[pkg-lxc-devel] Bug#978065: lxc: After upgrade lxc to 4.0.5-1, cannot start with lxc.cap.drop sys_admin

John Wong johnw.mail at gmail.com
Fri Dec 25 10:27:23 GMT 2020 

Package: lxc
Version: 1:4.0.5-1
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***
	As title, rollback to previous version or remove
	"lxc.cap.drop=sys_admin" solved the issue.
	I found this error in debug.log
	conf - conf.c:lxc_mount_auto_mounts:728 - Invalid cross-device
	link - Failed to mount "/sys/fs/cgroup"

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.74
ii  libc6                  2.31-6
ii  libcap2                1:2.44-1
ii  libgcc-s1              10.2.1-3
ii  liblxc1                1:4.0.5-1
ii  libseccomp2            2.5.1-1
ii  libselinux1            3.1-2+b2
ii  lsb-base               11.1.0

Versions of packages lxc recommends:
ii  apparmor       2.13.5-1+b2
ii  bridge-utils   1.6-3
pn  debootstrap    <none>
ii  dirmngr        2.2.20-1
pn  dnsmasq-base   <none>
ii  gnupg          2.2.20-1
ii  iproute2       5.10.0-1
pn  libpam-cgfs    <none>
ii  lxc-templates  3.0.4-4
ii  lxcfs          4.0.5-1
ii  nftables       0.9.7-1
ii  openssl        1.1.1i-1
ii  rsync          3.2.3-3
pn  uidmap         <none>

Versions of packages lxc suggests:
ii  btrfs-progs  5.9-1+b1
ii  lvm2         2.03.10-1
ii  python3-lxc  1:3.0.4-1+b4

-- Configuration Files:
/etc/apparmor.d/usr.bin.lxc-start changed:
/usr/bin/lxc-start flags=(attach_disconnected) {
  #include <abstractions/lxc/start-container>
  mount options=(rw, bind) -> /proc/sys/kernel/random/boot_id,
  mount options=(ro, nosuid, nodev, noexec, remount, bind) -> /proc/sys/kernel/random/boot_id,
}

/etc/default/lxc-net changed:
USE_LXC_BRIDGE="false"

/etc/lxc/default.conf changed:
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 0


-- debconf information:
  lxc/auto_update_config:

More information about the Pkg-lxc-devel mailing list