So I had a proxmox installation which unfortunately got corrupted as the SSD it was installed to failed. However I had stored my LXC containers on another disk so managed to recover their raw disk files. I reinstalled proxmox onto another SSD, created a new container but replaced rootfs in lxc.conf to reference the original disk file. The container is unprivileged and starts (it does not start if I set it to privileged), however after starting, no snap is able to start due to the following error:
If I try dmesg | grep -i apparmor on a host shell, I get several entries of:
My container configuration file is as follows:
I'm not sure how to fix this. If anybody could help or point me in the right direction I'd greatly appreciate it
error: system does not fully support snapd: apparmor detected but insufficient permissions to use itIf I try dmesg | grep -i apparmor on a host shell, I get several entries of:
Code:
[ 8706.490713] audit: type=1400 audit(1738152990.356:466): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49044 comm="snap-confine"
[ 8711.729741] audit: type=1400 audit(1738152995.595:467): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49079 comm="snap-confine"
[ 8716.990431] audit: type=1400 audit(1738153000.856:468): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49141 comm="snap-confine"
[ 8722.214413] audit: type=1400 audit(1738153006.080:469): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49183 comm="snap-confine"
[ 8727.430254] audit: type=1400 audit(1738153011.295:470): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49243 comm="snap-confine"
[ 8732.703042] audit: type=1400 audit(1738153016.568:471): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="snap-update-ns.overseerr" pid=49285 comm="snap-confine"My container configuration file is as follows:
Code:
arch: amd64
cores: 2
features: fuse=1,mount=fuse,nesting=1
hostname: CT105
memory: 8192
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.2,hwaddr=BC:24:11:50:98:81,ip=192.168.1.8/24,type=veth
ostype: ubuntu
rootfs: intel-660p:vm-105-disk-0,size=107G
swap: 4096
unprivileged: 1
lxc.apparmor.profile = unconfined
lxc.mount.entry: /dev/fuse /dev/fuse none bind,create=file 0 0I'm not sure how to fix this. If anybody could help or point me in the right direction I'd greatly appreciate it