[pkg-lxc-devel] Bug#990075: lxc-attach fails after debian 10.10 update

Matthew Darwin bugs at mdarwin.ca
Sat Jun 19 15:02:03 BST 2021


Package: lxc
Version: 1:3.1.0+really3.0.3-8
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Applied latest apt updates (debian 10.10) and rebooted.  After reboot, lxc-attach doesn't work.

from /var/log/apt/history.log:

Start-Date: 2021-06-19  12:27:42
Commandline: apt-get dist-upgrade
Requested-By: matthew (1011)
Install: linux-headers-4.19.0-17-common:amd64 (4.19.194-1, automatic), linux-headers-4.19.0-17-amd64:amd64 (4.19.194-1, automatic), linux-image-4.19.0-17-amd64:amd64 (4.19.194-1, automatic)
Upgrade: libapt-inst2.0:amd64 (1.8.2.2, 1.8.2.3),apt:amd64  (1.8.2.2, 1.8.2.3), mariadb-common:amd64 (1:10.3.27-0+deb10u1, 1:10.3.29-0+deb10u1), linux-compiler-gcc-8-x86:amd64 (4.19.181-1, 4.19.194-1), libklibc:amd64 (2.0.6-1, 2.0.6-1+deb10u1), libcpupower1:amd64 (4.19.181-1, 4.19.194-1), libapt-pkg5.0:amd64 (1.8.2.2, 1.8.2.3), shim-helpers-amd64-signed:amd64 (1+15+1533136590.3beb971+7+deb10u1, 1+15.4+5~deb10u1), linux-image-amd64:amd64 (4.19+105+deb10u11, 4.19+105+deb10u12), libgcrypt20:amd64 (1.8.4-5, 1.8.4-5+deb10u1), linux-headers-amd64:amd64 (4.19+105+deb10u11, 4.19+105+deb10u12), libhogweed4:amd64 (3.4.1-1, 3.4.1-1+deb10u1), apt-utils:amd64 (1.8.2.2, 1.8.2.3), shim-unsigned:amd64 (15+1533136590.3beb971-7+deb10u1, 15.4-5~deb10u1), shim-signed:amd64 (1.33+15+1533136590.3beb971-7, 1.36~1+deb10u1+15.4-5~deb10u1), libnettle6:amd64 (3.4.1-1, 3.4.1-1+deb10u1), libxml2:amd64 (2.9.4+dfsg1-7+deb10u1, 2.9.4+dfsg1-7+deb10u2), libmariadb3:amd64 (1:10.3.27-0+deb10u1, 1:10.3.29-0+deb10u1), libgnutls30:amd64 (3.6.7-4+deb10u6, 3.6.7-4+deb10u7), linux-kbuild-4.19:amd64 (4.19.181-1, 4.19.194-1), klibc-utils:amd64 (2.0.6-1, 2.0.6-1+deb10u1), libglib2.0-0:amd64 (2.58.3-2+deb10u2, 2.58.3-2+deb10u3), shim-signed-common:amd64 (1.33+15+1533136590.3beb971-7, 1.36~1+deb10u1+15.4-5~deb10u1), linux-cpupower:amd64 (4.19.181-1, 4.19.194-1), base-files:amd64 (10.3+deb10u9, 10.3+deb10u10)
End-Date: 2021-06-19  12:29:41


$ lxc-attach mar-mon1
lxc-attach: mar-mon1: lsm/lsm.c: lsm_process_label_set_at: 174 Operation not permitted - Failed to set AppArmor label "lxc-mar-mon1_</var/lib/lxc>//&:lxc-mar-mon1_<-var-lib-lxc>:unconfined"

The lxc-config file contains

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

The generated apparmor seems unchanged when I compare it to containers on a server I didn't reboot.
I did reboot 2 servers after this debian update, and both have this problem.


-- System Information:
Debian Release: 10.10
   APT prefers stable
   APT policy: (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-10
ii  libcap2                1:2.25-2
ii  libgnutls30            3.6.7-4+deb10u7
ii  liblxc1                1:3.1.0+really3.0.3-8
ii  libseccomp2            2.3.3-4
ii  libselinux1            2.8-1+b1
ii  lsb-base               10.2019051400

Versions of packages lxc recommends:
ii  apparmor       2.13.2-10
ii  bridge-utils   1.6-2
pn  debootstrap    <none>
ii  dirmngr        2.2.12-1+deb10u1
pn  dnsmasq-base   <none>
ii  gnupg          2.2.12-1+deb10u1
ii  iproute2       4.20.0-2+deb10u1
ii  iptables       1.8.2-4
pn  libpam-cgfs    <none>
pn  lxc-templates  <none>
ii  lxcfs          3.0.3-2
ii  openssl        1.1.1d-0+deb10u6
pn  rsync          <none>
pn  uidmap         <none>

Versions of packages lxc suggests:
pn  btrfs-progs  <none>
pn  lvm2         <none>
pn  python3-lxc  <none>



More information about the Pkg-lxc-devel mailing list