Hi,
With my host running LXD 3.22 under Debian Buster, I was using bind mount without issue for a container running Debian Stretch (with subuid/subgid to enable write access on host). I upgraded that container to Buster (9.x to 10.x so), and the bind mount doesn’t work any more. The host’s syslog indicates an issue with AppArmor (see below) but despite me reading numerous posts on the subject (I don’t know AppArmor well), I’m lost about what to do…Any help? Thank you!
My host has apparmor version 2.13.2-10
Mar 21 20:48:12 hoster kernel: [36075.232132] lxdbr0: port 4(vethcd7573cd) entered disabled state
Mar 21 20:48:13 hoster kernel: [36075.370286] vethf93ab26e: renamed from eth0
Mar 21 20:48:13 hoster kernel: [36075.423954] lxdbr0: port 4(vethcd7573cd) entered disabled state
Mar 21 20:48:13 hoster kernel: [36075.424065] device vethcd7573cd left promiscuous mode
Mar 21 20:48:13 hoster kernel: [36075.424067] lxdbr0: port 4(vethcd7573cd) entered disabled state
Mar 21 20:48:13 hoster kernel: [36076.209438] audit: type=1400 audit(1584820093.837:186): apparmor=“STATUS” operation=“profile_remove” profile=“unconfined” name=“lxd-cloud_</var/snap/lxd/common/lxd>” pid=17361 comm=“apparmor_parser”
Mar 21 20:48:13 hoster kernel: [36076.218346] lxdbr0: port 4(veth9d925da8) entered blocking state
Mar 21 20:48:13 hoster kernel: [36076.218348] lxdbr0: port 4(veth9d925da8) entered disabled state
Mar 21 20:48:13 hoster kernel: [36076.218407] device veth9d925da8 entered promiscuous mode
Mar 21 20:48:13 hoster kernel: [36076.218441] lxdbr0: port 4(veth9d925da8) entered blocking state
Mar 21 20:48:13 hoster kernel: [36076.218442] lxdbr0: port 4(veth9d925da8) entered forwarding state
Mar 21 20:48:13 hoster kernel: [36076.234138] lxdbr0: port 4(veth9d925da8) entered disabled state
Mar 21 20:48:13 hoster kernel: [36076.261068] audit: type=1400 audit(1584820093.889:187): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“lxd-cloud_</var/snap/lxd/common/lxd>” pid=17404 comm=“apparmor_parser”
Mar 21 20:48:13 hoster kernel: [36076.303159] eth0: renamed from veth3b717e17
Mar 21 20:48:13 hoster kernel: [36076.322247] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 20:48:13 hoster kernel: [36076.323288] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 21 20:48:13 hoster kernel: [36076.323325] lxdbr0: port 4(veth9d925da8) entered blocking state
Mar 21 20:48:13 hoster kernel: [36076.323326] lxdbr0: port 4(veth9d925da8) entered forwarding state
Mar 21 20:48:15 hoster kernel: [36078.091382] audit: type=1400 audit(1584820095.721:188): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/srv/nextcloud/data/fdn/” pid=17668 comm=“(s-server)” flags=“ro, remount, noatime, bind”
Mar 21 20:48:15 hoster kernel: [36078.208598] audit: type=1400 audit(1584820095.837:189): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/bin/” pid=17729 comm=“(mysqld)” flags=“ro, remount, noatime, bind”
Mar 21 20:48:16 hoster kernel: [36078.615802] audit: type=1400 audit(1584820096.245:190): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/srv/nextcloud/data/fdn/” pid=17732 comm=“(s-server)” flags=“ro, remount, noatime, bind”
Mar 21 20:48:16 hoster kernel: [36079.340253] audit: type=1400 audit(1584820096.969:191): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/srv/nextcloud/data/fdn/” pid=17735 comm=“(s-server)” flags=“ro, remount, noatime, bind”
Mar 21 20:48:17 hoster kernel: [36080.083568] audit: type=1400 audit(1584820097.713:192): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/srv/nextcloud/data/fdn/” pid=17738 comm=“(s-server)” flags=“ro, remount, noatime, bind”
Mar 21 20:48:18 hoster kernel: [36080.872807] audit: type=1400 audit(1584820098.501:193): apparmor=“DENIED” operation=“mount” info=“failed flags match” error=-13 profile=“lxd-cloud_</var/snap/lxd/common/lxd>” name=“/run/systemd/unit-root/srv/nextcloud/data/fdn/” pid=17741 comm=“(s-server)” flags=“ro, remount, noatime, bind”