[lxc-users] LXD on Ubuntu 15.10 armhf

Matthew Geddes musicalcarrion at gmail.com
Wed Apr 27 03:41:30 UTC 2016


Hi,

Thanks for the reply. Sorry I missed it -- I'm still in the process of
subscribing to the list and caught the reply in the archives.

I'm not seeing a lot in syslog when I attempt to start the container. I do
see messages indicating that apparmor is disabled. Checking the kernel
config, I've got seccomp and no SELinux, AppArmor or friends. The security
framework is the discretionary access control module:

odroid at minion3:~$ zcat /proc/config.gz |egrep _SECURITY\|SECOMP
CONFIG_EXT4_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""

Looking at the LXC/LXD log output when starting the container, I see some
seccomp-related stuff that appears to succeed and some that doesn't, but
none of it looks fatal to my eye.

I've attached a (gzipped plaintext) copy of the log output here in case it
has anything of any consequence.

I can start a container using lxc-create and the busybox template and
specify '--define lxc.cap.drop=mac_admin' and still get a shell. I didn't
strace it to see if it actually succeeded.

Thanks again for your help so far.

Cheers
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160426/1d0b3df0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: start-lxc.gz
Type: application/x-gzip
Size: 6591 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160426/1d0b3df0/attachment-0001.bin>


More information about the lxc-users mailing list