[lxc-users] apparmor denied message, any problem ?
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Apr 21 22:15:43 UTC 2015
Quoting Yonsy Solis (yonsy.s.p at gmail.com):
> Hi
>
> I setup unprivileged containers in my Ubuntu 14.04.2 servers.
>
> lxc, cgmanager and lxcfs from lxc-git-stable PPA.
>
> when i do
>
> lxc-start -n web001
>
> for example, the container get up, but in /var/log/syslog i get this
> messages:
>
> ================
> kernel: [77328.862031] lxcbr0: port 1(vethMY78E2) entered forwarding
> state
> kernel: [77329.219555] audit: type=1400 audit(1429623000.216:269):
> apparmor="DENIED" operation="mount" info="failed type match"
> error=-13 profile="lxc-container-default" name="/sys/" pid=10752
> comm="mount" flags="rw, nosuid, nodev, noexec, remount"
> dnsmasq-dhcp[1494]: DHCPDISCOVER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
> dnsmasq-dhcp[1494]: DHCPOFFER(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
> dnsmasq-dhcp[1494]: DHCPREQUEST(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28
> dnsmasq-dhcp[1494]: DHCPACK(lxcbr0) 10.0.3.173 00:16:3e:3b:32:28 base
> kernel: [77329.483843] audit: type=1400 audit(1429623000.479:270):
> apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/dnsmasq"
> name="/var/lib/misc/dnsmasq.lxcbr0.leases" pid=1494 comm="dnsmasq"
> requested_mask="w" denied_mask="w" fsuid=120 ouid=0
> ================
>
> now with the first audit log (denied mount for a file type match)
> this is a signal for any (future) problem in the container or is
> normal ?
Should be fine.
More information about the lxc-users
mailing list