AppArmor on 2 LXCs spam

E

Eldritzh

New Member
Feb 28, 2025
2
0
1
I got 2 LXCs (Plex and Ollama) that gives these errors a lot.

Code: 
Feb 17 09:44:21 pve kernel: audit: type=1400 audit(1771317861.619:38127): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:24 pve kernel: audit: type=1400 audit(1771317864.033:38128): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:29 pve kernel: audit: type=1400 audit(1771317869.041:38129): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:34 pve kernel: audit: type=1400 audit(1771317874.045:38130): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:36 pve kernel: audit: type=1400 audit(1771317876.517:38131): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:36 pve kernel: audit: type=1400 audit(1771317876.518:38132): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:39 pve kernel: audit: type=1400 audit(1771317879.052:38133): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:44:47 pve kernel: audit: type=1400 audit(1771317887.196:38134): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.011:38135): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-299_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1992039 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.011:38136): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-299_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1992039 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.012:38137): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-299_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1992039 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.897:38138): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.898:38139): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-206_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=1994038 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Feb 17 09:45:01 pve kernel: audit: type=1400 audit(1771317901.899:38140): apparmor="DENIED" operation="sendmsg" class="f

What's the best way of solving this? Should I just suppress the logspam? Is it safe? Or should I allow the unpriv LXCs more rights to write to the journal?
What's the best step of solving this?
 
Do you need to run rsyslog inside those containers? If not then maybe disable/uninstall it to get rid of this?
EDIT: Since it is denied (and therefore not working?), I assume that you are not using the results of rsyslog.
 
Last edited:
leesteken said:
Do you need to run rsyslog inside those containers? If not then maybe disable/uninstall it to get rid of this?
EDIT: Since it is denied (and therefore not working?), I assume that you are not using the results of rsyslog.
Click to expand...
I don't think I technically need it.
But not 100%, as I'm using Beszel for monitoring as well, within them.
 
You must log in or register to reply here.
Top Bottom
Back