Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Volumes and AppArmor: "lxc-start: Permission denied - failed to mount" #2702

Closed
metalivedev opened this issue Nov 14, 2013 · 0 comments
Closed

Volumes and AppArmor: "lxc-start: Permission denied - failed to mount" #2702

metalivedev opened this issue Nov 14, 2013 · 0 comments

Comments

@metalivedev
Copy link
Contributor

@jpetazzo worked through an issue where AppArmor prevents mounting a volume. This needs to get added to the Volumes "Known Issues".

The error looks like this in a build:

Problem

$ cat Dockerfile
# DOCKER-VERSION 0.6.1
FROM   ubuntu:12.04
VOLUME ["/var/run/foo"]
# No complaints if there are no writes after the above volume mount.
# Alternatively, this same error happens during `run` rather than `build`.
RUN    touch "/tmp/bar"

$ docker build -t test -rm=true .
Uploading context 10240 bytes
Step 1 : FROM ubuntu:12.04
 ---> 8dbd9e392a96
Step 2 : VOLUME ["/var/run/foo"]
 ---> Running in 44964a2d495d
 ---> 7766bb94fac5
Step 3 : RUN touch "/tmp/bar"
 ---> Running in a8823551642a
lxc-start: Permission denied - failed to mount '/var/lib/docker/volumes/b551c8189569a451642903fc7c636025aee082c835ee8b1b5993256e61f567b1/layer' on '/usr/lib/lxc/root///var/run/foo'
lxc-start: failed to setup the mount entries for 'a8823551642a82a4721fb48b945d4a0578a1c8b96ccf1417270df8b90f7857f7'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'a8823551642a82a4721fb48b945d4a0578a1c8b96ccf1417270df8b90f7857f7'
Error build: The command [/bin/sh -c touch "/tmp/bar"] returned a non-zero code: 255
The command [/bin/sh -c touch "/tmp/bar"] returned a non-zero code: 255

Context

Ubuntu Precise (12.04) and 13.04
chmoding permissions on the mounted volume makes no difference.
lxc version 0.7.5

Workaround

  1. Install apparmor-utils if they aren't installed already.
  2. Run $ aa-complain /usr/bin/lxc-start

That allows lxc-start and only issues a complaint instead of blocking it entirely.
@ghost ghost assigned metalivedev Nov 14, 2013
metalivedev pushed a commit that referenced this issue Nov 19, 2013
@metaliveblog
Merge pull request #2719 from metalivedev/2702-knownissue-lxc-start-f…
1de02a7 
…ailed-to-mount

Fixes #2702. Also cleans up formatting and long lines in volumes doc.
@lgs lgs mentioned this issue Jan 3, 2014
Closed
@metalivedev metalivedev removed their assignment Jul 24, 2014
tduffield pushed a commit to sous-chefs/docker that referenced this issue Nov 7, 2014
Address moby/moby#2702 workaround
27f4e96 
An issue identified in moby/moby#2702 appeared when testing binary-lxc in Ubuntu 14.10. This is the documented workaround for that issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@metalivedev