using
lxc launch images:ubuntu/yakkety torcontainer
to create the container
the installing tor into the container and starting it I can replicate the error. However this is due to the container not having apparmor installed. The container is not booting with apparmor or loading the tor profile.
Once apparmor is installed the container reports a different error.
using ubuntu/ yakkety torcontainer
lxc launch images:
to create the container
the installing tor into the container and starting it I can replicate the error. However this is due to the container not having apparmor installed. The container is not booting with apparmor or loading the tor profile.
Once apparmor is installed the container reports a different error.
[103975.623545] audit: type=1400 audit(148128451 1.494:2807) : apparmor="DENIED" operation= "change_ onexec" info="no new privs" error=-1 namespace= "root// lxd-tor_ <var-lib- lxd>" profile= "unconfined" name="system_tor" pid=18593 comm="(tor)" target="system_tor"
Which upon investigation is an error in the change_profile check around seccomp no_new_privs when policy is stacked.