Bug#918839: systemd: LXC Container with debian buster can no longer start services after updating to systemd_240

[Michael Biebl]

Am 09.01.19 um 22:29 schrieb Adrian Almenar:
> Container is a simple debian buster made with debootstrap
> 
> using systemd 239 server was able to install and run mysql, apache,
> dovecot services but since the update to systemd 240, not even creating
> a new template the services start and on a clean template they dont even
> install.
> 
> 
> [510907.402767] audit: type=1400 audit(1546941509.083:189):
> apparmor="DENIED" operation="mount" info="failed flags match" error=-13
> profile="lxc-9002_</var/lib/lxc>" name="/" pid=30859 comm="(install)"
> flags="rw, rslave"
> 
> [511748.194258] audit: type=1400 audit(1546942349.893:190):
> apparmor="DENIED" operation="mount" info="failed flags match" error=-13
> profile="lxc-9002_</var/lib/lxc>" name="/" pid=1698 comm="(pachectl)"
> flags="rw, rslave"
> 
> [519311.829786] audit: type=1400 audit(1546949913.651:193):
> apparmor="DENIED" operation="mount" info="failed flags match" error=-13
> profile="lxc-9002_</var/lib/lxc>" name="/" pid=24770 comm="(dovecot)"
> flags="rw, rslave"
> 

Can you disable AppArmor confinement and try again?
(with lxc 3.x that means setting lxc.apparmor.profile = unconfined)

Or use the config options from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916644


Please also tell us the lxc and apparmor versions you are using

Looping in the AA mantainer.

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190109/66580be2/attachment.sig>