[tor-bugs] #17754 [Tor]: 0.2.7.5 cannot work inside lxc container

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 8 01:03:33 UTC 2015 

#17754: 0.2.7.5 cannot work inside lxc container
--------------------+------------------------------------
 Reporter:  kibba   |          Owner:
     Type:  defect  |         Status:  needs_information
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:  Tor: 0.2.7.5
 Severity:  Normal  |     Resolution:
 Keywords:  lxc     |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by kibba):

 kern.log :

 {{{
 Dec  8 01:54:08 torouter kernel: [384376.105956] audit: type=1400
 audit(1449536048.599:71891): apparmor="DENIED" operation="file_perm"
 profile="lxc-container-default" name="private/defer" pid=1407 comm="smtp"
 requested_mask="r" denied_mask="r" fsuid=109 ouid=0
 Dec  8 01:54:17 torouter kernel: [384384.558916] audit_printk_skb: 48
 callbacks suppressed
 Dec  8 01:54:17 torouter kernel: [384384.558925] audit: type=1400
 audit(1449536057.055:71918): apparmor="DENIED" operation="file_perm"
 profile="lxc-container-default" name="private/bounce" pid=1410 comm="smtp"
 requested_mask="r" denied_mask="r" fsuid=109 ouid=0
 Dec  8 01:55:51 torouter kernel: [384479.375750] audit: type=1400
 audit(1449536151.847:71926): apparmor="DENIED" operation="file_perm"
 profile="lxc-container-default" name="private/defer" pid=1406 comm="smtp"
 requested_mask="r" denied_mask="r" fsuid=109 ouid=0
 }}}

 dmesg :
 {{{
 [384228.364335] audit: type=1400 audit(1449535900.891:71845):
 apparmor="DENIED" operation="mount" info="failed type match" error=-13
 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=29331
 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"
 [384233.054448] audit: type=1400 audit(1449535905.579:71846):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=30235 comm="(install)"
 flags="rw, rslave"
 [384233.233420] audit: type=1400 audit(1449535905.759:71847):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=30389 comm="(tor)" flags="rw,
 rslave"
 [384235.601373] audit: type=1400 audit(1449535908.123:71848):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=30864 comm="(tor)" flags="rw,
 rslave"
 [384236.463215] audit: type=1400 audit(1449535908.987:71849):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=30976 comm="(install)"
 flags="rw, rslave"
 [384236.492256] audit: type=1400 audit(1449535909.015:71850):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31005 comm="(tor)" flags="rw,
 rslave"
 [384236.539962] audit: type=1400 audit(1449535909.063:71851):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31043 comm="(tor)" flags="rw,
 rslave"
 [384236.934917] audit: type=1400 audit(1449535909.459:71852):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31391 comm="(install)"
 flags="rw, rslave"
 [384236.964545] audit: type=1400 audit(1449535909.487:71853):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31460 comm="(tor)" flags="rw,
 rslave"
 [384237.020065] audit: type=1400 audit(1449535909.543:71854):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31522 comm="(tor)" flags="rw,
 rslave"
 [384238.450632] audit_printk_skb: 9 callbacks suppressed
 [384238.450634] audit: type=1400 audit(1449535910.975:71858):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31650 comm="(install)"
 flags="rw, rslave"
 [384238.475414] audit: type=1400 audit(1449535910.999:71859):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31804 comm="(tor)" flags="rw,
 rslave"
 [384238.528398] audit: type=1400 audit(1449535911.051:71860):
 apparmor="DENIED" operation="mount" info="failed flags match" error=-13
 profile="lxc-container-default" name="/" pid=31833 comm="(tor)" flags="rw,
 rslave"
 [384241.850826] lxcbr0: port 3(vethYAGFKF) entered forwarding state

 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17754#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list