[SOLVED] Upgrade from 4.3-9 to 4.4-5 and apparmor is breaking lxc???

T

tycoonbob

Member
Aug 25, 2014
67
0
6
Stopped all lxc/kvm instances, ran `apt-get update` and `apt-get upgrade`, then rebooted. Pretty straight forwarded.

Upon reboot, about 20 LXC's started, but 3 did not. Nothing special about their configs, but I was getting an error when trying to run the foreground. Went looking around apparmor (the error was something to do with unable to apply lxc-defaults-cgns, but I don't remember the exact error) and ran
Code: 
systemctl status apparmor -l
and got this:


Code: 
root@jormungandr:~# systemctl status apparmor -l
● apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor)
   Active: failed (Result: exit-code) since Tue 2017-01-10 15:56:14 EST; 2min 34s ago
  Process: 5383 ExecStop=/etc/init.d/apparmor stop (code=exited, status=0/SUCCESS)
  Process: 5394 ExecStart=/etc/init.d/apparmor start (code=exited, status=123)

Jan 10 15:56:14 jormungandr systemd[1]: Starting LSB: AppArmor initialization...
Jan 10 15:56:14 jormungandr apparmor[5394]: Starting AppArmor profiles:AppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/lxc-containers at line 7: Found unexpected character: '<'
Jan 10 15:56:14 jormungandr apparmor[5394]: AppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/lxc-containers at line 7: Found unexpected character: '<'
Jan 10 15:56:14 jormungandr apparmor[5394]: failed!
Jan 10 15:56:14 jormungandr systemd[1]: apparmor.service: control process exited, code=exited status=123
Jan 10 15:56:14 jormungandr systemd[1]: Failed to start LSB: AppArmor initialization.
Jan 10 15:56:14 jormungandr systemd[1]: Unit apparmor.service entered failed state.


Code: 
root@jormungandr:~# cat /etc/apparmor.d/lxc-containers
# This file exists only to ensure that all per-container policies
# listed under /etc/apparmor.d/lxc get loaded at boot.  Please do
# not edit this file.

#include <tunables/global>

include <lxc>

never touched /etc/apparmor.d/lxc-containers before, but the issue is with that include line. If I comment it out, the apparmor service will start up fine. Well, removed the comment, tried restarting the apparmor service and it's failing again, but now my LXC starts. What gives? What's wrong with `include <lxc>` in `lxc-containers`?
 
you (or someone else with access to your machine?) must have accidently edited that file - "#include" is not a comment, but an include statement, so the # is required ;)
 
Thanks @fabian, that was definitely the issue. It's possible someone else had done that, though I'm not sure why. This is a workplace lab environment, fyi.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom