[pkg-apparmor] Bug#921176: redis-server service is failing to start in buster lxc container
intrigeri
intrigeri at debian.org
Sun Feb 24 14:01:14 GMT 2019
Control: reassign -1 lxc
Control: severity -1 important
Hi,
Pirate Praveen:
> In dmesg inside container (same error on the host as well), so it seems
> apparmor is blocking it.
> [14760.307180] audit: type=1400 audit(1549992481.311:156):
> apparmor="DENIED" operation="mount" info="failed flags match" error=-13
> profile="lxc-container-default-cgns" name="/" pid=20531
> comm="(s-server)" flags="rw, rslave"
The lxc-container-default-cgns profile is shipped by the lxc
package ⇒ reassigning.
This looks very much like LXC bug #916639 so please retry with:
lxc 1:3.1.0+really3.0.3-3 or newer?
If that's not sufficient, you might need to set these options for
your container:
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
(On sid, these settings are in /etc/lxc/default.conf already but I'm
not familiar with LXC and I don't know if they'll apply to
pre-existing containers.)
Thanks in advance!
Also, I'm setting severity to non-RC as it would be unfortunate to
block the migration to testing of… the very version that likely fixes
this bug. Once it's clarified that this is #916639, I'll fix
the metadata.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list