When trying to start my lxd containers that use port redirection, those machines fail with an apparmor error message. Looking for the source of the problem, it seems that apparmor 3.0 has a bug https://gitlab.com/apparmor/apparmor/-/issues/150 that breaks in a similar way. Is there a functional reason that the current LTS version of lxd requires a major bump in apparmor functionality, or is that more of a hygiene decision for Gentoo? I would have downgraded to verify, but since all the old ebuilds are gone, I am hoping that it's possible to run the current version with the 2.13.4 version of apparmor until the problem is fixed. Reproducible: Always Steps to Reproduce: 1. Have a container with port forwarding using forkproxy 2. Restart machine using new version of lxd with apparmor 3 3. Watch container fail to start due to apparmor error Actual Results: Container fails to start Expected Results: Container should start
Hey, I don't personally use apparmor at all in Gentoo so not familiar with this issue. But do I understand you correctly, that apparmor-2.13.4 works with lxd? Or was it perhaps 2.13.3 that worked, but got removed? If 2.13.4 still works, it's easy to pin the required version. If we need 2.13.3, well it's doable too, but need to check with apparmor's maintainer first.
Ping, still need verification to the questions I've asked.
We would really benefit from seeing the error too?
(In reply to Joonas Niilola from comment #1) > Hey, > > I don't personally use apparmor at all in Gentoo so not familiar with this > issue. But do I understand you correctly, that apparmor-2.13.4 works with > lxd? Or was it perhaps 2.13.3 that worked, but got removed? > > If 2.13.4 still works, it's easy to pin the required version. > If we need 2.13.3, well it's doable too, but need to check with apparmor's > maintainer first. 2.13.4 works, but there is a bug that forces you to downgrade to an earlier version of make to compile it, if I remember correctly, which is something they didn't fix in 2.13.4 but rather pointed to 3.0.0 for.
(In reply to Sam James from comment #3) > We would really benefit from seeing the error too? The error is rather vague, but it says "aa-exec: ERROR: AppArmor interface not available"
One more question: What kernel version are you on? I see the linked arch linux issue is resolved with "latest" kernels.
And with older kernels, from what I've read, this might be relevant for a fix: https://lore.kernel.org/stable/20210614102643.875096342@linuxfoundation.org/
(In reply to Joonas Niilola from comment #6) > One more question: What kernel version are you on? I see the linked arch > linux issue is resolved with "latest" kernels. Confirmed, this has resolved itself with newer versions of the software. Closing.