Hi,
On the machine on which I'm running proxmox 5.2-1 I'm trying to mount a nfs volume within an lxc container, but apparmor won't allow me to.
On a container for testing purposes I've added this line at the end of the lxc config:
cat /etc/apparmor.d/lxc-default-with-nfs
So when I try to start it, I get the following error:
In the meantime I deleted the line referring to the apparmor profile from the /etc/pve/lxc/535.conf and the container won't start anyway:
This is the log from /root/535.log:
Any ideas what's going on?
On the machine on which I'm running proxmox 5.2-1 I'm trying to mount a nfs volume within an lxc container, but apparmor won't allow me to.
On a container for testing purposes I've added this line at the end of the lxc config:
Code:
lxc.apparmor.profile: lxc-container-default-with-nfs
Code:
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-nfs flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# allow NFS (nfs/nfs4) mounts.
mount fstype=nfs*,
}
So when I try to start it, I get the following error:
Code:
Nov 26 17:50:31 svorng11 audit[3242]: AVC apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="/usr/bin/lxc-start" name="lxc-default-with-nfs" pid=3242 comm="lxc-start"
Nov 26 17:50:31 svorng11 kernel: audit: type=1400 audit(1543247431.188:12205): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="/usr/bin/lxc-start" name="lxc-default-with-nfs" pid=3242 comm="lxc-start"
Nov 26 17:50:31 svorng11 kernel: vmbr0: port 10(veth535i0) entered disabled state
Nov 26 17:50:31 svorng11 kernel: device veth535i0 left promiscuous mode
Nov 26 17:50:31 svorng11 kernel: vmbr0: port 10(veth535i0) entered disabled state
Nov 26 17:50:31 svorng11 lxc-start[3170]: lxc-start: 535: lxccontainer.c: wait_on_daemonized_start: 824 Received container state "ABORTING" instead of "RUNNING"
Nov 26 17:50:31 svorng11 lxc-start[3170]: The container failed to start.
Nov 26 17:50:31 svorng11 lxc-start[3170]: To get more details, run the container in foreground mode.
Nov 26 17:50:31 svorng11 lxc-start[3170]: Additional information can be obtained by setting the --logfile and --logpriority options.
Nov 26 17:50:31 svorng11 systemd[1]: pve-container@535.service: Control process exited, code=exited status=1
Nov 26 17:50:31 svorng11 systemd[1]: pve-container@535.service: Killing process 3172 (lxc-start) with signal SIGKILL.
Nov 26 17:50:31 svorng11 systemd[1]: Failed to start PVE LXC Container: 535.
-- Subject: Unit pve-container@535.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
Code:
lxc-start -l DEBUG -F -n 535 -o /root/535.log
lxc-start: 535: cgroups/cgfsng.c: create_path_for_hierarchy: 1752 Path "/sys/fs/cgroup/rdma//lxc/535" already existed.
lxc-start: 535: cgroups/cgfsng.c: cgfsng_create: 1862 Failed to create cgroup "/sys/fs/cgroup/rdma//lxc/535"
lxc-start: 535: cgroups/cgfsng.c: create_path_for_hierarchy: 1752 Path "/sys/fs/cgroup/cpuset//lxc/535-1" already existed.
lxc-start: 535: cgroups/cgfsng.c: cgfsng_create: 1862 Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-1"
lxc-start: 535: cgroups/cgfsng.c: create_path_for_hierarchy: 1752 Path "/sys/fs/cgroup/cpuset//lxc/535-2" already existed.
lxc-start: 535: cgroups/cgfsng.c: cgfsng_create: 1862 Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-2"
lxc-start: 535: cgroups/cgfsng.c: create_path_for_hierarchy: 1752 Path "/sys/fs/cgroup/cpuset//lxc/535-3" already existed.
lxc-start: 535: cgroups/cgfsng.c: cgfsng_create: 1862 Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-3"
lxc-start: 535: lsm/lsm.c: lsm_process_label_set_at: 167 No such file or directory - Failed to set AppArmor label "lxc-default-with-nfs"
lxc-start: 535: lsm/apparmor.c: apparmor_process_label_set: 243 No such file or directory - Failed to change apparmor profile to lxc-default-with-nfs
lxc-start: 535: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 5)
lxc-start: 535: start.c: __lxc_start: 1883 Failed to spawn container "535"
The container failed to start.
Additional information can be obtained by setting the --logfile and --logpriority options.
This is the log from /root/535.log:
Code:
lxc-start 535 20181126155416.219 INFO lxc_lsm - lsm/lsm.c:lsm_init:46 - LSM security driver AppArmor
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .reject_force_umount # comment this to allow umount -f; not recommended
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for reject_force_umount # comment this to allow umount -f; not recommended action 0(kill)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for reject_force_umount action 0(kill)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .[all]
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .kexec_load errno 1
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for kexec_load errno 1 action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for kexec_load action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .open_by_handle_at errno 1
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for open_by_handle_at errno 1 action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for open_by_handle_at action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .init_module errno 1
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for init_module errno 1 action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for init_module action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .finit_module errno 1
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for finit_module errno 1 action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for finit_module action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .delete_module errno 1
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for delete_module errno 1 action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for delete_module action 327681(errno)
lxc-start 535 20181126155416.219 INFO lxc_seccomp - seccomp.c:parse_config_v2:775 - Merging in the compat Seccomp ctx into the main one
lxc-start 535 20181126155416.219 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "535", config section "lxc"
lxc-start 535 20181126155416.662 DEBUG terminal - terminal.c:lxc_terminal_peer_default:701 - Using terminal "/dev/tty" as proxy
lxc-start 535 20181126155416.662 DEBUG terminal - terminal.c:lxc_terminal_signal_init:188 - Created signal fd 9
lxc-start 535 20181126155416.662 DEBUG terminal - terminal.c:lxc_terminal_winsz:85 - Set window size to 204 columns and 53 rows
lxc-start 535 20181126155416.662 INFO lxc_start - start.c:lxc_init:846 - Container "535" is initialized
lxc-start 535 20181126155416.663 INFO lxc_conf - conf.c:run_script:506 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "535", config section "net"
lxc-start 535 20181126155417.219 DEBUG lxc_network - network.c:instantiate_veth:227 - Instantiated veth "veth535i0/veth70F6F2", index is "86"
lxc-start 535 20181126155417.220 INFO lxc_cgroup - cgroups/cgroup.c:cgroup_init:60 - cgroup driver cgfsng initing for 535
lxc-start 535 20181126155417.223 DEBUG lxc_cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:751 - "cgroup.clone_children" was already set to "1"
lxc-start 535 20181126155417.223 ERROR lxc_cgfsng - cgroups/cgfsng.c:create_path_for_hierarchy:1752 - Path "/sys/fs/cgroup/rdma//lxc/535" already existed.
lxc-start 535 20181126155417.224 ERROR lxc_cgfsng - cgroups/cgfsng.c:cgfsng_create:1862 - Failed to create cgroup "/sys/fs/cgroup/rdma//lxc/535"
lxc-start 535 20181126155417.226 ERROR lxc_cgfsng - cgroups/cgfsng.c:create_path_for_hierarchy:1752 - Path "/sys/fs/cgroup/cpuset//lxc/535-1" already existed.
lxc-start 535 20181126155417.226 ERROR lxc_cgfsng - cgroups/cgfsng.c:cgfsng_create:1862 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-1"
lxc-start 535 20181126155417.227 ERROR lxc_cgfsng - cgroups/cgfsng.c:create_path_for_hierarchy:1752 - Path "/sys/fs/cgroup/cpuset//lxc/535-2" already existed.
lxc-start 535 20181126155417.227 ERROR lxc_cgfsng - cgroups/cgfsng.c:cgfsng_create:1862 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-2"
lxc-start 535 20181126155417.228 ERROR lxc_cgfsng - cgroups/cgfsng.c:create_path_for_hierarchy:1752 - Path "/sys/fs/cgroup/cpuset//lxc/535-3" already existed.
lxc-start 535 20181126155417.228 ERROR lxc_cgfsng - cgroups/cgfsng.c:cgfsng_create:1862 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc/535-3"
lxc-start 535 20181126155417.230 DEBUG lxc_cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:751 - "cgroup.clone_children" was already set to "1"
lxc-start 535 20181126155417.244 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWNS
lxc-start 535 20181126155417.244 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWPID
lxc-start 535 20181126155417.244 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWUTS
lxc-start 535 20181126155417.244 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWIPC
lxc-start 535 20181126155417.244 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWNET
lxc-start 535 20181126155417.244 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved mnt namespace via fd 15
lxc-start 535 20181126155417.244 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved pid namespace via fd 16
lxc-start 535 20181126155417.245 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved uts namespace via fd 17
lxc-start 535 20181126155417.245 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved ipc namespace via fd 18
lxc-start 535 20181126155417.245 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved net namespace via fd 19
lxc-start 535 20181126155417.246 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "memory.limit_in_bytes" set to "536870912"
lxc-start 535 20181126155417.246 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "memory.memsw.limit_in_bytes" set to "1073741824"
lxc-start 535 20181126155417.246 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "cpu.shares" set to "1024"
lxc-start 535 20181126155417.249 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "cpuset.cpus" set to "1"
lxc-start 535 20181126155417.249 INFO lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2797 - Limits for the legacy cgroup hierarchies have been setup
lxc-start 535 20181126155417.251 DEBUG lxc_start - start.c:lxc_spawn:1668 - Preserved net namespace via fd 10
lxc-start 535 20181126155417.636 DEBUG lxc_network - network.c:lxc_network_move_created_netdev_priv:2484 - Moved network device "veth70F6F2"/"eth0" to network namespace of 4582
lxc-start 535 20181126155417.638 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.deny" set to "a"
lxc-start 535 20181126155417.638 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c *:* m"
lxc-start 535 20181126155417.638 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "b *:* m"
lxc-start 535 20181126155417.638 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 1:3 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 1:5 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 1:7 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 5:0 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 5:1 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 5:2 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 1:8 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 1:9 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 136:* rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 10:229 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 254:0 rm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 10:200 rwm"
lxc-start 535 20181126155417.639 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 10:228 rwm"
lxc-start 535 20181126155417.640 DEBUG lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2792 - Set controller "devices.allow" set to "c 10:232 rwm"
lxc-start 535 20181126155417.640 INFO lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2797 - Limits for the legacy cgroup hierarchies have been setup
lxc-start 535 20181126155417.647 INFO lxc_start - start.c:do_start:1177 - Unshared CLONE_NEWCGROUP
lxc-start 535 20181126155417.651 DEBUG storage - storage/storage.c:storage_query:247 - Detected rootfs type "dir"
lxc-start 535 20181126155417.651 DEBUG lxc_conf - conf.c:lxc_setup_rootfs:1338 - Mounted rootfs "/var/lib/lxc/535/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
lxc-start 535 20181126155417.652 INFO lxc_conf - conf.c:setup_utsname:774 - Set hostname to "testnfs"
lxc-start 535 20181126155417.955 DEBUG lxc_network - network.c:setup_hw_addr:2750 - Mac address "5E:0B:1D:9A:7B:18" on "eth0" has been setup
lxc-start 535 20181126155417.955 DEBUG lxc_network - network.c:lxc_setup_netdev_in_child_namespaces:3008 - Network device "eth0" has been setup
lxc-start 535 20181126155417.955 INFO lxc_network - network.c:lxc_setup_network_in_child_namespaces:3029 - network has been setup
lxc-start 535 20181126155417.957 INFO lxc_conf - conf.c:mount_autodev:1163 - Preparing "/dev"
lxc-start 535 20181126155417.961 INFO lxc_conf - conf.c:mount_autodev:1185 - Mounted tmpfs on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev"
lxc-start 535 20181126155417.961 INFO lxc_conf - conf.c:mount_autodev:1202 - Prepared "/dev"
lxc-start 535 20181126155417.965 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "535", config section "lxc"
lxc-start 535 20181126155417.111 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxc/hooks/lxc-pve-autodev-hook" for container "535", config section "lxc"
lxc-start 535 20181126155417.240 INFO lxc_conf - conf.c:lxc_fill_autodev:1238 - Populating "/dev"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/full"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/null"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/random"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/tty"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/urandom"
lxc-start 535 20181126155417.240 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/zero"
lxc-start 535 20181126155417.240 INFO lxc_conf - conf.c:lxc_fill_autodev:1291 - Populated "/dev"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1934 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1955 - Flags for "/sys/fs/fuse/connections" were 4096, required extra flags are 0
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1965 - Mountflags already were 4096, skipping remount
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1934 - Remounting "/sys/kernel/debug" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/kernel/debug" to respect bind or remount options
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1955 - Flags for "/sys/kernel/debug" were 4096, required extra flags are 0
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1965 - Mountflags already were 4096, skipping remount
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "/sys/kernel/debug" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/kernel/debug" with filesystem type "none"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1934 - Remounting "/sys/kernel/security" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/kernel/security" to respect bind or remount options
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1955 - Flags for "/sys/kernel/security" were 4110, required extra flags are 14
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "/sys/kernel/security" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/kernel/security" with filesystem type "none"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1934 - Remounting "/sys/fs/pstore" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/pstore" to respect bind or remount options
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:1955 - Flags for "/sys/fs/pstore" were 4110, required extra flags are 14
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "/sys/fs/pstore" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/pstore" with filesystem type "none"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "mqueue" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/mqueue" with filesystem type "mqueue"
lxc-start 535 20181126155417.241 INFO lxc_conf - conf.c:mount_file_entries:2243 - Finished setting up mounts
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1697 - Created directory for console and tty devices at "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/lxc"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1748 - Mounted "/dev/pts/4" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/lxc/console"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1756 - Mounted "/dev/pts/4" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/lxc/console"
lxc-start 535 20181126155417.241 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1758 - Console has been setup under "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/lxc/console" and mounted to "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/console"
lxc-start 535 20181126155417.241 INFO lxc_utils - utils.c:lxc_mount_proc_if_needed:1720 - I am 1, /proc/self points to "1"
lxc-start 535 20181126155417.255 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1140 - pivot_root("/usr/lib/x86_64-linux-gnu/lxc/rootfs") successful
lxc-start 535 20181126155417.255 DEBUG lxc_conf - conf.c:setup_pivot_root:1469 - Finished pivot_root()
lxc-start 535 20181126155417.255 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1549 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start 535 20181126155417.255 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1569 - Created dummy "/dev/ptmx" file as bind mount target
lxc-start 535 20181126155417.255 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1574 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16
lxc-start 535 20181126155417.256 INFO lxc_conf - conf.c:lxc_allocate_ttys:990 - Finished creating 2 tty devices
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start 535 20181126155417.256 INFO lxc_conf - conf.c:lxc_setup_ttys:940 - Finished setting up 2 /dev/tty<N> device(s)
lxc-start 535 20181126155417.256 INFO lxc_conf - conf.c:setup_personality:1613 - Set personality to "0x0"
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2416 - Dropped mac_admin (33) capability
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2416 - Dropped mac_override (32) capability
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2416 - Dropped sys_time (25) capability
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2416 - Dropped sys_module (16) capability
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2416 - Dropped sys_rawio (17) capability
lxc-start 535 20181126155417.256 DEBUG lxc_conf - conf.c:setup_caps:2419 - Capabilities have been setup
lxc-start 535 20181126155417.256 NOTICE lxc_conf - conf.c:lxc_setup:3482 - The container "535" is set up
lxc-start 535 20181126155417.256 ERROR lxc_lsm - lsm/lsm.c:lsm_process_label_set_at:167 - No such file or directory - Failed to set AppArmor label "lxc-default-with-nfs"
lxc-start 535 20181126155417.256 ERROR lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:243 - No such file or directory - Failed to change apparmor profile to lxc-default-with-nfs
lxc-start 535 20181126155417.256 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 5)
lxc-start 535 20181126155417.257 INFO lxc_network - network.c:lxc_delete_network_priv:2568 - Interface "eth0" with index 86 already deleted or existing in different network namespace
lxc-start 535 20181126155417.257 INFO lxc_network - network.c:lxc_delete_network_priv:2578 - Removed interface "eth0" with index 86
lxc-start 535 20181126155417.295 INFO lxc_network - network.c:lxc_delete_network_priv:2599 - Removed interface "veth535i0" from ""
lxc-start 535 20181126155417.295 DEBUG lxc_network - network.c:lxc_delete_network:3156 - Deleted network devices
lxc-start 535 20181126155417.295 ERROR lxc_start - start.c:__lxc_start:1883 - Failed to spawn container "535"
lxc-start 535 20181126155417.297 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxc/hooks/lxc-pve-poststop-hook" for container "535", config section "lxc"
lxc-start 535 20181126155417.656 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "535", config section "lxc"
Any ideas what's going on?