[lxc-devel] LXC 1.1 rc1 has been released

Stéphane Graber stgraber at ubuntu.com
Thu Jan 22 20:04:36 UTC 2015


That error suggests that you don't have the lxc-container-default
profile loaded into your local apparmor.

That may be because you didn't reload apparmor or because the profiles
aren't installed in the right location or because your apparmor doesn't
support all the features in our profile (in which case you need to
comment the offending lines, possibly doing that in your packaging).


It's true that 1.1 is slightly different in that regard since we added
more things to the profile and also made any error when loading the
profile fatal (so that you're not under the false impression that you
are protected).

On Thu, Jan 22, 2015 at 09:00:05PM +0100, Johannes Kastl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 21.01.2015 Stéphane Graber wrote:
> 
> > That means that from now on, we won't be taking new features and
> > will instead work on fixing any remaining rough edges with 1.1.
> 
> I just tested the packages from my repository on the openSUSE build
> service, and I can't start any container on my openSUSE Tumbleweed host:
> 
> > $ sudo lxc-start -n DEBIAN lxc-start: lxc_start.c: main: 345 The
> > container failed to start. lxc-start: lxc_start.c: main: 347 To get
> > more details, run the container in foreground mode. lxc-start:
> > lxc_start.c: main: 349 Additional information can be obtained by
> > setting the --logfile and --logpriority options.
> 
> Apparently this is an issue with apparmor:
> > lxc-start 1421956341.455 ERROR    lxc_apparmor -
> > lsm/apparmor.c:apparmor_process_label_set:171 - If you really want
> > to start this container, set lxc-start 1421956341.455 ERROR
> > lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:172 -
> > lxc.aa_allow_incomplete = 1 lxc-start 1421956341.455 ERROR
> > lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:173 - in
> > your container configuration file
> 
> Adding lxc.aa_allow_incomplete = 1 allows me to start the container.
> 
> How to solve this for the 1.1 release? I am not familiar with
> apparmor, and I have no idea where the error is. Apparmor profile? lxc?
> 
> Regards,
> Johannes
> 
> BTW: What happened to the nice output of lxc-ls --fancy? Is there any
> replacement for it? Apart from listing the directories I found no use
> for it anymore. The old one showed stuff about autostart, IPs, etc.
> 
> 
> - -- 
> The problem with the world is stupidity. Not saying there should be a
> capital punishment for stupidity, but why don't we just take the
> safety labels off of everything and let the problem solve itself?
> (Frank Zappa)
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
> 
> iEYEARECAAYFAlTBVsAACgkQzi3gQ/xETbLmzwCfQDiRqvyYxiTF5aW96+mBIm4E
> 3uAAn1DdijN5qOHq2PHhWl2FNYVCByPV
> =4mXJ
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150122/016d92b3/attachment.sig>


More information about the lxc-devel mailing list