apparmor

  1. [SOLVED] Privileged LXC container can't get IP (AppArmor)

    Oct 11 11:10:29 pve-lap systemd[1]: Started PVE LXC Container: 118. Oct 11 11:10:29 pve-lap pvedaemon[20472]: <root@pam> end task UPID:pve-lap:00000877:10AC5DF9:5DA04703:vzstart:118:root@pam: OK Oct 11 11:10:30 pve-lap audit[2417]: AVC apparmor="DENIED" operation="mount" info="failed flags...
  2. [SOLVED] snapd lxc - container ubuntu 18.04 problems Error message

    Hello everyone, I have a ubuntu lxc - container with ubuntu 18.04 and installed snapd, but with problems. In my lxc config I have the following lines added: features: nesting=1,fuse=1,mount=nfs lxc.cap.drop: I can start the snapd container with rocketchat server but in syslog I have the...
  3. Tor inside LXC blocked by AppArmor

    Hey fellas, this is what dmesg gives: [153434.316515] audit: type=1400 audit(1566380002.099:292): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" label="lxc-110_</var/lib/lxc>//&:lxc-110_<-var-lib-lxc>:unconfined" name="system_tor" pid=24893...
  4. mattlach

    DMESG Inundated with Apparmor errors

    Hey all, I'm not very good with how Apparmor works, so I was hoping someone might help me solve this one. Two of my many LXC containers, ID 110 and ID 170 are resulting in an absolute spamming of DMESG as follows: Please see this pastebin. It was too much to post in a message here. Two...
  5. nfs-kernel-server in LXC, Dienst startet nicht mehr nach PVE-Update

    Hallo, ich nutze seit über einem Jahr Proxmox VE. Bisher ohne Probleme. Zwischenzeitlich habe ich meine gesamte virtuelle Umgebung dorthin umgezogen. Nun habe ich letze Woche eine Subscription erstanden und heute morgen den Updateprozess von PVE gestartet. Das lief auch alles ohne...
  6. Unprivileged LXC CentOS 7 NFS server woes with AppArmor and D-Bus

    I'm trying to set up a file server (NFS now, Samba after) in a CentOS 7 container, without making it privileged. The NFS service won't start because of dependency issues with RPC Pipe which will not mount (says permission denied). I've found some seemingly relevant information...
  7. Container with mount point randomly not starting at boot

    Hi, I have a poc proxmox server embedded on a train and running some containers and virtual machines. One of this containers have huge data that I don't want to backup, so I put it on a separate mount point marked to not beeing backed up. The proxmox server is setup to start when ups gets...
  8. apparmor error every few seconds

    Testing an upgraded host and container to Debian 9 we keep getting an apparmor error on syslog. I've read other threads about this being a "warning" of some process trying to remount something not allowed on the container but can't figure out what it is. prox-test kernel: [1893537.445678]...
  9. oom-killer activity on debian stretch LXC

    Hello, since the last update I have strange activity in dmesg related to oom-killer with some processes in Debian LXC images and the problem doesn't really seem to be due to lack of memory, because the system has 70G of memory and 15G available. I guess many users would confirm the issue and it...
  10. Apparmor denies LXC startup operations from only certain containers.

    I have been using the supplied templates (pveam downloads) for all of my containers and they are mostly built from the Ubuntu 17.10 template, though I have 2 that are built from the Ubuntu 16.04 template. The LXC containers built from the 16.04 template start just fine and have no issues with...
  11. NFS-Server in LXC

    Hallo zusammen, von Turnkey habe ich mir den Mediaserver geholt und damit einen Container erstellt. In diesem habe ich noch eine komplette Partition gemountet, die die ganzen Multimediadaten beherbergt. lxc.mount.entry: /media/sdb1 /var/lib/lxc/303/rootfs/media/multimedia none bind 0 0 Diese...
  12. [SOLVED] Apparmor preventing LXCs starting after update

    I ran an apt update && apt dist-upgrade on my home server after a few weeks of uptime as part of its routine maintenance but its LXCs are failing to start after the reboot. All the VMs are still working. journalctl -xe output: -- Unit pve-container@200.service has begun starting up. Mar 10...
  13. [SOLVED] Bind mount mounting but subdirectories are empty

    So I have on my Host machine: /storage/HDD2 /storage/Internal And I am planning to mount these on my Guest machine which is a container: /srv/samba So in my Guest machine I can see that under /srv/samba I see HDD2 and Internal respectively, but not their contents, so I am asking the wizards in...
  14. Ubuntu Snaps inside LXC container on Proxmox

    Hi, I am trying to test Snap applications inside an Ubuntu 16.04 LXC container in Proxmox, and I am running into problems. I found this link: https://stgraber.org/2017/01/31/ubuntu-core-in-lxd-containers/ And it seems snapd needs "unprivileged FUSE mounts and AppArmor namespacing and stacking"'...
  15. UHL-Services

    Few questions

    Hello, I recently installed and configured a fully working 3 nodes cluster HA with CEPH and all works fine. Up to the point when in SYSLOG of each nodes, I get this, repetitively each day: APPARMOR Related: Jul 21 03:40:06 node01-sxb-pve01 kernel: audit_printk_skb: 384 callbacks suppressed...
  16. [SOLVED] apparmor="DENIED" operation="mount"

    The output of dmesg: How to fix it?
  17. KVM and apparmor

    Hi, Proxmox uses apparmor to confine its LXC containers, but it doesn't do so for KVM virtual machines. Libvirt (Proxmox's open source competitor, kind-of) does do so. Would this be worth adding to a new Proxmox release, for additional security? I wanted to post here about it before adding...
  18. Mount SCSI device in LXC container - Apparmor denied

    Hi, I'm trying to mount scsi tape drive into lxc containter and it I cannot figure out how to do it... My UDEV config looks like this: #/etc/udev/rules.d/70-persistent-iscsi.rules SUBSYSTEM=="scsi_generic",ATTRS{vendor}=="IBM",ATTRS{model}=="ULTRIUM-HH4", SYMLINK="ultrium", MODE="0660"...
  19. [SOLVED] PVE v4.4 OpenVPN apparmor DENIED

    PVE: 4.4 Image: Ubuntu 16.10 I'm following the tutorial for setting up OpenVPN, here: https://hungred.com/how-to/setup-openvpn-on-proxmox-lxc/. This worked just fine in PVE 4.2, and have set up 3 OpenVPN servers this way, but it no loger seems to work in PVE 4.4 I've added to...
  20. Problem AppArmor reboot system

    Sorry for my bad english, I have a problem with apparmor in proxmox v4.4 which does not get to mount units and I am the machine the previous registration to the fall is next. Feb 16 17:40:01 nodo1 kernel: [76282.010836] audit: type=1400 audit(1487263201.515:455): apparmor="DENIED"...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!