Ajout section bug lxc apparmor
This commit is contained in:
parent
16960af832
commit
775ac37a7a
33
HowtoLXC.md
33
HowtoLXC.md
|
@ -160,3 +160,36 @@ Il faut mettre à jour la config :
|
||||||
# lxc-update-config -c /var/lib/lxc/foo/config
|
# lxc-update-config -c /var/lib/lxc/foo/config
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
|
||||||
|
## Erreur de démarrage d'un conteneur LXC
|
||||||
|
|
||||||
|
Si un conteneur est stoppé et qu'il retourne ces erreurs :
|
||||||
|
|
||||||
|
```
|
||||||
|
$ lxc-start -n $container_name
|
||||||
|
lxc-start: $container_name: lsm/lsm.c: lsm_process_label_set_at: 174 No such file or directory - Failed to set AppArmor label "lxc-container-default-cgns"
|
||||||
|
lxc-start: $container_name: lsm/apparmor.c: apparmor_process_label_set: 1097 Failed to change AppArmor profile to lxc-container-default-cgns
|
||||||
|
lxc-start: $container_name: sync.c: __sync_wait: 62 An error occurred in another process (expected sequence number 5)
|
||||||
|
lxc-start: $container_name: start.c: __lxc_start: 1951 Failed to spawn container "php73"
|
||||||
|
lxc-start: $container_name: tools/lxc_start.c: main: 330 The container failed to start
|
||||||
|
lxc-start: $container_name: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
|
||||||
|
```
|
||||||
|
|
||||||
|
Alors, il faut réinstaller le paquet et apparmor et relancer le service systemd :
|
||||||
|
|
||||||
|
```
|
||||||
|
# apt reinstall apparmor
|
||||||
|
# systemctl restart lxc
|
||||||
|
# lxc-start -n $container_name
|
||||||
|
```
|
||||||
|
|
||||||
|
Note : le redémarrage du service LXC n'affecte pas le statut des conteneurs.
|
||||||
|
|
||||||
|
Pour éviter d'autres problèmes à l'avenir avec AppArmor, si le conteneur n'a pas vocation de sécurité, on peut le déconfiner dans sa configuration et le redémarrer :
|
||||||
|
|
||||||
|
```
|
||||||
|
$ vim /var/lib/lxc/$container_name/config
|
||||||
|
+ lxc.apparmor.profile = unconfined
|
||||||
|
$ lxc-stop -n $container_name && lxc-start -n $container_name
|
||||||
|
```
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue