Control: reassign -1 lxc
Control: severity -1 important
Hi,
Pirate Praveen:
> In dmesg inside container (same error on the host as well), so it seems
> apparmor is blocking it.
> [14760.307180] audit: type=1400 audit(1549992481.311:156):
> apparmor="DENIED" operation="mount" info="failed flags
Processing control commands:
> reassign -1 lxc
Bug #921176 [apparmor] redis-server inside lxc is failing to start when
apparmor is enabled - apparmor="DENIED" operation="mount" info="failed flags
match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6706
comm="(s-server)" flags="rw
Hi Pirate,
> > Great stuff. What's the next step here? Cearly this should Just
> > Work but I'm not sure where the bug is right now. I suggest the
> > next part of this process is that you re-enable apparmor with
> > logging.
>
> Should we not involve apparmor maintainers? Reassign to apparmor an
Hi Pirate,
> > Great stuff. What's the next step here? Cearly this should Just
> > Work but I'm not sure where the bug is right now. I suggest the
> > next part of this process is that you re-enable apparmor with
> > logging.
>
> Should we not involve apparmor maintainers? Reassign to apparmor an
On Wed, Feb 13, 2019 at 2:16 PM, Chris Lamb wrote:
Hi Pirate,
> (ie. I don't think you can rule out apparmor either just yet.)
yes, culprit is apparmor only. After aa-teardown, I can start redis
service.
Great stuff. What's the next step here? Cearly this should Just
Work but I'm not
Hi Pirate,
> > (ie. I don't think you can rule out apparmor either just yet.)
>
> yes, culprit is apparmor only. After aa-teardown, I can start redis
> service.
Great stuff. What's the next step here? Cearly this should Just
Work but I'm not sure where the bug is right now. I suggest the
next p
On Tue, Feb 12, 2019 at 11:17 PM, Chris Lamb wrote:
Hi Pirate,
Initially I tried editing /lib/systemd/system/redis-server.service
and
later I edited /lib/systemd/system/redis-server\@.service as well
(edited both these files)
> b) Exactly how you are editing the shipped .service file
Hi Pirate,
> Initially I tried editing /lib/systemd/system/redis-server.service and
> later I edited /lib/systemd/system/redis-server\@.service as well
> (edited both these files)
>
> > b) Exactly how you are editing the shipped .service file.
>
> I tried adding changing true to false initial
On Tue, Feb 12, 2019 at 9:44 PM, Chris Lamb wrote:
Hi Pirate,
https://wiki.debian.org/Packaging/Pre-Requisites#LXC has networking
setup instructions.
Still no dice and I don't really have the bandwidth to learn
another container technology. :(
May be ask lxc team for help?
I trie
Hi Pirate,
> https://wiki.debian.org/Packaging/Pre-Requisites#LXC has networking
> setup instructions.
Still no dice and I don't really have the bandwidth to learn
another container technology. :(
> I tried removing all hardening features and it still won't start
Please provide:
a) The *exa
On Tue, Feb 12, 2019 at 6:09 PM, Chris Lamb wrote:
Hi Pirate,
> (However, I am not sure why I do not have working networking
inside
> my container so I cannot debug it better on my end.)
But loopback is enough for redis-server, right?
Yes, but I can't even install without network. :)
Hi Pirate,
> > (However, I am not sure why I do not have working networking inside
> > my container so I cannot debug it better on my end.)
>
> But loopback is enough for redis-server, right?
Yes, but I can't even install without network. :)
> I tried removing all hardening features and it stil
On ചൊ, ഫെബ്രു 5, 2019 at 11:14 വൈകു, Chris Lamb
wrote:
severity 921176 serious
thanks
Hi Pirate,
[Dropping severity as it only affects LXC right now]
It is working on the same host machine with stretch(-backports)
container (5:5.0.3-3~bpo9+2). So host machine seems fine.
Thanks for l
Hi,
> On the other hand, the first thing I would do if this was working
> would be to try removing more hardening features as previously
> discussed on this bug number until it (likely) worked. Could you
> try this please?
>
> Also, perhaps enable some deeper logging? Or check the actual
> redis-
severity 921176 serious
thanks
Hi Pirate,
[Dropping severity as it only affects LXC right now]
> It is working on the same host machine with stretch(-backports)
> container (5:5.0.3-3~bpo9+2). So host machine seems fine.
Thanks for looking into this and providing some LXC basics.
(However, I am
On Mon, 04 Feb 2019 15:30:20 +0500 Pirate Praveen
wrote:
>
>
> On തി, ഫെബ്രു 4, 2019 at 1:26 വൈകു, Pirate
> Praveen wrote:
> >
> >
> > On 2019, ഫെബ്രുവരി 4 1:20:11 PM IST, Chris Lamb
> > wrote:
> >> Hi,
> >>
> >>> redis-server service is failing to start in buster lxc container
> >>
> >
On തി, ഫെബ്രു 4, 2019 at 1:26 വൈകു, Pirate
Praveen wrote:
On 2019, ഫെബ്രുവരി 4 1:20:11 PM IST, Chris Lamb
wrote:
Hi,
redis-server service is failing to start in buster lxc container
Any update on this? :)
I'm traveling. hopefully tonight or tomorrow night I can try.
Adding Raju,
On 2019, ഫെബ്രുവരി 4 1:20:11 PM IST, Chris Lamb wrote:
>Hi,
>
>> redis-server service is failing to start in buster lxc container
>
>Any update on this? :)
I'm traveling. hopefully tonight or tomorrow night I can try.
Adding Raju, and Abhijith, who may be able to try this before.
>
>Regards,
Hi,
> redis-server service is failing to start in buster lxc container
Any update on this? :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
Processing commands for cont...@bugs.debian.org:
> tags 921176 + moreinfo
Bug #921176 [redis-server] redis-server service is failing to start in buster
lxc container
Added tag(s) moreinfo.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
921176: https://bugs.debia
tags 921176 + moreinfo
thanks
Hi Pirate,
> journalctl -xe shows this error. This used to work before. It is clean
> lxc install on a sid host.
I just tried to quickly reproduce this but my lxc-foo is lacking… :(
However, I suspect that we are using too aggressive a set of
security hardening fe
package: redis-server
version: 5:5.0.3-4
severity: grave
justification: unstable to start the service
journalctl -xe shows this error. This used to work before. It is clean
lxc install on a sid host.
sudo lxc-create -n buster -t debian -- -r buster
I was trying to install gitlab, but that fai
22 matches
Mail list logo
