I'm getting this when starting lxd images on Zesty: lxc 20160212143429.678 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:220 - If you really want to start this container, set lxc 20160212143429.678 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:221 - lxc.aa_allow_incomplete = 1 lxc 20160212143429.678 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:222 - in your container configuration file lxc 20160212143429.679 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 5) lxc 20160212143429.679 ERROR lxc_start - start.c:__lxc_start:1346 - Failed to spawn container "nextcloud". lxc 20160212143430.314 ERROR lxc_conf - conf.c:run_buffer:405 - Script exited with status 1.
Perhaps it's related? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1296459 Title: Upgrade from 2.8.0-0ubuntu38 to 2.8.95~2430-0ubuntu2 breaks LXC containers Status in apparmor package in Ubuntu: Fix Released Bug description: I've been getting a few issues on a bunch of machines over the past few days, mostly unprivileged LXC containers reporting mount failures at boot time, leading to them failing miserably. The failures in question are: [ 1084.404894] type=1400 audit(1395617066.637:62): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=12858 comm="mount" fstype="tmpfs" srcname="none" flags="rw" [ 1084.405042] type=1400 audit(1395617066.637:63): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=12858 comm="mount" fstype="tmpfs" srcname="none" flags="ro" [ 1084.406013] type=1400 audit(1395617066.637:64): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/run/" pid=12859 comm="mount" fstype="tmpfs" srcname="none" flags="rw, nosuid, noexec" [ 1084.406127] type=1400 audit(1395617066.637:65): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/run/" pid=12859 comm="mount" fstype="tmpfs" srcname="none" flags="ro, nosuid, noexec" Those happen when running under our usual, unmodified lxc-container-default profile which includes container-based which contains: root@vorash:~# grep tmpfs /etc/apparmor.d/abstractions/lxc/container-base # allow tmpfs mounts everywhere mount fstype=tmpfs, Downgrading to 2.8.0-0ubuntu38 and reloading apparmor appears to resolve the issue, so this appears to be a parser bug rather than one of our usual kernel regressions... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1296459/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
