Issue with Container on Debian

R

rjcab

Member
Mar 1, 2021
61
1
13
44
Hello all,

I am facing an issue with my Container and I don't have any clue about what is wrong.
It is very slow to connect through and each command takes time to provide output.

I 've seen that with dmesg:

Code: 
[3095082.011000] audit: type=1400 audit(1720002390.721:206): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209641 comm="(colord)" srcname="/" flags="rw, rbind"
[3095094.381141] kauditd_printk_skb: 4 callbacks suppressed
[3095094.381144] audit: type=1400 audit(1720002403.096:211): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209954 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.384839] audit: type=1400 audit(1720002403.100:212): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209957 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.389001] audit: type=1400 audit(1720002403.104:213): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209960 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.392858] audit: type=1400 audit(1720002403.108:214): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209963 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.396367] audit: type=1400 audit(1720002403.108:215): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209966 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095107.012304] audit: type=1400 audit(1720002415.722:216): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=210082 comm="(colord)" srcname="/" flags="rw, rbind"
[3124217.192815] audit: type=1400 audit(1720031523.219:217): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414809 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.196470] audit: type=1400 audit(1720031523.219:218): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414812 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.200128] audit: type=1400 audit(1720031523.223:219): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414815 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.203906] audit: type=1400 audit(1720031523.227:220): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414818 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.207534] audit: type=1400 audit(1720031523.231:221): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414821 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.063853] audit: type=1400 audit(1720031568.083:222): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415107 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.067498] audit: type=1400 audit(1720031568.087:223): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415110 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.070904] audit: type=1400 audit(1720031568.091:224): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415113 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.074267] audit: type=1400 audit(1720031568.095:225): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415116 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.077755] audit: type=1400 audit(1720031568.099:226): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415119 comm="(d-logind)" srcname="/" flags="rw, rbind"
root@srvtools:~#

I've checked on the forum but I don't find a solution.

Here my very basic conf of the CT:

Code: 
root@pve:~# cat /etc/pve/lxc/105.conf
arch: amd64
cores: 4
hostname: srvtools
memory: 1024
nameserver: 192.168.1.254
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=D2:65:25:32:80:E2,ip=192.168.1.180/24,type=veth
onboot: 1
ostype: debian
rootfs: bkpvmpve:105/vm-105-disk-0.raw,size=10G
swap: 1024
root@pve:~#

Many thanks for your help
 
Have you tried enabling Nesting in the container Options > Features? There were lots of threads about slow logins when Proxmox switch to a newer LXC version (I think) and Nesting has been enabled by default since that time.
 
Yes, but no chance so far.
I found the above URL: https://bobcares.com/blog/apparmor-denied-operation-mount-info-failed-flags-match-error-13/

So on my case:

Code: 
root@pve:/etc/apparmor.d/lxc# ls
lxc-default  lxc-default-cgns  lxc-default-with-mounting  lxc-default-with-nesting

Code: 
root@pve:/etc/apparmor.d/lxc# cd /var/lib/lxc/110
root@pve:/var/lib/lxc/110# ls
apparmor  config  rootfs
root@pve:/var/lib/lxc/110# cat
root@pve:/etc/apparmor.d# ls
abstractions  force-complain  lsb_release  lxc-containers   samba     usr.bin.lxc-start  usr.bin.tcpdump
disable       local           lxc          nvidia_modprobe  tunables  usr.bin.man        usr.sbin.chronyd
root@pve:/etc/apparmor.d# cat lxc
lxc/            lxc-containers
root@pve:/etc/apparmor.d# cat lxc
lxc/            lxc-containers
root@pve:/etc/apparmor.d# cat lxc-containers
# This file exists only to ensure that all per-container policies
# listed under /etc/apparmor.d/lxc get loaded at boot.  Please do
# not edit this file.

#include <tunables/global>

#include <lxc>
root@pve:/etc/apparmor.d#

I've never modified anything in that and to be frank I am lost :-)
 
Well I am doing further tests and it is weird but all commands even with errors don't return errors:

Code: 
drwxrwxrwx 2 root root 4096 Jul  8 18:57 bkppcloud
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppclou user=jc,password=1111
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppclou
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud
root@CT105:/mnt# # mount -t cifs //192.168.1.
root@CT105:/mnt#
 
Finally I have still the issue:

On this CT no error but no mounted disk:

Code: 
root@CT105:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop2      7.8G  1.5G  6.0G  20% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs           6.3G  100K  6.3G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           6.3G     0  6.3G   0% /run/user/0
root@CT105:~# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxxx
root@CT105:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop2      7.8G  1.5G  6.0G  20% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs           6.3G  100K  6.3G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           6.3G     0  6.3G   0% /run/user/0
root@CT105:~#

On another CT with the same share on the same network:

Code: 
root@srvtools:/etc/apparmor.d# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop4      9.8G  3.8G  5.5G  41% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs            13G   76K   13G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock

root@srvtools:/etc/apparmor.d#  mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxxx
root@srvtools:/mnt# df -h
Filesystem                 Size  Used Avail Use% Mounted on
/dev/loop4                 9.8G  3.8G  5.5G  41% /
none                       492K  4.0K  488K   1% /dev
tmpfs                       32G     0   32G   0% /dev/shm
tmpfs                       13G   80K   13G   1% /run
tmpfs                      5.0M     0  5.0M   0% /run/lock
//192.168.1.252/bkppcloud  916G  454G  463G  50% /mnt/bkppcloud
root@srvtools:/mnt#

Do you have an idea ? :)
 
Well I am stupid :mad:
So now another blocking point:

Code: 
root@CT105:~# mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxx
mount: /mnt/bkppcloud: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
root@CT105:~#

And I have activated the CIFS in the features:

1720603339549.png
 
I came back because the issue I was trying to understand is still there even with a fresh install:

Code: 
b/lxc>//&:lxc-105_<-var-lib-lxc>:unconfined" pid=958629 comm="apparmor_parser"
[3791857.665121] CIFS: Attempting to mount \\192.168.1.252\bkppcloud
[3791857.665372] FS-Cache: Duplicate cookie detected
[3791857.665378] FS-Cache: O-cookie c=00000000f68a7906 [p=00000000164c37a6 fl=222 nc=1 na=1]
[3791857.665383] FS-Cache: O-cookie d=0000000068da55d7 n=000000000a479852
[3791857.665385] FS-Cache: O-key=[8] '020001bdc0a801fc'
[3791857.665391] FS-Cache: N-cookie c=00000000a519a1ca [p=00000000164c37a6 fl=2 nc=0 na=1]
[3791857.665394] FS-Cache: N-cookie d=0000000068da55d7 n=0000000019c9d351
[3791857.665396] FS-Cache: N-key=[8] '020001bdc0a801fc'
[3791863.180983] kauditd_printk_skb: 5 callbacks suppressed
[3791863.180986] audit: type=1400 audit(1720699107.569:20043): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-110_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=958911 comm="(colord)" srcname="/" flags="rw, rbind"
[3791875.228447] audit: type=1400 audit(1720699119.620:20044): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=958977 comm="(colord)" srcname="/" flags="rw, rbind"
[3791888.534653] audit: type=1400 audit(1720699132.923:20045): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-110_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=959147 comm="(colord)" srcname="/" flags="rw, rbind"
root@pcloud:~#

I tried to find something related to apparmor but I am quite surprise that installing an CT with the template drives to these errors
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom