logs of host system for apparmour displaying in containers

S

sahostking

Renowned Member
Oct 6, 2015
417
23
83
Cape Town, South Africa
www.hostking.host
Errors of app armour are displaying in containers. For example that /home/virfs/compon does not exist on the container I found this error on but on a different one entirely. Not sure what to make of this but definitely something not right.

Oct 6 05:40:03 lin01 kernel: [2607695.113453] audit: type=1400 audit(1475718003.044:145977): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/home/virtfs/compon/dev/" pid=20797 comm="jailshell" flags="rw, nosuid, noexec, remount, bind"
 
I'm seeing this too.

EG this is inside the LXC container:

/var/log/messages:Apr 19 15:05:01 srv60 kernel: [334393.824863] audit: type=1400 audit(1492578301.563:2900): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/home/virtfs/anetneta/dev/" pid=4416 comm="jailshell" srcname="/dev/" flags="rw, bind"

/var/log/messages:Apr 19 15:05:01 srv60 kernel: [334393.824877] audit: type=1400 audit(1492578301.563:2901): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/home/virtfs/anetneta/dev/" pid=4416 comm="jailshell" flags="rw, nosuid, noexec, remount, bind"
...and this is inside the PVE host:

syslog:Apr 19 15:00:01 pm28 kernel: [334093.634188] audit: type=1400 audit(1492578001.369:2829): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/home/virtfs/anetneta/dev/" pid=2348 comm="jailshell" srcname="/dev/" flags="rw, bind"

syslog:Apr 19 15:00:01 pm28 kernel: [334093.634205] audit: type=1400 audit(1492578001.369:2830): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/home/virtfs/anetneta/dev/" pid=2348 comm="jailshell" flags="rw, nosuid, noexec, remount, bind"
Does anyone have any more info on this problem?
 
You must log in or register to reply here.
Top Bottom