After that fix I can start containers with "lxc.aa_profile = unconfined". With containers using the default profile I still get an error on startup:
$ sudo lxc-start -n adt-utopic [sudo] password for martin: lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default lxc-start: invalid sequence number 1. expected 4 lxc-start: failed to spawn 'adt-utopic' lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/hugetlb/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls,net_prio/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/lxc/adt-utopic lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/lxc/adt-utopic There are no AppArmor denials (or other error messages) in dmesg. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1325468 Title: [systemd] container startup fails with AppArmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1325468/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
