[lxc-users] securityfs mount denied by apparmor
Tamas Papp
tompos at martos.bme.hu
Sat Oct 18 12:57:35 UTC 2014
hi,
It's on daily ppa.
I have tried with a container created with v1.0.6 and daily too.
apparmor="DENIED" operation="mount" info="failed type match" error=-13
profile="/usr/bin/lxc-start" name="/sys/kernel/security/" pid=30225
comm="lxc-start" fstype="securityfs" srcname="securityfs" flags="rw"
end of lxc-start -l DEBUG:
lxc-start 1413636324.068 NOTICE lxc_conf -
conf.c:lxc_setup:4173 - 'trinity' is setup.
lxc-start 1413636324.069 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.deny' set to 'a'
lxc-start 1413636324.070 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c *:* m'
lxc-start 1413636324.070 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'b *:* m'
lxc-start 1413636324.070 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 1:3
rwm'
lxc-start 1413636324.071 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 1:5
rwm'
lxc-start 1413636324.071 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 1:7
rwm'
lxc-start 1413636324.071 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 5:0
rwm'
lxc-start 1413636324.071 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 5:1
rwm'
lxc-start 1413636324.072 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 5:2
rwm'
lxc-start 1413636324.072 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 1:8
rwm'
lxc-start 1413636324.072 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c 1:9
rwm'
lxc-start 1413636324.073 DEBUG lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1246 - cgroup 'devices.allow' set to 'c
136:* rwm'
lxc-start 1413636324.073 INFO lxc_cgmanager -
cgmanager.c:cgm_setup_limits:1250 - cgroup limits have been setup
lxc-start 1413636324.073 ERROR lxc_apparmor -
lsm/apparmor.c:mount_feature_enabled:61 - Permission denied - Error
mounting securityfs
lxc-start 1413636324.073 WARN lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:184 - Incomplete AppArmor
support in your kernel
lxc-start 1413636324.073 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:186 - If you really want to
start this container, set
lxc-start 1413636324.073 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:187 - lxc.aa_allow_incomplete = 1
lxc-start 1413636324.073 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:188 - in your container
configuration file
lxc-start 1413636324.073 ERROR lxc_sync -
sync.c:__sync_wait:51 - invalid sequence number 1. expected 4
lxc-start 1413636324.073 ERROR lxc_start -
start.c:__lxc_start:1087 - failed to spawn 'trinity'
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing
name=systemd:lxc/trinity-5
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing hugetlb:lxc/trinity-5
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.074 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing perf_event:lxc/trinity-5
lxc-start 1413636324.075 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.075 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing blkio:lxc/trinity-5
lxc-start 1413636324.075 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.075 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing freezer:lxc/trinity-5
lxc-start 1413636324.075 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing devices:lxc/trinity-5
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing memory:lxc/trinity-5
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing cpuacct:lxc/trinity-5
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.076 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing cpu:lxc/trinity-5
lxc-start 1413636324.077 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:503 - call to cgmanager_remove_sync
failed: invalid request
lxc-start 1413636324.077 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:505 - Error removing cpuset:lxc/trinity-5
lxc-start 1413636324.096 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive
response
lxc-start 1413636324.096 WARN lxc_cgmanager -
cgmanager.c:cgm_get:955 - do_cgm_get exited with error
lxc-start 1413636329.101 ERROR lxc_start_ui -
lxc_start.c:main:341 - The container failed to start.
lxc-start 1413636329.102 ERROR lxc_start_ui -
lxc_start.c:main:343 - To get more details, run the container in
foreground mode.
lxc-start 1413636329.102 ERROR lxc_start_ui -
lxc_start.c:main:345 - Additional information can be obtained by setting
the --logfile and --logpriority options.
Do I make something wrong?
Thanks,
tamas
More information about the lxc-users
mailing list