[pve-devel] LXC Container

Detlef Bracker bracker at 1awww.com
Thu Feb 23 01:33:04 CET 2017


Every scenerario breaks with other problems - So has somebody a resolution?

Plesk will not work on LCX container about mount problems! A backup and
restore as an unprivileged server with option ignore restore fails,
brings new other problems why then the system is no more usable -
possible parts of installation in their not restorable folders!

So has somebody a solution to set ONLY for one or less lcx containers
the rights that mounts are from inside containers allowed? So
drive with ACL off brings nothing too!

Here the part from plesk:


*xxxx* (Plesk Support)

Feb 23, 03:32 +07

Hello,

I would like to inform you that the root cause was found. 

I can see the following errors in `/var/log/syslog` 

Feb 22 09:44:45 ct1000 kernel: [221314.559494] audit: type=1400 audit(1487756685.156:419): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=15003 comm="(php-fpm)" flags="rw, rslave"


and in `/var/log/dmesg`:

[ 6652.341431] audit: type=1400 audit(1487542019.007:161): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=31461 comm="(php-fpm)" flags="rw, rslave"
[12282.699057] audit: type=1400 audit(1487547649.444:174): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=15816 comm="(php-fpm)" flags="rw, rslave"
[12348.492042] audit: type=1400 audit(1487547715.235:186): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=21044 comm="(php-fpm)" flags="rw, rslave"


This restriction comes from the Hardware Node side in configuration of
apparmor.  Therefore, it should be configured from Hardware node xxxxxx.
You can refer to https://gist.github.com/gionn/7585324 for additional
details.

Please let me know if you have any questions.


PHP-FPM startup failed with at step NAMESPACE spawning
<https://support.plesk.com/hc/en-us/articles/115001473325-PHP-FPM-startup-failed-with-at-step-NAMESPACE-spawning>

Best Regards,

XXXXXX
Support XXXXXXX
Plesk


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20170223/d8fdf924/attachment.sig>


More information about the pve-devel mailing list