*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
Unfortunately that previous commit isn't sufficient yet; I'm not sure
how it worked for me when I tested it, but bug 1350947 is in the way.
I'm making this a dupe and add an LXC task, that's easier.
**
Stéphane pointed out on IRC the other day that in (rw, slave) is too
lax, but that =(rw, slave) would be okay. I'll add that now, as this
is both really hard to discover, as well as leaves quite a lot of
garbage (mounts) behind on failures.
** Changed in: lxc (Ubuntu)
Status: Triaged = In
Created upstream pull request: https://github.com/lxc/lxc/pull/285
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1325468
Title:
[systemd] container startup fails with AppArmor
To
** Changed in: lxc (Ubuntu)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1325468
Title:
[systemd] container startup fails with AppArmor
To
After that fix I can start containers with lxc.aa_profile =
unconfined. With containers using the default profile I still get an
error on startup:
$ sudo lxc-start -n adt-utopic
[sudo] password for martin:
lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1;
continuing
That makes sense.
status: confirmed
importance: high
** Changed in: lxc (Ubuntu)
Importance: Undecided = High
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in
Oh, I missed the lxc-start: No such file or directory - failed to
change apparmor profile to lxc-container-default. I didn't run the
equivalents of /etc/init/lxc.conf. sudo /etc/init.d/apparmor reload
seems to have understood the new line (mount options in rw, slave,), but
when I manually run the
I just tried this, and it seems to work:
mount options in (rw, slave) - /,
man apparmor.d should be fixed for this, as the parentheses are not contained
in the EBNF. With that, and the two
/lib/init/apparmor-profile-load calls from /etc/init/lxc.conf I can now run all
containers.
**
The syntax allows for spaces or commas to separate items, because people
kept using them. However list of items must be inside of parenthesis.
mount options in (rw, slave),
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in
This particular issue can be fixed in /etc/apparmor.d/abstractions/lxc
/start-container by adding a line
mount options in rw, slave,
After sudo /etc/init.d/apparmor reload that Failed to make / rslave
error is now gone. It still fails with the next error (Input/output
error - error 5 creating
10 matches
Mail list logo
