed in lxc (Ubuntu): | |
status: | Triaged → Won't Fix |
With just the default apparmor profile from above I get these AA violations in dmesg:
[889413.230615] type=1400 audit(144396300 8.728:498) : apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile= "lxc-container- adt" name="/ sys/fs/ cgroup/ " pid=6897 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime" 6.141:499) : apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile= "lxc-container- adt" name="/" pid=7553 comm="systemd- machine" flags="rw, rslave" 5.899:500) : apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile= "lxc-container- adt" name="/ sys/fs/ cgroup/ " pid=8165 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"
[889420.643901] type=1400 audit(144396301
[889440.399211] type=1400 audit(144396303