[lxc-users] pre-mount hook namespace
Wolfgang Bumiller
w.bumiller at proxmox.com
Mon Nov 16 13:45:35 UTC 2015
> On November 16, 2015 at 12:33 PM Dietmar Maurer <dietmar at proxmox.com> wrote:
> > On November 16, 2015 at 11:48 AM Wolfgang Bumiller <w.bumiller at proxmox.com>
> > wrote:
> > > On November 11, 2015 at 6:04 PM Serge Hallyn <serge.hallyn at ubuntu.com>
> > > wrote:
> > > Oh, right. I forget that even when starting as root, this only works
> > > for the rootfs itself, not other mounts. (Lxd actually does handle this,
> > > but at the cost of having a MS_SLAVE mount per container)
> >
> > So we ended up doing just that, but now with the latest lxcfs
> > upgrades (I suspect cgmanager/cgfs changes) AppArmor suddenly
> > denies lxc-start to bind mount something. Here's what happens
> > with raw lxc-start commands
>
> Seems to be related to lxc update. lxc 1.1.4 works with latest lxcfs.
> so the problem is introduced between lxc 1.1.4 and lxc 1.1.5
Ah actually it seems it's the change from --enable-cgmanager to
--disable-cgmanager we made between those versions.
(read: --enable-cgmanager works with 1.1.4 and 1.1.5, --disable
with neither).
Still don't know how that connects to AppArmor, though.
More information about the lxc-users
mailing list