[debian-mysql] Bug#920643: mariadb-server-10.3: mariadb won't start when running inside an lxc container when running on debian testing

Matthew Darwin matthew at mdarwin.ca
Wed Mar 20 14:26:47 GMT 2019 

The following instructions (step 2) resolve the situation:


lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium

   LXC 3 got some significant changes from LXC 2.

    1. The configuration files use different variables. A userland script
       lxc-update-config is available to update automatically your
       configuration files. An automatic update is possible and offered by
       debconf during the upgrade of lxc version < 3.0.2 to lxc version >=
       3.0.2. Mind that this update will only work for priviledged containers
       with configurations present in/var/lib/lxc/*/config and any other
       container will not be updated.
    2. AppArmor support in Debian has increased, thus preventing some systemd
       isolation features to work in LXC 3.0.X. Debian has backported some
       patches from LXC 3.1 that, along with some configurations in a
       container, will allow systemd isolation features to work.

       The required configuration parameters are the ones which follow:
         lxc.apparmor.profile = generated
         lxc.apparmor.allow_nesting = 1

       These parameters are provided in the `/etc/lxc/default.conf` file
       shipped with LXC 3. Hence, any newly created container will have these
       parameters set properly, execpt if you alter the forementionned file.
    3. lxc-templates is deprecated by upstream. The new way of building
       containers is via their distrobuilder software. This software isn't in
       Debian Buster, and thus, we still provide lxc-templates. If you relied
       on it (eg, with lxc.include parameter in some configuration file), you
       should install lxc-templates in case it doesn't come by itself (via
       recommends). Otherwise you may experience issues after the upgrade.

  -- Pierre-Elliott Bécue<peb at debian.org>   Sat, 09 Mar 2019 13:09:05 +0100

On 2019-02-14 10:51 a.m., Faustin Lammler wrote:
> Control: forwarded -1 https://github.com/lxc/lxc/pull/2758
>
> Matthew,
> I able to reproduce this and I have the exact same error (mariadb log +
> apparmor on host).
>
> Your workaround is working but it seems that removing only these 3 lines
> is sufficient:
>> ProtectSystem=full
>> PrivateDevices=true
>> ProtectHome=true
> You can leave this one:
>> ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld
> Another workaround is to disable completely apparmor:
> https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor
>
> I think we should wait until some progress comes from
> https://github.com/lxc/lxc/pull/2758.
>
> Faustin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20190320/25232fe1/attachment.html>

More information about the pkg-mysql-maint mailing list