Package: lxc
Version: 1:2.0.9-6
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
Over the year, if I enable apparmor for lxc (lxc.aa_profile =
lxc-container-default),
I see a lot of "apparmor denied" messages like below,
But the lxc itself is can running and functional without a problem,
Why apparmor always complain lxc? (is this normal)?
apparmor="DENIED" operation="mount" info="failed type match" error=-13
profile="lxc-container-default" name="/sys/fs/pstore/" pid=2676 comm="mount"
fstype="pstore" srcname="pstore"
apparmor="DENIED" operation="mount" info="failed type match" error=-13
profile="lxc-container-default" name="/sys/fs/pstore/" pid=2676 comm="mount"
fstype="pstore" srcname="pstore" flags="ro"
apparmor="DENIED" operation="mount" info="failed flags match" error=-13
profile="lxc-container-default" name="/" pid=2763 comm="mount" flags="rw,
remount"
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lxc depends on:
ii libapparmor1 2.12-4
ii libc6 2.27-3
ii libcap2 1:2.25-1.2
ii libgnutls30 3.5.18-1
ii liblxc1 1:2.0.9-6
ii libseccomp2 2.3.3-1
ii libselinux1 2.7-2+b2
ii lsb-base 9.20170808
ii python3 3.6.5-3
ii python3-lxc 1:2.0.9-6
Versions of packages lxc recommends:
ii bridge-utils 1.5-16
pn debootstrap <none>
ii dirmngr 2.2.5-1
pn dnsmasq-base <none>
ii gnupg 2.2.5-1
ii iptables 1.6.2-1
pn libpam-cgfs <none>
pn lxcfs <none>
ii openssl 1.1.0h-2
ii rsync 3.1.2-2.1
pn uidmap <none>
Versions of packages lxc suggests:
ii apparmor 2.12-4
ii btrfs-progs 4.15.1-2
pn lvm2 <none>
-- Configuration Files:
/etc/apparmor.d/abstractions/lxc/container-base [Errno 13] Permission denied:
'/etc/apparmor.d/abstractions/lxc/container-base'
/etc/apparmor.d/abstractions/lxc/start-container [Errno 13] Permission denied:
'/etc/apparmor.d/abstractions/lxc/start-container'
/etc/apparmor.d/lxc-containers [Errno 13] Permission denied:
'/etc/apparmor.d/lxc-containers'
/etc/apparmor.d/lxc/lxc-default [Errno 13] Permission denied:
'/etc/apparmor.d/lxc/lxc-default'
/etc/apparmor.d/lxc/lxc-default-cgns [Errno 13] Permission denied:
'/etc/apparmor.d/lxc/lxc-default-cgns'
/etc/apparmor.d/lxc/lxc-default-with-mounting [Errno 13] Permission denied:
'/etc/apparmor.d/lxc/lxc-default-with-mounting'
/etc/apparmor.d/lxc/lxc-default-with-nesting [Errno 13] Permission denied:
'/etc/apparmor.d/lxc/lxc-default-with-nesting'
/etc/apparmor.d/usr.bin.lxc-start [Errno 13] Permission denied:
'/etc/apparmor.d/usr.bin.lxc-start'
-- no debconf information
