[Lxc-users] lxc, CIFS mounts, MySQL SSL and apparmor

TuxRaiderPen tuxraiderpen at wpascanner.com
Fri Sep 7 20:15:47 UTC 2012


On Thursday, September 06, 2012 09:25:54 you wrote:
> > [ 2828.314451] type=1400 audit(1346445533.683:25): apparmor="DENIED"
> > operation="mount" info="failed type match" error=-13 parent=5073
> > profile="lxc- container-default" name="/mnt/wxdata/" pid=5074
> > comm="mount.cifs" fstype="cifs" srcname="//192.168.0.10/Share"
> > flags="rw"
> 
> I haven't tried this, but it sure looks like this should be fixed with your
> rule.
> 
> > Short of turning apparmor off, which is my next step...
> 
> Well it's certainly worth trying turning apparmor off (just with
> lxc.aa_profile = unconfined) to make sure it's the problem.  The
> network filesystems are still persnickity in containers, and I'm
> not even sure cifs will work at all.
> 
> > Any apparmor guru's know how to remove this block ? ? ?

lxc.aa_profile=unconfined

in the container profile, does allow the CIFS/Samba mount to work....

stoping and starting the container DOES NOT allow the mount to work with the 
rule change I made.

Any ideas on changes to the rules for apparmor  ?

And still *no joy* on the MySQL SSL front, still "DISABLED" which means that 
something esle is not enabled or blocking it, as "NO" would mean MySQL didn't 
support SSL. So it appears apparmor is not the culprit here as its disabled.





More information about the lxc-users mailing list