[pkg-apparmor] Bug#1050256: autopkgtest fails on debci
Michael Biebl
biebl at debian.org
Thu Aug 24 09:53:14 BST 2023
Am 23.08.23 um 14:32 schrieb Michael Biebl:
> I see the following error in the journal:
>
> Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED"
> operation="file_lock"
> profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096
> comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0
> requested_mask="send"
> Aug 23 14:23:50 debian kernel: audit: type=1400
> audit(1692793430.788:33): apparmor="DENIED" operation="file_lock"
> profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096
> comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0
> requested_mask="send"
> Aug 23 14:23:50 debian kernel: audit: type=1400
> audit(1692793430.788:34): apparmor="DENIED" operation="file_lock"
> profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096
> comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0
> requested_mask="send"
> Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED"
> operation="file_lock"
> profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096
> comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0
> requested_mask="send"
>
>
>
> With the 6.4 kernel, no such error happens.
>
> So, this looks to me like an AppArmor issue, thus reassigning to the
> apparmor package.
>
It appears this was already reported separately as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038315
and the corresponding upstream bug
https://github.com/lxc/lxc/issues/4333
Apparently any service using PrivateNetwork=yes and running inside lxc,
will trigger this AppArmor violation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20230824/c4078ed4/attachment-0003.sig>
More information about the pkg-apparmor-team
mailing list