Am 23.08.23 um 14:32 schrieb Michael Biebl:
I see the following error in the journal:Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian kernel: audit: type=1400 audit(1692793430.788:33): apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian kernel: audit: type=1400 audit(1692793430.788:34): apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send"With the 6.4 kernel, no such error happens.So, this looks to me like an AppArmor issue, thus reassigning to the apparmor package.
It appears this was already reported separately as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038315 and the corresponding upstream bug https://github.com/lxc/lxc/issues/4333Apparently any service using PrivateNetwork=yes and running inside lxc, will trigger this AppArmor violation.
OpenPGP_signature.asc
Description: OpenPGP digital signature
