On Wed, Nov 01, 2017 at 03:38:23PM +0100, Evgeni Golov wrote: > Ohai, > > On Wed, Nov 01, 2017 at 12:00:12PM -0200, Antonio Terceiro wrote: > > > lxc-start 20171101123914.655 ERROR lxc_apparmor - > > > lsm/apparmor.c:apparmor_process_label_set:220 - If you really want to > > > start this container, set > > > lxc-start 20171101123914.655 ERROR lxc_apparmor - > > > lsm/apparmor.c:apparmor_process_label_set:221 - lxc.aa_allow_incomplete = > > > 1 > > > lxc-start 20171101123914.655 ERROR lxc_apparmor - > > > lsm/apparmor.c:apparmor_process_label_set:222 - in your container > > > configuration file > > So, I tried downgrading the kernel to the one in testing, rebooted, and > > now I can start containers again, So this is being caused by a change in > > the kernel between 4.13.4-2 and 4.13.10-1 > > > > I still need to study the lxc code path that is being triggered to be > > able to provide more useful information. Since the issue is definitively > > related to apparmor, I am also copying the apparmor team in case they > > have any input to provide. > > Can you try to set "lxc.aa_allow_incomplete = 1" in your config? > LXC expects Ubuntus patched kernels when it comes to AppArmor, not the > upstream ones :( > > And I think Debian enabled AppArmor by default in the latest kernels.
Didn't help. At least now we have a different error message: lxc-start 20171102130036.516 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:234 - No such file or directory - failed to change apparmor profile to lxc-container-default-cgns lxc-start 20171102130036.516 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 5) lxc-start 20171102130036.564 ERROR lxc_container - lxccontainer.c:wait_on_daemonized_start:754 - Received container state "ABORTING" instead of "RUNNING" lxc-start 20171102130036.564 ERROR lxc_start - start.c:__lxc_start:1530 - Failed to spawn container "test". lxc-start 20171102130036.564 ERROR lxc_start_ui - tools/lxc_start.c:main:368 - The container failed to start. lxc-start 20171102130036.564 ERROR lxc_start_ui - tools/lxc_start.c:main:370 - To get more details, run the container in foreground mode. lxc-start 20171102130036.564 ERROR lxc_start_ui - tools/lxc_start.c:main:372 - Additional information can be obtained by setting the --logfile and --logpriority options. I guess we will need to fix the apparmor support in lxc to work with the upstream kernel. :-/
signature.asc
Description: PGP signature
