apparmor

Recently performed an upgrade from 5.4 to 6 and everything seemed alright, then did one from 6 to 7 and now containers are failing to load. ➜ ~ lxc-start -n 100 -lDEBUG --logfile 100_fail.log lxc-start 100 20211227045635.919 ERROR apparmor - lsm/apparmor.c:run_apparmor_parser:915 - Failed...

I am trying to install and cant seem to get it to work. I have enabled FUSE and Nested, Unprivileged = no . I keep getting this apparmor error: root@wekan:~# snap install wekan error: cannot perform the following tasks: - Setup snap "core" (11420) security profiles (cannot setup profiles for...

Hi guys! I'm pretty new to Proxmox, but I feel like I've been doing pretty fine. However, I've run into this really weird issue where I cannot use APT to install some packages in my LXC container. I also had some issues earlier with Docker, but I fixed those by turning on nesting. However, now...

Hi I'm using proxmox to host multiple LXC's and VM's, in order to get good gaming performance on my windows VM I am using cset and taskset to pin the windows cores to the last 8c/16t of my cpu. I have run into an issue with cset and lxc containers where if I define a slice for the windows VM...

I was running an unprivileged LXC and converted it to a privileged one (backed it up and then restored with it set to privileged) and now I have issues with Apparmor. My main problem is starting a Docker container ~/pihole$ docker-compose up Creating network "pihole_default" with the default...

Hi. I've read the numerous threads regarding apparmor flooding syslog with messages related to actions not allowed to be performed inside containers but can't figure still how to reduce os investigate and only seem to find the solution of ignoring with conf on syslog. In this case is a new PVE6...

How is apparmor profile "generated" created? How can we add additional rules to this profile? Or is there another way how to create profile with everything default generated profeile has but with added rules? We need to deny some operations inside LXC containers.

Oct 11 11:10:29 pve-lap systemd[1]: Started PVE LXC Container: 118. Oct 11 11:10:29 pve-lap pvedaemon[20472]: <root@pam> end task UPID:pve-lap:00000877:10AC5DF9:5DA04703:vzstart:118:root@pam: OK Oct 11 11:10:30 pve-lap audit[2417]: AVC apparmor="DENIED" operation="mount" info="failed flags...

Hello everyone, I have a ubuntu lxc - container with ubuntu 18.04 and installed snapd, but with problems. In my lxc config I have the following lines added: features: nesting=1,fuse=1,mount=nfs lxc.cap.drop: I can start the snapd container with rocketchat server but in syslog I have the...

Hey fellas, this is what dmesg gives: [153434.316515] audit: type=1400 audit(1566380002.099:292): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" label="lxc-110_</var/lib/lxc>//&:lxc-110_<-var-lib-lxc>:unconfined" name="system_tor" pid=24893...

Hey all, I'm not very good with how Apparmor works, so I was hoping someone might help me solve this one. Two of my many LXC containers, ID 110 and ID 170 are resulting in an absolute spamming of DMESG as follows: Please see this pastebin. It was too much to post in a message here. Two...

Hallo, ich nutze seit über einem Jahr Proxmox VE. Bisher ohne Probleme. Zwischenzeitlich habe ich meine gesamte virtuelle Umgebung dorthin umgezogen. Nun habe ich letze Woche eine Subscription erstanden und heute morgen den Updateprozess von PVE gestartet. Das lief auch alles ohne...

I'm trying to set up a file server (NFS now, Samba after) in a CentOS 7 container, without making it privileged. The NFS service won't start because of dependency issues with RPC Pipe which will not mount (says permission denied). I've found some seemingly relevant information...

Hi, I have a poc proxmox server embedded on a train and running some containers and virtual machines. One of this containers have huge data that I don't want to backup, so I put it on a separate mount point marked to not beeing backed up. The proxmox server is setup to start when ups gets...

Testing an upgraded host and container to Debian 9 we keep getting an apparmor error on syslog. I've read other threads about this being a "warning" of some process trying to remount something not allowed on the container but can't figure out what it is. prox-test kernel: [1893537.445678]...

Hello, since the last update I have strange activity in dmesg related to oom-killer with some processes in Debian LXC images and the problem doesn't really seem to be due to lack of memory, because the system has 70G of memory and 15G available. I guess many users would confirm the issue and it...

I have been using the supplied templates (pveam downloads) for all of my containers and they are mostly built from the Ubuntu 17.10 template, though I have 2 that are built from the Ubuntu 16.04 template. The LXC containers built from the 16.04 template start just fine and have no issues with...

Hallo zusammen, von Turnkey habe ich mir den Mediaserver geholt und damit einen Container erstellt. In diesem habe ich noch eine komplette Partition gemountet, die die ganzen Multimediadaten beherbergt. lxc.mount.entry: /media/sdb1 /var/lib/lxc/303/rootfs/media/multimedia none bind 0 0 Diese...

I ran an apt update && apt dist-upgrade on my home server after a few weeks of uptime as part of its routine maintenance but its LXCs are failing to start after the reboot. All the VMs are still working. journalctl -xe output: -- Unit pve-container@200.service has begun starting up. Mar 10...

So I have on my Host machine: /storage/HDD2 /storage/Internal And I am planning to mount these on my Guest machine which is a container: /srv/samba So in my Guest machine I can see that under /srv/samba I see HDD2 and Internal respectively, but not their contents, so I am asking the wizards in...