[lxc-users] apparmor denied message, any problem ?

Yonsy Solis yonsy.s.p at gmail.com
Tue Apr 21 13:42:57 UTC 2015


Hi

I setup unprivileged containers in my Ubuntu 14.04.2 servers.

lxc, cgmanager and lxcfs from lxc-git-stable PPA.

when i do

lxc-start -n web001

for example, the container get up, but in /var/log/syslog i get this 
messages:

================
kernel: [77328.862031] lxcbr0: port 1(vethMY78E2) entered forwarding 
state
kernel: [77329.219555] audit: type=1400 audit(1429623000.216:269): 
apparmor="DENIED" operation="mount" info="failed type match" error=-13 
profile="lxc-container-default" name="/sys/" pid=10752 comm="mount" 
flags="rw, nosuid, nodev, noexec, remount"
dnsmasq-dhcp[1494]: DHCPDISCOVER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPOFFER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPREQUEST(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
dnsmasq-dhcp[1494]: DHCPACK(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28 base
kernel: [77329.483843] audit: type=1400 audit(1429623000.479:270): 
apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/dnsmasq" 
name="/var/lib/misc/dnsmasq.lxcbr0.leases" pid=1494 comm="dnsmasq" 
requested_mask="w" denied_mask="w" fsuid=120 ouid=0
================

now with the first audit log (denied mount for a file type match) this 
is a signal for any (future) problem in the container or is normal ?


Yonsy Solis



More information about the lxc-users mailing list