I encountered this problem too on Ubuntu 15.04 running 3.19.0-39 kernel. Fixed it by turned off apparmor profile for LXC container by adding "lxc.aa_profile = unconfined" into container's config. In my case increased security risk is acceptable, but it's desirable to fix it the right way. Is there any information in what kernel version it will be fixed and when this updates will be available in standartd ubuntu repositories?
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1446906 Title: lxc container with postfix, permission denied on mailq Status in lxc package in Ubuntu: Confirmed Bug description: Hello, on three Vivid host, all of them up-to-date, I have the problem described here: https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223 That bug report shows the problem was fixed, but it is not (at least on current Vivid) ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor Reproducible with: $ sudo lxc-create -n test -t ubuntu $ sudo lxc-start -n test (inside container) $ sudo apt-get install postfix $ mailq postqueue: warning: close: Permission denied dmesg shows: [82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 --- ApportVersion: 2.17.2-0ubuntu1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: zoolook 1913 F.... pulseaudio CurrentDesktop: Unity DistroRelease: Ubuntu 15.04 HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6 InstallationDate: Installed on 2015-02-27 (53 days ago) InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) MachineType: LENOVO 20150 Package: linux (not installed) ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3 RelatedPackageVersions: linux-restricted-modules-3.19.0-15-generic N/A linux-backports-modules-3.19.0-15-generic N/A linux-firmware 1.143 Tags: vivid Uname: Linux 3.19.0-15-generic x86_64 UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago) UserGroups: adm docker libvirtd lpadmin sambashare sudo _MarkForUpload: True dmi.bios.date: 12/19/2012 dmi.bios.vendor: LENOVO dmi.bios.version: 5ECN95WW(V9.00) dmi.board.asset.tag: No Asset Tag dmi.board.name: INVALID dmi.board.vendor: LENOVO dmi.board.version: 31900004WIN8 STD SGL dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Lenovo G580 dmi.modalias: dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580: dmi.product.name: 20150 dmi.product.version: Lenovo G580 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1446906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp