First off, I know that AppArmor is horribly broken right now. But if I understood that correctly this issue only affects unprivileged containers. Correct me if I'm wrong.
I created a privileged container with archlinux-base_20190124. Config:
Due to AppArmor (I think) I have to bring up the interface manually. But it least it works afterwards.
However, I want to use this container to host my own repository for Arch and build packages in a chroot. Arch uses systemd-nspawn for that purpose.
When running mkarchroot it builds the chroot, installs all the packages, but then fails with this error:
Trying to build a package in a chroot based on the newly created one fails with the same error.
Any ideas what I could do here? Other than just switching off AppArmor completely for this container?
I created a privileged container with archlinux-base_20190124. Config:
Code:
arch: amd64
cores: 2
hostname: repo
memory: 2048
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=E6:87:AE:D7:3B:99,ip=192.168.1.50/24,type=veth
ostype: archlinux
rootfs: local-lvm:vm-103-disk-0,size=20G
swap: 512
Due to AppArmor (I think) I have to bring up the interface manually. But it least it works afterwards.
However, I want to use this container to host my own repository for Arch and build packages in a chroot. Arch uses systemd-nspawn for that purpose.
When running mkarchroot it builds the chroot, installs all the packages, but then fails with this error:
Code:
Failed to mount n/a (type n/a) on / (MS_REC|MS_SLAVE ""): Permission denied
Short read while reading cgroup mode (0 bytes). The child is most likely dead.
Trying to build a package in a chroot based on the newly created one fails with the same error.
Any ideas what I could do here? Other than just switching off AppArmor completely for this container?