Last active
August 29, 2015 13:57
-
-
Save mendeni/9764596 to your computer and use it in GitHub Desktop.
lxc.se_context = unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@debian:~# sh -x eg | |
| + | |
| + | |
| + echo | |
| + cat /var/lib/lxc/sew100/config | |
| # Template used to create this container: /usr/share/lxc/templates/lxc-rackos-debian-secure | |
| # Parameters passed to the template: | |
| # For additional config options, please look at lxc.conf(5) | |
| lxc.rootfs = /var/lib/lxc/sew100/rootfs | |
| # Common configuration | |
| lxc.include = /usr/share/lxc/config/debian.common.conf | |
| # Container specific configuration | |
| lxc.mount = /var/lib/lxc/sew100/fstab | |
| lxc.utsname = sew100 | |
| lxc.arch = amd64 | |
| lxc.network.type = veth | |
| lxc.network.flags = up | |
| lxc.network.link = br0 | |
| lxc.network.hwaddr = 00:1E:4D:12:E1:7F | |
| lxc.seccomp = /var/lib/lxc/sew100/seccomp.syscalls | |
| lxc.se_context = unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023 | |
| + echo | |
| + lxc-start -l DEBUG -o /tmp/lxc.log -n sew100 | |
| lxc-start: Invalid argument - failed to set new SELinux exec context unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023 | |
| lxc-start: invalid sequence number 1. expected 4 | |
| lxc-start: failed to spawn 'sew100' | |
| lxc-start: Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/lxc/sew100-12 | |
| + echo | |
| + cat /tmp/lxc.log | |
| lxc-start 1395761160.470 INFO lxc_start_ui - using rcfile /var/lib/lxc/sew100/config | |
| lxc-start 1395761160.471 WARN lxc_log - lxc_log_init called with log already initialized | |
| lxc-start 1395761160.471 INFO lxc_lsm - LSM security driver SELinux | |
| lxc-start 1395761160.472 DEBUG lxc_conf - allocated pty '/dev/pts/1' (5/6) | |
| lxc-start 1395761160.472 DEBUG lxc_conf - allocated pty '/dev/pts/2' (7/8) | |
| lxc-start 1395761160.472 DEBUG lxc_conf - allocated pty '/dev/pts/3' (9/10) | |
| lxc-start 1395761160.472 DEBUG lxc_conf - allocated pty '/dev/pts/4' (11/12) | |
| lxc-start 1395761160.472 INFO lxc_conf - tty's configured | |
| lxc-start 1395761160.472 DEBUG lxc_start - sigchild handler set | |
| lxc-start 1395761160.472 DEBUG lxc_console - opening /dev/tty for console peer | |
| lxc-start 1395761160.472 DEBUG lxc_console - using '/dev/tty' as console | |
| lxc-start 1395761160.472 DEBUG lxc_console - 7077 got SIGWINCH fd 17 | |
| lxc-start 1395761160.472 DEBUG lxc_console - set winsz dstfd:14 cols:1929 rows:673 | |
| lxc-start 1395761160.472 INFO lxc_start - 'sew100' is initialized | |
| lxc-start 1395761160.476 DEBUG lxc_start - Not dropping cap_sys_boot or watching utmp | |
| lxc-start 1395761160.477 DEBUG lxc_conf - instanciated veth 'veth2TL5JM/vethN2RM43', index is '35' | |
| lxc-start 1395761160.477 INFO lxc_cgroup - cgroup driver cgroupfs initing for sew100 | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.deny' set to 'a' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c *:* m' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'b *:* m' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:3 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:5 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:0 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:1 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:8 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:9 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:2 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 136:* rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 254:0 rm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:229 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:200 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:7 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:228 rwm' | |
| lxc-start 1395761160.480 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:232 rwm' | |
| lxc-start 1395761160.480 INFO lxc_cgfs - cgroup has been setup | |
| lxc-start 1395761160.486 DEBUG lxc_conf - move '(null)' to '7083' | |
| lxc-start 1395761160.486 INFO lxc_conf - 'sew100' hostname has been setup | |
| lxc-start 1395761160.493 DEBUG lxc_conf - mac address '00:1E:4D:12:E1:7F' on 'eth0' has been setup | |
| lxc-start 1395761160.493 DEBUG lxc_conf - 'eth0' has been setup | |
| lxc-start 1395761160.493 INFO lxc_conf - network has been setup | |
| lxc-start 1395761160.494 DEBUG lxc_conf - mounted '/var/lib/lxc/sew100/rootfs' on '/usr/lib/lxc/rootfs' | |
| lxc-start 1395761160.494 DEBUG lxc_conf - Set exec command to /sbin/init | |
| lxc-start 1395761160.494 INFO lxc_conf - Autodev not required. | |
| lxc-start 1395761160.494 INFO lxc_conf - mount points have been setup | |
| lxc-start 1395761160.494 DEBUG lxc_conf - mounted 'proc' on '/usr/lib/lxc/rootfs/proc', type 'proc' | |
| lxc-start 1395761160.494 DEBUG lxc_conf - mounted 'sysfs' on '/usr/lib/lxc/rootfs/sys', type 'sysfs' | |
| lxc-start 1395761160.494 DEBUG lxc_conf - remounting /sys/fs/fuse/connections on /usr/lib/lxc/rootfs/sys/fs/fuse/connections to respect bind or remount options | |
| lxc-start 1395761160.494 DEBUG lxc_conf - mounted '/sys/fs/fuse/connections' on '/usr/lib/lxc/rootfs/sys/fs/fuse/connections', type 'none' | |
| lxc-start 1395761160.494 INFO lxc_conf - mount points have been setup | |
| lxc-start 1395761160.494 INFO lxc_conf - console has been setup | |
| lxc-start 1395761160.494 INFO lxc_conf - 4 tty(s) has been setup | |
| lxc-start 1395761160.494 INFO lxc_conf - I am 1, /proc/self points to '1' | |
| lxc-start 1395761160.494 DEBUG lxc_conf - created '/usr/lib/lxc/rootfs/lxc_putold' directory | |
| lxc-start 1395761160.494 DEBUG lxc_conf - mountpoint for old rootfs is '/usr/lib/lxc/rootfs/lxc_putold' | |
| lxc-start 1395761160.494 DEBUG lxc_conf - pivot_root syscall to '/usr/lib/lxc/rootfs' successful | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/dev/pts' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/run/lock' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/run/shm' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/sys/fs/selinux' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/sys/fs/cgroup' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/proc' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/var/lib/nfs/rpc_pipefs' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/dev' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/run' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold/sys' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - umounted '/lxc_putold' | |
| lxc-start 1395761160.495 INFO lxc_conf - created new pts instance | |
| lxc-start 1395761160.495 INFO lxc_conf - set personality to '0x0' | |
| lxc-start 1395761160.495 DEBUG lxc_conf - drop capability 'sys_module' (16) | |
| lxc-start 1395761160.495 DEBUG lxc_conf - drop capability 'mac_admin' (33) | |
| lxc-start 1395761160.495 DEBUG lxc_conf - drop capability 'mac_override' (32) | |
| lxc-start 1395761160.495 DEBUG lxc_conf - drop capability 'sys_time' (25) | |
| lxc-start 1395761160.495 DEBUG lxc_conf - capabilities have been setup | |
| lxc-start 1395761160.495 NOTICE lxc_conf - 'sew100' is setup. | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.deny' set to 'a' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c *:* m' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'b *:* m' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:3 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:5 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:0 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:1 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:8 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:9 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:2 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 136:* rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 254:0 rm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:229 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:200 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:7 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:228 rwm' | |
| lxc-start 1395761160.495 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:232 rwm' | |
| lxc-start 1395761160.495 INFO lxc_cgfs - cgroup has been setup | |
| lxc-start 1395761160.495 ERROR lxc_lsm_selinux - Invalid argument - failed to set new SELinux exec context unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023 | |
| lxc-start 1395761160.496 ERROR lxc_sync - invalid sequence number 1. expected 4 | |
| lxc-start 1395761160.496 ERROR lxc_start - failed to spawn 'sew100' | |
| lxc-start 1395761160.497 ERROR lxc_cgfs - Device or resource busy - cgroup_rmdir: failed to delete /sys/fs/cgroup/lxc/sew100-12 | |
| + echo | |
| + cat /var/log/audit/audit.log | |
| type=ANOM_PROMISCUOUS msg=audit(1395761160.476:177): dev=veth2TL5JM prom=256 old_prom=0 auid=0 uid=0 gid=0 ses=100 | |
| type=SYSCALL msg=audit(1395761160.476:177): arch=c000003e syscall=16 success=yes exit=0 a0=14 a1=89a2 a2=7fff127bc670 a3=0 items=0 ppid=7075 pid=7077 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=100 tty=pts0 comm="lxc-start" exe="/usr/bin/lxc-start" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=filter family=2 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=mangle family=2 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=nat family=2 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=raw family=2 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=filter family=3 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=filter family=10 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=mangle family=10 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=raw family=10 entries=0 | |
| type=UNKNOWN[1325] msg=audit(1395761160.477:178): table=nat family=10 entries=0 | |
| type=SYSCALL msg=audit(1395761160.477:178): arch=c000003e syscall=56 success=yes exit=7083 a0=6c020011 a1=7fff127bc730 a2=9 a3=0 items=0 ppid=7075 pid=7077 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=100 tty=pts0 comm="lxc-start" exe="/usr/bin/lxc-start" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) | |
| root@debian:~# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment