[lxc-users] AppArmor denies connect operation inside container
Joshua Schaeffer
jschaeffer at harmonywave.com
Mon Jul 6 19:40:25 UTC 2020
Looking for some help with getting slapd to be able to connect to saslauthd inside an LXD container. Whenever slapd needs to connect to the socket I see the following error message in the host's kernel log:
Jul 6 13:27:17 host kernel: [923413.078592] audit: type=1400 audit(1594063637.667:51106): *apparmor="DENIED" operation="connect"* namespace="root//lxd-container1_<var-lib-lxd>" *profile="/usr/sbin/slapd" name="/run/saslauthd/mux"* pid=58517 comm="slapd" *requested_mask="wr"* denied_mask="wr" fsuid=10000111 ouid=10000000
I've added the following to the container config and restarted the container, but I'm still seeing the same problem:
lxcuser at host:~$ lxc config get container1 raw.apparmor
/run/saslauthd/mux wr,
I'm not super familiar with AppArmor and going through the docs now, but thought I'd ask to see if anybody can point me in the right direction.
lxcuser at host:~$ lxd --version
3.0.3
lxcuser at host:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
--
Thanks,
Joshua Schaeffer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200706/ee7e1f24/attachment.htm>
More information about the lxc-users
mailing list