In documentation is written:
If you want to disable AppArmor for a container, you can add the stanza
lxc.aa_profile = unconfined
at the end of the configuration file ( located in /etc/pve/lxc/CTID.conf ) Note that this is not a recommended setup for production.
But sorry, we get again this errors:
Feb 24 22:00:18 ns2 kernel: [2840598.887693] audit: type=1400 audit(1487970018.740:2485204): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12486 comm="(s_server)" flags="rw, rslave"
Feb 24 22:00:30 ns2 kernel: [2840610.171109] audit: type=1400 audit(1487970030.024:2485215): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12858 comm="(_control)" flags="rw, rslave"
Feb 24 22:00:32 ns2 kernel: [2840612.479025] audit: type=1400 audit(1487970032.332:2485217): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12878 comm="(_control)" flags="rw, rslave"
Feb 24 22:00:39 ns2 kernel: [2840619.158973] audit: type=1400 audit(1487970039.012:2485223): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=13059 comm="(_control)" flags="rw, rslave"
Container with centos 6.8.1 on LXC ZFS
Proxmox Vers 4.4-5/c43015a5
Host uname -a Linux xxxxx 4.4.35-2-pve #1 SMP Mon Jan 9 10:21:44 CET 2017 x86_64 GNU/Linux
If you want to disable AppArmor for a container, you can add the stanza
lxc.aa_profile = unconfined
at the end of the configuration file ( located in /etc/pve/lxc/CTID.conf ) Note that this is not a recommended setup for production.
But sorry, we get again this errors:
Feb 24 22:00:18 ns2 kernel: [2840598.887693] audit: type=1400 audit(1487970018.740:2485204): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12486 comm="(s_server)" flags="rw, rslave"
Feb 24 22:00:30 ns2 kernel: [2840610.171109] audit: type=1400 audit(1487970030.024:2485215): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12858 comm="(_control)" flags="rw, rslave"
Feb 24 22:00:32 ns2 kernel: [2840612.479025] audit: type=1400 audit(1487970032.332:2485217): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=12878 comm="(_control)" flags="rw, rslave"
Feb 24 22:00:39 ns2 kernel: [2840619.158973] audit: type=1400 audit(1487970039.012:2485223): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=13059 comm="(_control)" flags="rw, rslave"
Container with centos 6.8.1 on LXC ZFS
Proxmox Vers 4.4-5/c43015a5
Host uname -a Linux xxxxx 4.4.35-2-pve #1 SMP Mon Jan 9 10:21:44 CET 2017 x86_64 GNU/Linux