Quoting Bas Zoetekouw (b...@debian.org): > I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is > still linux-image-4.5.0-040500rc4-generic and lxc is > 1.1.5-0ubuntu0.15.10.3 from wily-updates. > > Unfortunately, when I now start the lxc container, I seem to hit a > different bug. I get: > > lxc-start 1455870309.289 INFO lxc_conf - conf.c:setup_tty:1080 - 4 > tty(s) has been setup > lxc-start 1455870309.289 INFO lxc_conf - > conf.c:setup_personality:1473 - set personality to '0x0' > lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 - > drop capability 'mac_admin' (33) > lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 - > drop capability 'mac_override' (32) > lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 - > drop capability 'sys_time' (25) > lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 - > drop capability 'sys_module' (16) > lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2288 - > capabilities have been setup > lxc-start 1455870309.289 NOTICE lxc_conf - conf.c:lxc_setup:4026 - > 'aansluitform-deploy' is setup. > lxc-start 1455870309.289 WARN lxc_apparmor - > lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support > in your kernel > lxc-start 1455870309.289 ERROR lxc_apparmor - > lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start > this container, set
Right, that is what I was referring to in comment #18. If you use an upstream kernel then you need to update the container configuration, as mentioned in the next line of the error msg. You can add lxc.aa_allow_incomplete = 1 to your configuration to proceed. > lxc-start 1455870309.289 ERROR lxc_apparmor - > lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1 > lxc-start 1455870309.289 ERROR lxc_apparmor - > lsm/apparmor.c:apparmor_process_label_set:171 - in your container > configuration file > lxc-start 1455870309.289 ERROR lxc_sync - sync.c:__sync_wait:51 - > invalid sequence number 1. expected 4 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
