apparmor profile for /var/lib/lxd denies mount operation on container creation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
When I create a container using "lxc launch ubuntu", apparmor logs the following denial:
Jan 25 17:05:58 xxxxx kernel: [32910.202500] audit: type=1400 audit(145376315
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: apparmor 2.10-0ubuntu6
ProcVersionSign
Uname: Linux 4.2.0-25-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jan 25 17:07:32 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-11-13 (73 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
ProcKernelCmdline: BOOT_IMAGE=
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
affects: | apparmor (Ubuntu) → lxd (Ubuntu) |
Changed in lxd (Ubuntu): | |
status: | Triaged → Fix Committed |
affects: | lxd (Ubuntu) → lxc (Ubuntu) |
Changed in lxc (Ubuntu): | |
status: | Fix Committed → Fix Released |
Looks like systemd is unhappy with the way /sys is mounted and is remounting it. Those flags don't seem harmful so we probably can allow them.