[Lxc-users] current status of LXC in Ubuntu precise? (WAS: Problem mounting Host directory in guest)
Serge Hallyn
serge.hallyn at canonical.com
Tue May 8 05:28:42 UTC 2012
Quoting Fajar A. Nugraha (list at fajar.net):
> On Mon, Apr 23, 2012 at 11:02 PM, Serge Hallyn
> <serge.hallyn at canonical.com> wrote:
> > Quoting Xavier Garcia (xagaba at xnaove.com):
> >> 2012/4/20 Serge Hallyn <serge.hallyn at canonical.com>
>
> >> lxc.mount.entry=/tank/series /var/lib/lxc/p2p/rootfs/mnt/series none
> >> rw,bind 0 0
> >>
> >> Uncommenting aa_profile gives me an
> >> lxc-start: No such file or directory - failed to change apparmor profile to
> >> unconfined
> >> the container don't start
> >
> > Hi,
> >
> > there appears to be a real, new bug in the apparmor bit:
> > https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/987371
>
> Hi Serge,
>
> Quick confirmation: does this mean that currently the default ubuntu
> lxc combo (userland, kernel, apparmor, etc) in ubuntu precise is
> broken, but are being worked on/tested? The bug page still says fix
> committed, not released.
Right, we're waiting on the next kernel upload. I don't know when
that will happen.
> Also, a quick test on my setup (ubuntu precise amd64,
> linux-image-3.2.0-24-generic 3.2.0-24.37, lxc 0.7.5-3ubuntu53) shows
> freshly created container from templates (e.g. lxc-create -t ...,
> tested with sshd and ubuntu templates) will fail to start with the
> same error message that Xavier mentioned:
>
> lxc-start: No such file or directory - failed to change apparmor
> profile to lxc-container-default
I don't get that problem. Is your host a stock precise image?
> Uncommenting this line in the config file (which is commented-out by
> default) make it work again:
>
> lxc.aa_profile = unconfined
>
> I'm not sure if the root cause is the same, as this is fresh
> containers, without any modifications.
Can you add '-l DEBUG -o output' to the lxc-start arguments and
email me the results? I've made a few changes today to how the
apparmor stuff works (which won't make their way through the SRU
pipeline for a little over a week) but those *should* only affect
lxc-execute. On a stock precise image, I've had no trouble with
lxc-start on freshly created containers...
thanks,
-serge
More information about the lxc-users
mailing list