[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
Which distribution is in the rootfs? ** Changed in: lxc (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
** Changed in: lxc (Ubuntu) Status: Incomplete = Triaged ** Changed in: lxc (Ubuntu) Importance: Undecided = Critical ** Changed in: lxc (Ubuntu) Status: Triaged = New ** Changed in: lxc (Ubuntu) Importance: Critical = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: New Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
The rootfs used Vivid and now Wily, but the issue remains with both. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
This happens if the container config doe snot specify mounting /proc, because there is no (or a wrong) /proc in the container until the container's init mounts it. So lxc-attach needs to mount a temporary /proc (after switching namespaces) for the sake of setting the lsm label. ** Changed in: lxc (Ubuntu) Status: Incomplete = Triaged ** Summary changed: - failed to change apparmor profile to lxc-container-default-with-nesting + lxc-attach needs to mount a /proc for apparmor's use ** Changed in: lxc (Ubuntu) Assignee: (unassigned) = Serge Hallyn (serge-hallyn) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: lxc-attach needs to mount a /proc for apparmor's use Status in lxc package in Ubuntu: Triaged Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
I cannot reproduce this. Would it be possible to coordinate your handing off a broken system to me? Unfortunately I am out tomorrow and Friday, but perhaps sometime next week? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
Dang, I was afraid you might not be able to reproduce, being a race and all. I'm not sure it's possible to hand off the system as it's my primary development machine. I think I will take a stab in trying to debug this. A quick looks shows that it is failing in this block in lsm/apparmor.c: if (aa_change_profile(label) 0) Looking in the apparmor source code shows a few places this may fail, especially with the No such file or directory errno value. The call(s) in setprocattr(), particularly procattr_path(). I'm thinking that perhaps the /proc path is not really fully up before lxc_wait says that the container is in a RUNNING state. I'm using SSD's which may or may not make a difference, but they can sometimes add some races due to their fast nature. Next, I will look into what exactly lxc_wait is querying to know when it is RUNNING... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
So, if I remove the lxc-wait out of the start/wait/attach sequence, then I always get the failure. This really points to a race where RUNNING is being reported before it is really fully started. It looks like the RUNNING state is set in start.c, so perhaps it is being set a bit too early where some asynchronous activity isn't really complete yet I'll continue to look in that area. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
I've been trying to capture a log of the failure when running lxc-attach and it seems to cause just enough delay to get by the race. Also, it does not always occur, but more time than not, the error happens leading more credence to this being a race. I've attached the config I use for the container. ** Attachment added: config https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+attachment/4393645/+files/config -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
I assume that bin/unity8-lxc-compositor is the script you are using. But how does it get run? Do I just install that package in a container to reproduce this? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
Actually, running sudo unity8-lxc-setup has a start/wait/attach sequence that is causing failures. Another way I try to reproduce after the whole container is setup is to create a little script with the following: lxc-start -n unity8-lxc lxc-wait -t 5 -s RUNNING -n unity8-lxc lxc-attach -n unity8-lxc -- uname -a Run that as sudo since it's privileged and I can sometimes get the apparmor error. Keep in mind that after the container starts for the first time, I have never been able to reproduce this issue unless I reboot. Just doing a lxc-stop is not enough. Also, if you still need some help, you can ping me on irc @ ChrisTownsend. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
Hi Serge, This does not happen when doing this by hand, only in a script. And I can't seem to reproduce on a container created using a template. So far, I've only been able to reproduce this when creating the container using the procedure in lp:unity8-preview-lxc. This is a project that was started by stgraber and taken over by me. Basically, it's a python script that creates a specialized config and uses an unpacked Ubuntu Desktop Next (Unity 8) ISO to start up the Unity 8 session inside the container. If you'd like to try it, you can add ppa:unity8-desktop-session-team/unity8-preview-lxc. I'll also attach the config and the output of the logs when this issue occurs. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting
Hi, could you please show a simple script (doing lxc-create lxc-start lxc-wait lxc-attach) that I could reproduce with? Just to be sure - you get this error running this by hand, right? If it happens at boot time, then you should make sure that the 'lxc' init job has completed before your job begins, since that is the one which will load the apparmor profiles. ** Changed in: lxc (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1452451 Title: failed to change apparmor profile to lxc-container-default-with- nesting Status in lxc package in Ubuntu: Incomplete Bug description: I develop and maintain the unity8-lxc package (lp:unity8-preview-lxc) which uses an unpacked Ubuntu Next Desktop ISO as a privileged rootfs. It uses the lxc-container-default-with-nesting apparmor profile since we'd like to support containers within this. When I try to do a lxc-start. lxc-wait(RUNNING), and lxc-attach for the first time in my setup script, I get the following error: lxc_container: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc- container-default-with-nesting I believe this is a race because if I introduce a sleep of say 0.5 seconds between the lxc-wait and lxc-attach, then it works. It also works for any subsequent lxc-start/lxc-wait/lxc-attach after this failure. Please let me know if I can provide more info. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.2-0ubuntu3 ProcVersionSignature: Ubuntu 3.19.0-16.16-generic 3.19.3 Uname: Linux 3.19.0-16-generic x86_64 ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 6 16:47:14 2015 InstallationDate: Installed on 2013-03-18 (779 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release amd64 (20121017.5) SourcePackage: lxc UpgradeStatus: Upgraded to vivid on 2014-10-20 (198 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
