[lxc-users] lxc.aa_allow_incomplete in vivid containers
Fajar A. Nugraha
list at fajar.net
Fri May 8 05:49:37 UTC 2015
On Fri, May 8, 2015 at 12:32 PM, Mark Constable <markc at renta.net> wrote:
> I thought I'd try going back to normal privileged containers which will at
> least (or did pre-systemd) autostart.
Unprivileged (i.e. container root uid is non 0) can also autostart if
it is owned by root (i.e. located on /var/lib/lxc)
> The only change from defaults is my
> own br0 to put the containers on my local network...
>
> ~ grep br0 /etc/lxc/*
> /etc/lxc/default.conf:lxc.network.link = br0
>
> And on 15.04 I've done a simple...
>
> ~ add-apt-repository ppa:ubuntu-lxc/daily
> ~ lxc-create -t ubuntu -n test
> ~ lxc-start -F -n test
>
> lxc-start: lsm/apparmor.c: apparmor_process_label_set: 169 If you really
> want to start this container, set
> lxc-start: lsm/apparmor.c: apparmor_process_label_set: 170
> lxc.aa_allow_incomplete = 1
> lxc-start: lsm/apparmor.c: apparmor_process_label_set: 171 in your container
> configuration file
> lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4
> lxc-start: start.c: __lxc_start: 1178 failed to spawn 'test'
> lxc-start: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_remove_sync
> failed: invalid request
> lxc-start: cgmanager.c: cgm_remove_cgroup: 525 Error removing all:lxc/test-2
> lxc-start: lxc_start.c: main: 344 The container failed to start.
> lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
> setting the --logfile and --logpriority options.
>
>
> Do I really have to add "lxc.aa_allow_incomplete = 1" to
> /var/lib/lxc/test/config?
Works for me with vivid and lxc 1.1.2+master~20150505-1
What does aa-status show?
--
Fajar
More information about the lxc-users
mailing list