Apparmor error while starting a container

J

JeanBro

New Member
Jan 9, 2023
28
1
3
Good Morning
I have created a container on proxmox and when I want to start it I received this error : run_apparmor_parser: 916 Failed to run apparmor_parser on "/var/lib/lxc/100/apparmor/lxc-100_<-var-lib-lxc>": apparmor_parser: Unable to replace "lxc-100_</var/lib/lxc>". Profile doesn't conform to protocol apparmor_prepare: 1088 Failed to load generated AppArmor profile lxc_init: 876 Failed to initialize LSM __lxc_start: 2027 Failed to initialize container "100" TASK ERROR: startup for container '100' failed
Jean
 
Hi,

can you please provide the output of pveversion -v and pct config 100?
This should help troubleshooting.
 
Hello.
I had the same problem with one of my nodes: none of the LXC started (but if I migrated to another node, it worked without problems).

Particularity of my case: it happened to me after an update of the virtualization environment from Proxmox 7.x to 8.x, with apt process interrupted (and then recovered: dpkg --configure -a).

Finally, I was able to fix it by reinstalling apparmar on the screwed node:
Code: 
root@pve-node1:~# apt reinstall apparmor
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/616 kB of archives.
After this operation, 0 B of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 86243 files and directories currently installed.)
Preparing to unpack .../apparmor_3.0.8-3_amd64.deb ...
Unpacking apparmor (3.0.8-3) over (3.0.8-3) ...
Setting up apparmor (3.0.8-3) ...
Reloading AppArmor profiles
Processing triggers for man-db (2.11.2-2) ...

Start apparmor service:
Code: 
root@pve-node1:~# systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; preset: enabled)
     Active: active (exited) since Mon 2023-09-18 12:48:49 -03; 2s ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 17783 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=0/SUCCESS)
   Main PID: 17783 (code=exited, status=0/SUCCESS)
        CPU: 123ms

Sep 18 12:48:49 pve-node1 systemd[1]: Starting apparmor.service - Load AppArmor profiles...
Sep 18 12:48:49 pve-node1 apparmor.systemd[17783]: Restarting AppArmor
Sep 18 12:48:49 pve-node1 apparmor.systemd[17783]: Reloading AppArmor profiles
Sep 18 12:48:49 pve-node1 systemd[1]: Finished apparmor.service - Load AppArmor profiles.

and then, pct start <vmid> works like a charm.

I hope it is useful to someone.

Regards!
 
Last edited:
You must log in or register to reply here.
Top Bottom