[pkg-lxc-devel] Bug#1050114: lxc: unprivileged containers fail to start out-of-box due to apparmor issue
Mathias Gibbens
gibmat at debian.org
Sun Aug 20 01:40:52 BST 2023
Package: lxc
Version: 1:5.0.2-1
Severity: normal
On a fresh bookworm install, after doing a `sudo apt install lxc` and
following the instructions at
https://linuxcontainers.org/lxc/getting-started/ for creating
unprivileged containers as a user, containers fail to start with the
following error:
lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: apparmor_prepare: 1080 Cannot use generated profile: apparmor_parser not available
This is because `apparmor_prepare` is located in /sbin/, which isn't
in a normal user's $PATH. If you add /sbin/ to $PATH, you then get a
different apparmor error:
lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: make_apparmor_namespace: 869 Permission denied - Error creating AppArmor namespace: /sys/kernel/security/apparmor/policy/namespaces/lxc-bookworm_<-home-gibmat-.local-share-lxc>
lxc-start: bookworm: ../src/lxc/lsm/apparmor.c: apparmor_prepare: 1086 Failed to load generated AppArmor profile
We should try to fix this so unprivileged containers work out-of-box.
Mathias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20230820/75863425/attachment.sig>
More information about the Pkg-lxc-devel
mailing list