<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Sep 14, 2016 at 12:03 AM, Andrey Repin <span dir="ltr"><<a href="mailto:anrdaemon@yandex.ru" target="_blank">anrdaemon@yandex.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="gmail-h5">>> [ 5408.633325] type=1400 audit(1471009220.304:57): apparmor="DENIED"<br>
>> operation="mount" info="failed flags match" error=-13<br>
>> profile="lxc-container-<wbr>default" name="/" pid=12887 comm="mount" flags="ro, remount"<br>
<br></div></div></blockquote><div><br></div><div>Is it working fine?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Anyone? Halp?<br>
<span class="gmail-"><br></span></blockquote><div><br></div><div>If the container works, ignore the messages.</div><div><br></div><div>The apparmor profile in lxc/lxd will deny most mount commands from inside the container. Which is fine, since the host is supposed to setup all necessary mounts anyway. Most distros that run inside the container (at least I tested with ubuntu and centos) can correctly detect whether the error can be safely ignored, so there should be no harm other than the (in your case) unwanted logs.</div><div><br></div><div>Some types of mount (e.g. fuse) can be made to work inside the container (IIRC this is the default in lxd 2.0.4).</div><div>More types of mounts can be made available by setting security.nesting (lxd) or lxc.aa_profile (lxc)</div><div><br></div><div>-- </div><div>Fajar</div></div></div></div>