[pkg-lxc-devel] Bug#880502: Bug#880502: lxc: cannot start container with kernel 4.13.10
Evgeni Golov
evgeni at debian.org
Wed Nov 1 14:38:23 UTC 2017
Ohai,
On Wed, Nov 01, 2017 at 12:00:12PM -0200, Antonio Terceiro wrote:
> > lxc-start 20171101123914.655 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:220 - If you really want to start this container, set
> > lxc-start 20171101123914.655 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:221 - lxc.aa_allow_incomplete = 1
> > lxc-start 20171101123914.655 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:222 - in your container configuration file
> So, I tried downgrading the kernel to the one in testing, rebooted, and
> now I can start containers again, So this is being caused by a change in
> the kernel between 4.13.4-2 and 4.13.10-1
>
> I still need to study the lxc code path that is being triggered to be
> able to provide more useful information. Since the issue is definitively
> related to apparmor, I am also copying the apparmor team in case they
> have any input to provide.
Can you try to set "lxc.aa_allow_incomplete = 1" in your config?
LXC expects Ubuntus patched kernels when it comes to AppArmor, not the
upstream ones :(
And I think Debian enabled AppArmor by default in the latest kernels.
Evgeni
More information about the Pkg-lxc-devel
mailing list