Package: lxc Version: 1:4.0.2-1~1 Severity: normal Dear Maintainer,
Thank you very much for packaging LXC 4.0.2. I created guest Linux with lxc-create -B btrfs -t download -- -d debian -r buster -a amd64 I was able to use LXC 4.0.2 with * priviledged container started by root * unprivileged container started by root. on Debian Bullseye host in pure CGroupV2 (systemd.unified_cgroup_hierarchy=1). But when a non-root user runs "lxc-execute" or "lxc-start", I get an AppArmor error as below. Script started on 2020-04-19 15:36:36+09:00 [TERM="linux" TTY="/dev/tty2" COLUMNS="128" LINES="48"] ryutaroh@bullseye-qemu:~$ systemd-run --user --scope -p "Delegate=yes" lxc-execute -n buster-unpriv -- /bin/bash Running scope as unit: run-ra950d6a0aaf94fd28f2153e0958e4293.scope lxc-execute: buster-unpriv: lsm/apparmor.c: make_apparmor_namespace: 845 Permission denied - Error creating AppArmor namespace: /sys/kernel/security/apparmor/policy/namespaces/lxc-buster-unpriv_<-home-ryutaroh-.local-share-lxc> lxc-execute: buster-unpriv: lsm/apparmor.c: apparmor_prepare: 1064 Failed to load generated AppArmor profile lxc-execute: buster-unpriv: start.c: lxc_init: 845 Failed to initialize LSM lxc-execute: buster-unpriv: start.c: __lxc_start: 1898 Failed to initialize container "buster-unpriv" lxc-execute: buster-unpriv: tools/lxc_execute.c: main: 226 Failed run an application inside container ryutaroh@bullseye-qemu:~$ exit exit Script done on 2020-04-19 15:37:39+09:00 [COMMAND_EXIT_CODE="1"] The above error can be worked around by adding lxc.apparmor.profile = unconfined to the config file of a container. I suspect that this is the same as the upstream issue reported at https://github.com/lxc/lxc/issues/3371 but I am unsure. So I do not attach the upstream tag. I do not think this is related to pure CGroupV2. Best regards, Ryutaroh Matsumoto -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lxc depends on: ii debconf [debconf-2.0] 1.5.73 ii libc6 2.30-4 ii libgcc-s1 10-20200411-1 ii liblxc1 1:4.0.2-1~1 ii lsb-base 11.1.0 Versions of packages lxc recommends: ii apparmor 2.13.4-1+b1 ii bridge-utils 1.6-2 pn debootstrap <none> ii dirmngr 2.2.20-1 ii dnsmasq-base [dnsmasq-base] 2.80-1.1 ii gnupg 2.2.20-1 ii iproute2 5.5.0-1 ii iptables 1.8.4-3 pn libpam-cgfs <none> pn lxc-templates <none> pn lxcfs <none> ii openssl 1.1.1f-1 pn rsync <none> ii uidmap 1:4.8.1-1 Versions of packages lxc suggests: ii btrfs-progs 5.6-1 pn lvm2 <none> pn python3-lxc <none> -- debconf information: lxc/auto_update_config:
