Opened 2 years ago

Closed 2 years ago

#32 closed Problem (Fixed)

PHP enabled containers puking all over dmesg

Reported by: D Delmar Davis Owned by: D Delmar Davis
Priority: Minor PITA Milestone: Make Shit Happen / Own Your Shit.
Component: kb2018 (hp) Keywords: #lxc #apparmor
Cc: Joe Dumoulin

Description

{{{[645213.331946] audit: type=1400 audit(1562303341.033:1300): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=11270 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[645213.339424] audit: type=1400 audit(1562303341.041:1301): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=11275 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[647013.335044] audit: type=1400 audit(1562305141.061:1302): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=1806 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[647013.349652] audit: type=1400 audit(1562305141.077:1303): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=1820 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[648813.331083] audit: type=1400 audit(1562306941.076:1304): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=1772 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[648813.341630] audit: type=1400 audit(1562306941.088:1305): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=1779 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[650613.335914] audit: type=1400 audit(1562308741.100:1306): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=30293 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[650613.350667] audit: type=1400 audit(1562308741.116:1307): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=30307 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[652413.333225] audit: type=1400 audit(1562310541.115:1308): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=30228 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[652413.343675] audit: type=1400 audit(1562310541.127:1309): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=30237 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[654213.339943] audit: type=1400 audit(1562312341.143:1310): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=4982 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[654213.344707] audit: type=1400 audit(1562312341.147:1311): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=4987 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[656013.335403] audit: type=1400 audit(1562314141.158:1312): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=10480 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[656013.341590] audit: type=1400 audit(1562314141.162:1313): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=10485 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[657813.337677] audit: type=1400 audit(1562315941.178:1314): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=11185 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[657813.349754] audit: type=1400 audit(1562315941.190:1315): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=11193 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[659613.334677] audit: type=1400 audit(1562317741.193:1316): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=29431 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[659613.346431] audit: type=1400 audit(1562317741.209:1317): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=29441 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[661413.339187] audit: type=1400 audit(1562319541.220:1318): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=23369 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[661413.351663] audit: type=1400 audit(1562319541.232:1319): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=23385 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[663213.336646] audit: type=1400 audit(1562321341.237:1320): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=27680 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[663213.341156] audit: type=1400 audit(1562321341.241:1321): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=27685 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[665013.339019] audit: type=1400 audit(1562323141.261:1322): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=13496 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[665013.352480] audit: type=1400 audit(1562323141.273:1323): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=13509 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[666813.336197] audit: type=1400 audit(1562324941.276:1324): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=18953 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[666813.346084] audit: type=1400 audit(1562324941.284:1325): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=18961 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[668613.338858] audit: type=1400 audit(1562326741.296:1326): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=17502 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[668613.352712] audit: type=1400 audit(1562326741.312:1327): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=17515 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[670413.334634] audit: type=1400 audit(1562328541.311:1328): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=24394 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[670413.340525] audit: type=1400 audit(1562328541.319:1329): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=24399 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[672213.338671] audit: type=1400 audit(1562330341.335:1330): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=25260 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[672213.354425] audit: type=1400 audit(1562330341.351:1331): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=25275 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[674013.335540] audit: type=1400 audit(1562332141.350:1332): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=23031 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[674013.347076] audit: type=1400 audit(1562332141.362:1333): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=23043 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[675813.281229] audit: type=1400 audit(1562333941.314:1334): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=1548 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[675813.286555] audit: type=1400 audit(1562333941.322:1335): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=1553 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[677613.797006] audit: type=1400 audit(1562335741.850:1336): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=7688 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[677613.808799] audit: type=1400 audit(1562335741.862:1337): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=7701 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[679413.282144] audit: type=1400 audit(1562337541.353:1338): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=6419 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[679413.288402] audit: type=1400 audit(1562337541.361:1339): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=6424 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[681213.277739] audit: type=1400 audit(1562339341.373:1340): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=31992 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[681213.283692] audit: type=1400 audit(1562339341.381:1341): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=31998 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[683013.281902] audit: type=1400 audit(1562341141.396:1342): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=1644 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[683013.290517] audit: type=1400 audit(1562341141.404:1343): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=1651 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[684813.276209] audit: type=1400 audit(1562342941.408:1344): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=10982 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[684813.289375] audit: type=1400 audit(1562342941.424:1345): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=10996 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[686613.279782] audit: type=1400 audit(1562344741.431:1346): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=3712 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[686613.294426] audit: type=1400 audit(1562344741.447:1347): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ian_</var/lib/lxd>" name="/home/" pid=3733 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
}}}

Problem mentioned all over the fucking place (sans solution). Potential solution is in the middle of this thread.
https://discuss.linuxcontainers.org/t/apparmor-denied-operation-mount/2424

Change History (2)

comment:1 Changed 2 years ago by D Delmar Davis

Get rid of ProtectHome=true

root@ian:~# nano /lib/systemd/system/phpsessionclean.service 
[Unit]
Description=Clean php session files

[Service]
Type=oneshot
ExecStart=/usr/lib/php/sessionclean
ProtectHome=false
ProtectSystem=true
PrivateTmp=true
....
root@ian:~# reboot
Last edited 2 years ago by D Delmar Davis (previous) (diff)

comment:2 Changed 2 years ago by D Delmar Davis

Resolution: Fixed
Status: assignedclosed

After doing the above to Ian and rebooting only Ernest complains so this works.

[733413.281951] audit: type=1400 audit(1562391541.937:1420): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=20585 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[735213.275320] audit: type=1400 audit(1562393341.949:1421): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=7973 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[737013.279743] audit: type=1400 audit(1562395141.976:1422): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=30795 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[738813.273583] audit: type=1400 audit(1562396941.988:1423): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=28493 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[740613.279307] audit: type=1400 audit(1562398742.016:1424): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=17684 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"
[742412.273672] audit: type=1400 audit(1562400541.027:1425): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-ernest_</var/lib/lxd>" name="/home/" pid=11993 comm="(ionclean)" flags="ro, nosuid, nodev, remount, bind"

Repeating process on Ernest (including reboot) and closing.

Note: See TracTickets for help on using tickets.