[pkg-lxc-devel] Bug#898025: lxc: apparmor="DENIED" operation="mount" info="failed flags match" error=-13

kaka johnw.mail at gmail.com
Sun May 6 03:06:22 BST 2018 

Package: lxc
Version: 1:2.0.9-6
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?
Over the year, if I enable apparmor for lxc (lxc.aa_profile = lxc-container-default),
I see a lot of "apparmor denied" messages like below,
But the lxc itself is can running and functional without a problem,
Why apparmor always complain lxc? (is this normal)?

apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/pstore/" pid=2676 comm="mount" fstype="pstore" srcname="pstore"
apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/pstore/" pid=2676 comm="mount" fstype="pstore" srcname="pstore" flags="ro"
apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=2763 comm="mount" flags="rw, remount"

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  libapparmor1  2.12-4
ii  libc6         2.27-3
ii  libcap2       1:2.25-1.2
ii  libgnutls30   3.5.18-1
ii  liblxc1       1:2.0.9-6
ii  libseccomp2   2.3.3-1
ii  libselinux1   2.7-2+b2
ii  lsb-base      9.20170808
ii  python3       3.6.5-3
ii  python3-lxc   1:2.0.9-6

Versions of packages lxc recommends:
ii  bridge-utils  1.5-16
pn  debootstrap   <none>
ii  dirmngr       2.2.5-1
pn  dnsmasq-base  <none>
ii  gnupg         2.2.5-1
ii  iptables      1.6.2-1
pn  libpam-cgfs   <none>
pn  lxcfs         <none>
ii  openssl       1.1.0h-2
ii  rsync         3.1.2-2.1
pn  uidmap        <none>

Versions of packages lxc suggests:
ii  apparmor     2.12-4
ii  btrfs-progs  4.15.1-2
pn  lvm2         <none>

-- Configuration Files:
/etc/apparmor.d/abstractions/lxc/container-base [Errno 13] Permission denied: '/etc/apparmor.d/abstractions/lxc/container-base'
/etc/apparmor.d/abstractions/lxc/start-container [Errno 13] Permission denied: '/etc/apparmor.d/abstractions/lxc/start-container'
/etc/apparmor.d/lxc-containers [Errno 13] Permission denied: '/etc/apparmor.d/lxc-containers'
/etc/apparmor.d/lxc/lxc-default [Errno 13] Permission denied: '/etc/apparmor.d/lxc/lxc-default'
/etc/apparmor.d/lxc/lxc-default-cgns [Errno 13] Permission denied: '/etc/apparmor.d/lxc/lxc-default-cgns'
/etc/apparmor.d/lxc/lxc-default-with-mounting [Errno 13] Permission denied: '/etc/apparmor.d/lxc/lxc-default-with-mounting'
/etc/apparmor.d/lxc/lxc-default-with-nesting [Errno 13] Permission denied: '/etc/apparmor.d/lxc/lxc-default-with-nesting'
/etc/apparmor.d/usr.bin.lxc-start [Errno 13] Permission denied: '/etc/apparmor.d/usr.bin.lxc-start'

-- no debconf information

More information about the Pkg-lxc-devel mailing list