[pkg-lxc-devel] Bug#921176: redis-server service is failing to start in buster lxc container

[Antonio Terceiro]

On Sun, Apr 07, 2019 at 08:37:53PM +0200, Pierre-Elliott Bécue wrote:
> Le dimanche 24 février 2019 à 15:01:14+0100, intrigeri a écrit :
> > Control: reassign -1 lxc
> > Control: severity -1 important
> > 
> > Hi,
> > 
> > Pirate Praveen:
> > > In dmesg inside container (same error on the host as well), so it seems 
> > > apparmor is blocking it.
> > 
> > > [14760.307180] audit: type=1400 audit(1549992481.311:156): 
> > > apparmor="DENIED" operation="mount" info="failed flags match" error=-13 
> > > profile="lxc-container-default-cgns" name="/" pid=20531 
> > > comm="(s-server)" flags="rw, rslave"
> > 
> > The lxc-container-default-cgns profile is shipped by the lxc
> > package ⇒ reassigning.
> > 
> > This looks very much like LXC bug #916639 so please retry with:
> > lxc 1:3.1.0+really3.0.3-3 or newer?
> > 
> > If that's not sufficient, you might need to set these options for
> > your container:
> > 
> >    lxc.apparmor.profile = generated
> >    lxc.apparmor.allow_nesting = 1
> > 
> > (On sid, these settings are in /etc/lxc/default.conf already but I'm
> > not familiar with LXC and I don't know if they'll apply to
> > pre-existing containers.)
> > 
> > Thanks in advance!
> > 
> > Also, I'm setting severity to non-RC as it would be unfortunate to
> > block the migration to testing of… the very version that likely fixes
> > this bug. Once it's clarified that this is #916639, I'll fix
> > the metadata.
> > 
> > Cheers,
> 
> Dear Praveen,
> 
> Did you give a test at the latest LXC3 releases?
> 
> I wonder if I can close this bug report now.

FWIW I just tested in a clean container and redis-server starts just
fine.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20190407/5b6517cc/attachment-0001.sig>