Hi,
After having done a full upgrade on a 5.x system, my promox server wouldn't start any containers. The error I saw was that apparmor tried to auto generate a profile located at /var/lib/lxc/<id>/lxc-<something>, and then it failed with an error something like apparmor="DENIED", operation="change_profile" in syslog. I then was able to resolve this error and booted all by containers by manually by adding the below config to each container's config file (/etc/pve/lxc/<id>.conf):
lxc.apparmor.profile=unconfined
Since I have another node in a cluster that I would like to upgrade, I would like to fully understand why the full-upgrade broke the first server. Why does LXC tried to autogenerate a profile config, which it hadn't been doing with the old system? Is there another work around to tell LXC not to generate an apparmor profile?
thanks
After having done a full upgrade on a 5.x system, my promox server wouldn't start any containers. The error I saw was that apparmor tried to auto generate a profile located at /var/lib/lxc/<id>/lxc-<something>, and then it failed with an error something like apparmor="DENIED", operation="change_profile" in syslog. I then was able to resolve this error and booted all by containers by manually by adding the below config to each container's config file (/etc/pve/lxc/<id>.conf):
lxc.apparmor.profile=unconfined
Since I have another node in a cluster that I would like to upgrade, I would like to fully understand why the full-upgrade broke the first server. Why does LXC tried to autogenerate a profile config, which it hadn't been doing with the old system? Is there another work around to tell LXC not to generate an apparmor profile?
thanks