[lxc-users] lxc 1.0.7 does not ship /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load on trusty
Ranjib Dey
dey.ranjib at gmail.com
Tue Sep 15 23:31:51 UTC 2015
when i realized that theres missing apparmor profile, i went straight to
github to checkout what loads those and also google search indicated a
similar issue[1] which mentioned this. from github i got the systemd
apparmor load script [2] which i then manually executed, to get my lxc
setup going. I am pasting `dpkg -L ` output below for exact contents of the
package:
----
/.
/usr
/usr/share
/usr/share/apport
/usr/share/apport/package-hooks
/usr/share/apport/package-hooks/source_lxc.py
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/lxc
/usr/share/lxc
/usr/share/lxc/hooks
/usr/share/lxc/hooks/clonehostname
/usr/share/lxc/hooks/ubuntu-cloud-prep
/usr/share/lxc/hooks/mountecryptfsroot
/usr/share/lxc/hooks/squid-deb-proxy-client
/usr/share/lxc/config
/usr/share/lxc/config/fedora.userns.conf
/usr/share/lxc/config/ubuntu-cloud.lucid.conf
/usr/share/lxc/config/ubuntu.common.conf
/usr/share/lxc/config/debian.common.conf
/usr/share/lxc/config/ubuntu.userns.conf
/usr/share/lxc/config/centos.userns.conf
/usr/share/lxc/config/fedora.common.conf
/usr/share/lxc/config/debian.userns.conf
/usr/share/lxc/config/common.seccomp
/usr/share/lxc/config/ubuntu.lucid.conf
/usr/share/lxc/config/gentoo.moresecure.conf
/usr/share/lxc/config/gentoo.userns.conf
/usr/share/lxc/config/centos.common.conf
/usr/share/lxc/config/plamo.common.conf
/usr/share/lxc/config/oracle.userns.conf
/usr/share/lxc/config/plamo.userns.conf
/usr/share/lxc/config/ubuntu-cloud.userns.conf
/usr/share/lxc/config/oracle.common.conf
/usr/share/lxc/config/ubuntu-cloud.common.conf
/usr/share/lxc/config/gentoo.common.conf
/usr/share/lxc/lxc.functions
/usr/share/lxc/selinux
/usr/share/lxc/selinux/lxc.te
/usr/share/lxc/selinux/lxc.if
/usr/share/doc
/usr/share/doc/lxc
/usr/share/doc/lxc/README.Debian
/usr/share/doc/lxc/examples
/usr/share/doc/lxc/examples/lxc-macvlan.conf
/usr/share/doc/lxc/examples/lxc-empty-netns.conf
/usr/share/doc/lxc/examples/seccomp-v2.conf
/usr/share/doc/lxc/examples/lxc-vlan.conf
/usr/share/doc/lxc/examples/lxc-complex.conf
/usr/share/doc/lxc/examples/seccomp-v1.conf
/usr/share/doc/lxc/examples/seccomp-v2-blacklist.conf
/usr/share/doc/lxc/examples/lxc-phys.conf
/usr/share/doc/lxc/examples/lxc-no-netns.conf
/usr/share/doc/lxc/examples/lxc-veth.conf
/usr/share/doc/lxc/copyright
/usr/share/doc/lxc/changelog.Debian.gz
/usr/share/man
/usr/share/man/man5
/usr/share/man/man5/lxc.container.conf.5.gz
/usr/share/man/man5/lxc-usernet.5.gz
/usr/share/man/man5/lxc.system.conf.5.gz
/usr/share/man/man5/lxc.conf.5.gz
/usr/share/man/man1
/usr/share/man/man1/lxc-unfreeze.1.gz
/usr/share/man/man1/lxc-user-nic.1.gz
/usr/share/man/man1/lxc-usernsexec.1.gz
/usr/share/man/man1/lxc-monitor.1.gz
/usr/share/man/man1/lxc-clone.1.gz
/usr/share/man/man1/lxc-autostart.1.gz
/usr/share/man/man1/lxc-top.1.gz
/usr/share/man/man1/lxc-config.1.gz
/usr/share/man/man1/lxc-ls.1.gz
/usr/share/man/man1/lxc-execute.1.gz
/usr/share/man/man1/lxc-wait.1.gz
/usr/share/man/man1/lxc-snapshot.1.gz
/usr/share/man/man1/lxc-destroy.1.gz
/usr/share/man/man1/lxc-device.1.gz
/usr/share/man/man1/lxc-console.1.gz
/usr/share/man/man1/lxc-start-ephemeral.1.gz
/usr/share/man/man1/lxc-attach.1.gz
/usr/share/man/man1/lxc-start.1.gz
/usr/share/man/man1/lxc-unshare.1.gz
/usr/share/man/man1/lxc-cgroup.1.gz
/usr/share/man/man1/lxc-freeze.1.gz
/usr/share/man/man1/lxc-info.1.gz
/usr/share/man/man1/lxc-stop.1.gz
/usr/share/man/man1/lxc-checkconfig.1.gz
/usr/share/man/man1/lxc-create.1.gz
/usr/share/man/ja
/usr/share/man/ja/man5
/usr/share/man/ja/man5/lxc.container.conf.5.gz
/usr/share/man/ja/man5/lxc-usernet.5.gz
/usr/share/man/ja/man5/lxc.system.conf.5.gz
/usr/share/man/ja/man5/lxc.conf.5.gz
/usr/share/man/ja/man1
/usr/share/man/ja/man1/lxc-unfreeze.1.gz
/usr/share/man/ja/man1/lxc-user-nic.1.gz
/usr/share/man/ja/man1/lxc-usernsexec.1.gz
/usr/share/man/ja/man1/lxc-monitor.1.gz
/usr/share/man/ja/man1/lxc-clone.1.gz
/usr/share/man/ja/man1/lxc-autostart.1.gz
/usr/share/man/ja/man1/lxc-top.1.gz
/usr/share/man/ja/man1/lxc-config.1.gz
/usr/share/man/ja/man1/lxc-ls.1.gz
/usr/share/man/ja/man1/lxc-execute.1.gz
/usr/share/man/ja/man1/lxc-wait.1.gz
/usr/share/man/ja/man1/lxc-snapshot.1.gz
/usr/share/man/ja/man1/lxc-destroy.1.gz
/usr/share/man/ja/man1/lxc-device.1.gz
/usr/share/man/ja/man1/lxc-console.1.gz
/usr/share/man/ja/man1/lxc-start-ephemeral.1.gz
/usr/share/man/ja/man1/lxc-attach.1.gz
/usr/share/man/ja/man1/lxc-start.1.gz
/usr/share/man/ja/man1/lxc-unshare.1.gz
/usr/share/man/ja/man1/lxc-cgroup.1.gz
/usr/share/man/ja/man1/lxc-freeze.1.gz
/usr/share/man/ja/man1/lxc-info.1.gz
/usr/share/man/ja/man1/lxc-stop.1.gz
/usr/share/man/ja/man1/lxc-checkconfig.1.gz
/usr/share/man/ja/man1/lxc-create.1.gz
/usr/share/man/ja/man7
/usr/share/man/ja/man7/lxc.7.gz
/usr/share/man/man7
/usr/share/man/man7/lxc.7.gz
/usr/bin
/usr/bin/lxc-cgroup
/usr/bin/lxc-clone
/usr/bin/lxc-stop
/usr/bin/lxc-usernsexec
/usr/bin/lxc-start-ephemeral
/usr/bin/lxc-snapshot
/usr/bin/lxc-attach
/usr/bin/lxc-destroy
/usr/bin/lxc-unshare
/usr/bin/lxc-create
/usr/bin/lxc-execute
/usr/bin/lxc-info
/usr/bin/lxc-ls
/usr/bin/lxc-config
/usr/bin/lxc-wait
/usr/bin/lxc-unfreeze
/usr/bin/lxc-autostart
/usr/bin/lxc-checkconfig
/usr/bin/lxc-device
/usr/bin/lxc-monitor
/usr/bin/lxc-start
/usr/bin/lxc-freeze
/usr/bin/lxc-console
/usr/lib
/usr/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu/lxc
/usr/lib/x86_64-linux-gnu/lxc/lxc-monitord
/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
/usr/sbin
/usr/sbin/init.lxc
/etc
/etc/lxc
/etc/lxc/default.conf
/etc/bash_completion.d
/etc/bash_completion.d/lxc
/etc/dnsmasq.d-available
/etc/dnsmasq.d-available/lxc
/etc/apparmor.d
/etc/apparmor.d/abstractions
/etc/apparmor.d/abstractions/lxc
/etc/apparmor.d/abstractions/lxc/container-base
/etc/apparmor.d/abstractions/lxc/start-container
/etc/apparmor.d/lxc-containers
/etc/apparmor.d/lxc
/etc/apparmor.d/lxc/lxc-default-with-nesting
/etc/apparmor.d/lxc/lxc-default-with-mounting
/etc/apparmor.d/lxc/lxc-default
/etc/apparmor.d/usr.bin.lxc-start
/etc/default
/etc/default/lxc
/etc/init
/etc/init/lxc.conf
/etc/init/lxc-instance.conf
/etc/init/lxc-net.conf
/var
/var/lib
/var/lib/lxc
/var/log
/var/log/lxc
/var/cache
/var/cache/lxc
----
[1]https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1432683
[2]
https://github.com/lxc/lxc/blob/2d8632d5b75ce1e4b24f5714b9ec817a845881cf/config/init/systemd/lxc-apparmor-load
On Tue, Sep 15, 2015 at 3:24 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:
> Ok I've got a vm running 1.0.7+stable~20150828-2252-0ubuntu1~trusty
>
> It doesn't have /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load. But
> /etc/init/lxc.conf calls /lib/apparmor/profile-load. Which... also
> doesn't exist.
>
> Oddly, profiles are still being loaded. I guess the
> /etc/apparmor.d/lxc-containers
> file ensures that anything under /etc/apparmor.d/lxc/ gets loaded at
> boot. But 'stop lxc; start lxc' doesn't cause those to get loaded.
>
> So Stéphane there does appear to be a bug in the packaging for that ppa
> version. It should be shipping lxc-apparmor-load. I dunno where the
> packaging
> for stable ppas gets stored...
>
> Ranjib, you mention the newer script
> /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load,
> did you mention that one becuase newer upstream ships it, or does it
> actually appear to be getting called somewhere in the ppa version?
>
> -serge
>
> Quoting Ranjib Dey (dey.ranjib at gmail.com):
> > lxc-git-stable-1.0 ppa, i had installed it after lxc stopped working due
> to
> > sysfs mounting failure, after you sent out the email to test before 1.07
> > in this list
> >
> > On Tue, Sep 15, 2015 at 10:44 AM, Serge Hallyn <serge.hallyn at ubuntu.com>
> > wrote:
> >
> > > Quoting Ranjib Dey (dey.ranjib at gmail.com):
> > > > im seeing some failures of lxc-start due to missing apparmor
> profiles.
> > > lxc
> > > > package does not ship
> /usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load,
> > > > which in turn responsible for the missing apparmor profiles
> (validated
> > > by
> > > > the lxc-start log and aa-status)
> > > >
> > > > lxc-version: 1.0.7+stable~20150828-2252-0ubuntu
> > >
> > > Sorry - where did this package version come from?
> > >
> > > The helper was introduced by commit
> > > 2b24e2ff84c03a1e049449127958df8dc16a74fd so
> > > you can grab it yourself from git if you need.
> > >
> > > > distro: ubuntu - trusty
> > > > kernel: 3.19.0-28
> > > >
> > > > i had to upgrade the kernel to vivid lts for sysfs related bug
> > > >
> > > > regards
> > > > ranjib
> > >
> > > > _______________________________________________
> > > > lxc-users mailing list
> > > > lxc-users at lists.linuxcontainers.org
> > > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150915/f11acd3f/attachment-0001.html>
More information about the lxc-users
mailing list