Testing an upgraded host and container to Debian 9 we keep getting an apparmor error on syslog. I've read other threads about this being a "warning" of some process trying to remount something not allowed on the container but can't figure out what it is.
prox-test kernel: [1893537.445678] audit: type=1400 audit(1547496616.671:77929): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-1191_</var/lib/lxc>" name="/" pid=4077 comm="(s_server)" flags="rw, rslave"
We have a number of standard bind mounts...
The container config is:
arch: amd64
cpulimit: 4
cpuunits: 1024
hostname: box65.alsur.es
memory: 8192
mp0: /home/xxxx,mp=/home/yyyy
mp1: /home/yyyy,mp=/home/yyyy
mp2: /home/scrap,mp=/home/scrap
mp3: xxxxxxxxxx
mp4:xxxxxxxxxxxxxxxx
mp5: /logs/111,mp=/logs
mp6: /cache/111,mp=/cache
mp7: /backups/d18/vms/111,mp=/backups
nameserver: 10.0.0.1 213.186.33.99 8.8.8.8
net0: name=eth0,bridge=vmbr10,gw=10.0.0.1,hwaddr=FE:2B:74:8F:6B:92,ip=10.0.0.111/24,type=veth
onboot: 1
ostype: debian
rootfs: thin:vm-111-disk-0,size=10G
searchdomain: alsur.es
startup: order=14
swap: 0
We also have a couple of tmpfs on the containers fstab
tmpfs /cache-ram tmpfs atime,noexec,nosuid 0 0
tmpfs /tmp tmpfs size=2g,noatime,nosuid 0 0
But can figure what is causing the log entries. Any help of how to debug would be appreciated. Thanks.
prox-test kernel: [1893537.445678] audit: type=1400 audit(1547496616.671:77929): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-1191_</var/lib/lxc>" name="/" pid=4077 comm="(s_server)" flags="rw, rslave"
We have a number of standard bind mounts...
The container config is:
arch: amd64
cpulimit: 4
cpuunits: 1024
hostname: box65.alsur.es
memory: 8192
mp0: /home/xxxx,mp=/home/yyyy
mp1: /home/yyyy,mp=/home/yyyy
mp2: /home/scrap,mp=/home/scrap
mp3: xxxxxxxxxx
mp4:xxxxxxxxxxxxxxxx
mp5: /logs/111,mp=/logs
mp6: /cache/111,mp=/cache
mp7: /backups/d18/vms/111,mp=/backups
nameserver: 10.0.0.1 213.186.33.99 8.8.8.8
net0: name=eth0,bridge=vmbr10,gw=10.0.0.1,hwaddr=FE:2B:74:8F:6B:92,ip=10.0.0.111/24,type=veth
onboot: 1
ostype: debian
rootfs: thin:vm-111-disk-0,size=10G
searchdomain: alsur.es
startup: order=14
swap: 0
We also have a couple of tmpfs on the containers fstab
tmpfs /cache-ram tmpfs atime,noexec,nosuid 0 0
tmpfs /tmp tmpfs size=2g,noatime,nosuid 0 0
But can figure what is causing the log entries. Any help of how to debug would be appreciated. Thanks.