Syslog filled with lxc error

[Mattias Hedman]

My Proxmox VE syslog is filled with these two lines, lxc 101 is my Unifi controller LXC. How do I fix this?

Jan 16 11:45:43 pve audit[2261527]: AVC apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/run/systemd/unit-root/proc/" pid=2261527 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Jan 16 11:45:43 pve kernel: audit: type=1400 audit(1642329943.792:1057709): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-101_</var/lib/lxc>" name="/run/systemd/unit-root/proc/" pid=2261527 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"

 

[KatyComputer]

I am seeing the similar errors:
Jan 20 22:44:45 vm101-01 kernel: [2885690.098207] audit: type=1400 audit(1642740285.272:551878): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-100_</var/lib/lxc>" name="/run/systemd/unit-root/proc/" pid=2917141 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
.....
Jan 20 22:14:47 vm101-01 kernel: [2883891.772290] audit: type=1400 audit(1642738486.980:551528): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-110_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=2900094 comm="(d-logind)" srcname="/" flags="rw, rbind"

pveversion: pve-manager/7.1-8/5b267f33 (running kernel: 5.13.19-2-pve)

I am seeing this on 2 of my 5 Debian 11 containers.

 

[Tim Unkrig]

I am also seeing similar messages:

Feb 28 11:17:51 lxc02.example.de kernel: audit: type=1400 audit(1646043471.726:33684): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-3923_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=632368 comm="(ionclean)" srcname="/" flags="rw, rbind"
Feb 28 11:17:57 lxc02.example.de audit[632788]: AVC apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-3927_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=632788 comm="(ionclean)" srcname="/" flags="rw, rbind"

pve-cluster: 7.0-3
Container: Ubuntu 20.04.3 LTS

Anyone has a clue?

 

[dcsapak]

those messages are normal, it just says that the container attempted to do stuff it is not allowed. systemd in the container tries for example to remount some stuff and after that checks it cannot do that...

 

[Tim Unkrig]

those messages are normal, it just says that the container attempted to do stuff it is not allowed. systemd in the container tries for example to remount some stuff and after that checks it cannot do that...

Alright, thank you! I think I found the related thing, which caused it!

-> https://forum.proxmox.com/threads/a...ofile-lxc-104_-var-lib-lxc.71093/#post-319096

the timer seems to work, but those messages are still poluting the logs. WIll ignore it for now!