[SOLVED] logrotate issue in buster lxc


Famous Member
May 24, 2012
we have upgraded a couple lxc systems to buster. since doing so logs are not rotating.

has anyone else seen this? kvm systems do rotate ok and pve too.

 # systemctl list-units --state=failed
  UNIT              LOAD   ACTIVE SUB    DESCRIPTION                                                                         
● logrotate.service loaded failed failed Rotate log files                                                                   

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

# systemctl status logrotate
● logrotate.service - Rotate log files
   Loaded: loaded (/lib/systemd/system/logrotate.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-08-06 00:00:01 EDT; 8h ago
     Docs: man:logrotate(8)
  Process: 712444 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=226/NAMESPACE)
 Main PID: 712444 (code=exited, status=226/NAMESPACE)

Aug 06 00:00:01 fbcadmin systemd[1]: Starting Rotate log files...
Aug 06 00:00:01 fbcadmin systemd[712444]: logrotate.service: Failed to set up mount namespacing: Permission denied
Aug 06 00:00:01 fbcadmin systemd[712444]: logrotate.service: Failed at step NAMESPACE spawning /usr/sbin/logrotate: Permission
Aug 06 00:00:01 fbcadmin systemd[1]: logrotate.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 06 00:00:01 fbcadmin systemd[1]: logrotate.service: Failed with result 'exit-code'.
Aug 06 00:00:01 fbcadmin systemd[1]: Failed to start Rotate log files.
to attempt to fix - turned on nesting for one of the LXC's . will check result next cron run of logrotate

turning on nesting fixed this issue.
Last edited:
Same issue here.

Is this really the recommended solution? It seems like just a workaround.
Hello nd00, thanks for the reply , that did fix logrotate without using nesting
however mariadb.service would not work with nesting turned off.

for rsyslog to work correctly i need nesting off as the container is picking up logs from the pve host and other lxc's .

so further research lead to these links:



so we are trying this
1- turn nesting off
2- add these lines to the lxc config file
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

Note - I see that the above turns on nesting for apparmor . I am not sure if that is the same or different then the nesting option in pve.

we'll test this setting to see if it prevents logs from leaking.

Edit: using those settings did not fix the rsyslog issue. so we are back to just using the nesting option at pve. I'll post a new thread on the rsyslog in a lxc picking up logs from pve host and other lxc's.
Last edited:


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!