[Bug 1452451] Re: failed to change apparmor profile to lxc-container-default-with-nesting

[Christopher Townsend]

Dang, I was afraid you might not be able to reproduce, being a race and
all.  I'm not sure it's possible to hand off the system as it's my
primary development machine.

I think I will take a stab in trying to debug this.  A quick looks shows
that it is failing in this block in lsm/apparmor.c:

if (aa_change_profile(label) < 0)

Looking in the apparmor source code shows a few places this may fail,
especially with the "No such file or directory" errno value.

The call(s) in setprocattr(), particularly procattr_path().  I'm
thinking that perhaps the /proc path is not really fully up before
lxc_wait says that the container is in a RUNNING state.  I'm using SSD's
which may or may not make a difference, but they can sometimes add some
races due to their fast nature.

Next, I will look into what exactly lxc_wait is querying to know when it
is RUNNING...

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1452451

Title:
  failed to change apparmor profile to lxc-container-default-with-
  nesting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451/+subscriptions