[lxc-users] apparmor dhclient denied, no network, something wrong with 2.12?

Spike spike at drba.org
Sun Mar 26 22:18:31 UTC 2017


so more info. I actually tried to wipe everything and install from the lts
ppa, but got the same behavior, so it's not 2.12 (the lts ppa has 2.0.9).
The other thing worth nothing is that static assignment works, so this
doesn't seem a problem with the bridge (fwiw there are 4 eth bonded and the
bridge is on the bond):

+--------+----------+---------+---------+
|  NAME  |   TYPE   | MANAGED | USED BY |
+--------+----------+---------+---------+
| bond0  | bond     | NO      | 0       |
+--------+----------+---------+---------+
| eth0   | physical | NO      | 0       |
+--------+----------+---------+---------+
| eth1   | physical | NO      | 0       |
+--------+----------+---------+---------+
| eth2   | physical | NO      | 0       |
+--------+----------+---------+---------+
| eth3   | physical | NO      | 0       |
+--------+----------+---------+---------+
| lxdbr0 | bridge   | NO     | 1       |
+--------+----------+---------+---------+

## the container:
architecture: x86_64
config:
  volatile.base_image:
2cab90c0c342346ea154bc2e8cacdae752a70747a755ce1f2970c9a9ebb5fe8c
  volatile.eth0.hwaddr: 00:16:3e:bb:05:c5
  volatile.idmap.base: "0"
  volatile.idmap.next:
'[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap:
'[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
devices:
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default

the image is a fresh download of xenial from the ubuntu mirror.

again static assignments works, the problem is exclusively with dhcp.

thank you for any input,

Spike

On Sun, Mar 26, 2017 at 1:54 PM Spike <spike at drba.org> wrote:

Hi,

can't seem to get dhcp to work anymore on containers and I don't get why. I
have 3 servers, all 3 set up the same way (from ansible). on the third
which I just rebuilt lxc gets no network. Instead on the host's logs I get
this:

audit: type=1400 audit(1490560798.485:349): apparmor="DENIED"
operation="file_perm" namespace="root//lxd-log_<var-lib-lxd>"
profile="/sbin/dhclient" name="/apparmor/.null" pid=8928 comm="dhclient"
requested_mask="w" denied_mask="w" fsuid=100000 ouid=0

lxc config set my-container raw.lxc lxc.aa_profile=unconfined did not help.
It seems related to this bug, but not sure:

https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1654624

the only difference I can see between the host that doesn't work and the
one that does is the version of LXD, 2.12 on the host that doesn't work and
2.11 on the others (installed from ppa on ubuntu xenial).

any thoughts?

thanks,

Spike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170326/99277483/attachment.html>


More information about the lxc-users mailing list