[lxc-users] AppArmor syslog alert explanation, please?

Christian Brauner christian at brauner.io
Sat Mar 9 19:26:14 UTC 2019


On Sat, Mar 09, 2019 at 10:16:40PM +0300, Andrey wrote:
> Greetings, All.
> 
> Saturday, March 9, 2019, 22:11:32 you wrote:
> 
> AR> Greetings, All!
> 
> AR> Mar  9 22:09:01 ih152926 kernel: [2612590.101781] audit:
> AR> type=1400 audit(1552158541.103:2286):
> AR> apparmor="DENIED" operation="mount" info="failed flags match"
> AR> error=-13 profile="lxc-container-default-cgns" name="/"
> AR> pid=16203 comm="(ionclean)" flags="rw, rslave"

Well this is some app trying to recursively remount your root directory
as rw and rslave. Apart from that not working correctly because of how
the kernel works this is also pretty dangerous if not run in a separate
mount namespace. :)

Christian

> 
> AR> This message appears on the host somewhat frequently.
> AR> Any way to know which container does it and what it is actually trying to do?
> 
> Ah, it seems to be the famous "Failed to reset devices.list on ..."
> Nevermind, please.
> 
> 
> -- 
> Sincerely,
> Andrey
> Saturday, March 9, 2019 22:15:27
> 
> Sorry for my terrible english...

Random sidenote: your English is perfectly fine. :D


More information about the lxc-users mailing list