Issue with Container on Debian

R

rjcab

Active Member
Mar 1, 2021
76
1
28
45
Hello all,

I am facing an issue with my Container and I don't have any clue about what is wrong.
It is very slow to connect through and each command takes time to provide output.

I 've seen that with dmesg:

Code: 
[3095082.011000] audit: type=1400 audit(1720002390.721:206): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209641 comm="(colord)" srcname="/" flags="rw, rbind"
[3095094.381141] kauditd_printk_skb: 4 callbacks suppressed
[3095094.381144] audit: type=1400 audit(1720002403.096:211): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209954 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.384839] audit: type=1400 audit(1720002403.100:212): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209957 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.389001] audit: type=1400 audit(1720002403.104:213): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209960 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.392858] audit: type=1400 audit(1720002403.108:214): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209963 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095094.396367] audit: type=1400 audit(1720002403.108:215): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=209966 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3095107.012304] audit: type=1400 audit(1720002415.722:216): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=210082 comm="(colord)" srcname="/" flags="rw, rbind"
[3124217.192815] audit: type=1400 audit(1720031523.219:217): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414809 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.196470] audit: type=1400 audit(1720031523.219:218): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414812 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.200128] audit: type=1400 audit(1720031523.223:219): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414815 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.203906] audit: type=1400 audit(1720031523.227:220): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414818 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124217.207534] audit: type=1400 audit(1720031523.231:221): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=414821 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.063853] audit: type=1400 audit(1720031568.083:222): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415107 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.067498] audit: type=1400 audit(1720031568.087:223): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415110 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.070904] audit: type=1400 audit(1720031568.091:224): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415113 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.074267] audit: type=1400 audit(1720031568.095:225): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415116 comm="(d-logind)" srcname="/" flags="rw, rbind"
[3124262.077755] audit: type=1400 audit(1720031568.099:226): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-105_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=415119 comm="(d-logind)" srcname="/" flags="rw, rbind"
root@srvtools:~#

I've checked on the forum but I don't find a solution.

Here my very basic conf of the CT:

Code: 
root@pve:~# cat /etc/pve/lxc/105.conf
arch: amd64
cores: 4
hostname: srvtools
memory: 1024
nameserver: 192.168.1.254
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=D2:65:25:32:80:E2,ip=192.168.1.180/24,type=veth
onboot: 1
ostype: debian
rootfs: bkpvmpve:105/vm-105-disk-0.raw,size=10G
swap: 1024
root@pve:~#

Many thanks for your help
 
Have you tried enabling Nesting in the container Options > Features? There were lots of threads about slow logins when Proxmox switch to a newer LXC version (I think) and Nesting has been enabled by default since that time.
 
Yes, but no chance so far.
I found the above URL: https://bobcares.com/blog/apparmor-denied-operation-mount-info-failed-flags-match-error-13/

So on my case:

Code: 
root@pve:/etc/apparmor.d/lxc# ls
lxc-default  lxc-default-cgns  lxc-default-with-mounting  lxc-default-with-nesting

Code: 
root@pve:/etc/apparmor.d/lxc# cd /var/lib/lxc/110
root@pve:/var/lib/lxc/110# ls
apparmor  config  rootfs
root@pve:/var/lib/lxc/110# cat
root@pve:/etc/apparmor.d# ls
abstractions  force-complain  lsb_release  lxc-containers   samba     usr.bin.lxc-start  usr.bin.tcpdump
disable       local           lxc          nvidia_modprobe  tunables  usr.bin.man        usr.sbin.chronyd
root@pve:/etc/apparmor.d# cat lxc
lxc/            lxc-containers
root@pve:/etc/apparmor.d# cat lxc
lxc/            lxc-containers
root@pve:/etc/apparmor.d# cat lxc-containers
# This file exists only to ensure that all per-container policies
# listed under /etc/apparmor.d/lxc get loaded at boot.  Please do
# not edit this file.

#include <tunables/global>

#include <lxc>
root@pve:/etc/apparmor.d#

I've never modified anything in that and to be frank I am lost :-)
 
Well I am doing further tests and it is weird but all commands even with errors don't return errors:

Code: 
drwxrwxrwx 2 root root 4096 Jul  8 18:57 bkppcloud
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppclou user=jc,password=1111
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppclou
root@CT105:/mnt# # mount -t cifs //192.168.1.252/bkppcloud
root@CT105:/mnt# # mount -t cifs //192.168.1.
root@CT105:/mnt#
 
rjcab said:
# #
Click to expand...
Really? ;-)

The first "#" belongs to the prompt. The second makes everything after it a comment - it is never executed.

Probably copy-n-pasted???
 
Finally I have still the issue:

On this CT no error but no mounted disk:

Code: 
root@CT105:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop2      7.8G  1.5G  6.0G  20% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs           6.3G  100K  6.3G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           6.3G     0  6.3G   0% /run/user/0
root@CT105:~# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxxx
root@CT105:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop2      7.8G  1.5G  6.0G  20% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs           6.3G  100K  6.3G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           6.3G     0  6.3G   0% /run/user/0
root@CT105:~#

On another CT with the same share on the same network:

Code: 
root@srvtools:/etc/apparmor.d# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop4      9.8G  3.8G  5.5G  41% /
none            492K  4.0K  488K   1% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs            13G   76K   13G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock

root@srvtools:/etc/apparmor.d#  mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxxx
root@srvtools:/mnt# df -h
Filesystem                 Size  Used Avail Use% Mounted on
/dev/loop4                 9.8G  3.8G  5.5G  41% /
none                       492K  4.0K  488K   1% /dev
tmpfs                       32G     0   32G   0% /dev/shm
tmpfs                       13G   80K   13G   1% /run
tmpfs                      5.0M     0  5.0M   0% /run/lock
//192.168.1.252/bkppcloud  916G  454G  463G  50% /mnt/bkppcloud
root@srvtools:/mnt#

Do you have an idea ? :)
 
Well..., in your first snippet it still is:
rjcab said:
root@CT105:~# # mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxxx
Click to expand...

You need some rest ;-)
 
Well I am stupid :mad:
So now another blocking point:

Code: 
root@CT105:~# mount -t cifs //192.168.1.252/bkppcloud /mnt/bkppcloud -o user=jc,password=xxx
mount: /mnt/bkppcloud: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
root@CT105:~#

And I have activated the CIFS in the features:

1720603339549.png
 
I came back because the issue I was trying to understand is still there even with a fresh install:

Code: 
b/lxc>//&:lxc-105_<-var-lib-lxc>:unconfined" pid=958629 comm="apparmor_parser"
[3791857.665121] CIFS: Attempting to mount \\192.168.1.252\bkppcloud
[3791857.665372] FS-Cache: Duplicate cookie detected
[3791857.665378] FS-Cache: O-cookie c=00000000f68a7906 [p=00000000164c37a6 fl=222 nc=1 na=1]
[3791857.665383] FS-Cache: O-cookie d=0000000068da55d7 n=000000000a479852
[3791857.665385] FS-Cache: O-key=[8] '020001bdc0a801fc'
[3791857.665391] FS-Cache: N-cookie c=00000000a519a1ca [p=00000000164c37a6 fl=2 nc=0 na=1]
[3791857.665394] FS-Cache: N-cookie d=0000000068da55d7 n=0000000019c9d351
[3791857.665396] FS-Cache: N-key=[8] '020001bdc0a801fc'
[3791863.180983] kauditd_printk_skb: 5 callbacks suppressed
[3791863.180986] audit: type=1400 audit(1720699107.569:20043): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-110_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=958911 comm="(colord)" srcname="/" flags="rw, rbind"
[3791875.228447] audit: type=1400 audit(1720699119.620:20044): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=958977 comm="(colord)" srcname="/" flags="rw, rbind"
[3791888.534653] audit: type=1400 audit(1720699132.923:20045): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-110_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=959147 comm="(colord)" srcname="/" flags="rw, rbind"
root@pcloud:~#

I tried to find something related to apparmor but I am quite surprise that installing an CT with the template drives to these errors
 
You must log in or register to reply here.
Top Bottom