LXC container can't get IP (AppArmor)

Imtiazali · Jan 8, 2024

facing dhcp error with containers tried both privileged/unprivileged (nesting=1) still same. It is a fresh ubuntu 2204 template.

pve-manager/8.1.3/b46aac3b42da5d15 (running kernel: 6.5.11-7-pve)

any guidance please

Code:

Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:264): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:265): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:266): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:267): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:268): apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/415/task/416/comm" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:269): apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/415/task/417/comm" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:26 hq-n3 kernel: audit: type=1400 audit(1704750986.263:270): apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/415/task/418/comm" pid=75469 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75536]: AVC apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75536]: AVC apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75536]: AVC apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75536]: AVC apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75537]: AVC apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/438/task/439/comm" pid=75537 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75537]: AVC apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/438/task/440/comm" pid=75537 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 audit[75537]: AVC apparmor="DENIED" operation="open" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/proc/438/task/441/comm" pid=75537 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 kernel: audit: type=1400 audit(1704750989.919:271): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 kernel: audit: type=1400 audit(1704750989.919:272): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Jan 09 00:56:29 hq-n3 kernel: audit: type=1400 audit(1704750989.919:273): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxc-105_<-var-lib-lxc>" profile="/{,usr/}sbin/dhclient" name="/dev/tty1" pid=75536 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000

sb-jw · Jan 8, 2024

Imtiazali said:
Jan 09 00:01:43 hq-n3 audit[51091]: AVC apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="lxc-104_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=51091 comm="(d-logind)" srcname="/" flags="rw

That's apparently the only thing AppArmor blocked. Where do you read about DHCP?

Please post your CT Config pct config VMID.

Imtiazali · Jan 8, 2024

sb-jw said:
That's apparently the only thing AppArmor blocked. Where do you read about DHCP?

Please post your CT Config pct config VMID.

Here is CT config I am using SDN simple zone with 1450 MTU and its working with VMs am able to get the IPs

Code:

[ICODE]

root@hq-n3:~# pct config 105
arch: amd64
cores: 1
features: nesting=1
hostname: T3
memory: 512
net0: name=eth0,bridge=VLAN99,hwaddr=BC:24:11:64:D4:D9,ip=dhcp,type=veth
ostype: ubuntu
rootfs: Main:105/vm-105-disk-0.raw,size=8G
swap: 512
unprivileged: 1
root@hq-n3:~#
[/ICODE]

Search

Search

LXC container can't get IP (AppArmor)

Imtiazali

New Member

sb-jw

Famous Member

Imtiazali

New Member

We value your privacy