[lxc-users] apparmor denied message, any problem ?
Yonsy Solis
yonsy.s.p at gmail.com
Tue Apr 21 13:42:57 UTC 2015
Hi
I setup unprivileged containers in my Ubuntu 14.04.2 servers.
lxc, cgmanager and lxcfs from lxc-git-stable PPA.
when i do
lxc-start -n web001
for example, the container get up, but in /var/log/syslog i get this
messages:
================
kernel: [77328.862031] lxcbr0: port 1(vethMY78E2) entered forwarding
state
kernel: [77329.219555] audit: type=1400 audit(1429623000.216:269):
apparmor="DENIED" operation="mount" info="failed type match" error=-13
profile="lxc-container-default" name="/sys/" pid=10752 comm="mount"
flags="rw, nosuid, nodev, noexec, remount"
dnsmasq-dhcp[1494]: DHCPDISCOVER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPOFFER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPREQUEST(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPACK(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28 base
kernel: [77329.483843] audit: type=1400 audit(1429623000.479:270):
apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/dnsmasq"
name="/var/lib/misc/dnsmasq.lxcbr0.leases" pid=1494 comm="dnsmasq"
requested_mask="w" denied_mask="w" fsuid=120 ouid=0
================
now with the first audit log (denied mount for a file type match) this
is a signal for any (future) problem in the container or is normal ?
Yonsy Solis
More information about the lxc-users
mailing list