From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B19FD7A0E3 for ; Thu, 28 Oct 2021 15:40:42 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9EE8A21557 for ; Thu, 28 Oct 2021 15:40:12 +0200 (CEST) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 224EC2154E for ; Thu, 28 Oct 2021 15:40:12 +0200 (CEST) Received: by picard.linux.it (Postfix, from userid 10) id B1F263C6C12; Thu, 28 Oct 2021 15:40:05 +0200 (CEST) Received: from news by eraldo.lilliput.linux.it with local (Exim 4.89) (envelope-from ) id 1mg5ZZ-0007Yv-WE for pve-user@lists.proxmox.com; Thu, 28 Oct 2021 15:36:02 +0200 From: Marco Gaiarin Date: Thu, 28 Oct 2021 12:36:09 +0200 Organization: Il gaio usa sempre TIN per le liste, fallo anche tu!!! Message-ID: X-Trace: eraldo.lilliput.linux.it 1635428048 28962 192.168.24.2 (28 Oct 2021 13:34:09 GMT) X-Mailer: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-89-generic (x86_64)) X-Gateway-System: SmartGate 1.4.5 To: pve-user@lists.proxmox.com X-SPAM-LEVEL: Spam detection results: 0 AWL 0.050 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% JMQ_SPF_NEUTRAL 0.5 SPF set to ?all KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [PVE-User] Bullseye LXC and logrotate... X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2021 13:40:42 -0000 Setup a pretty standard LXC container on bullseye, on a PVE7 server. Every time logrotate run on LXC i got on LXC: Oct 28 00:00:59 vbaculaacpn1 systemd[106367]: logrotate.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied Oct 28 00:00:59 vbaculaacpn1 systemd[106367]: logrotate.service: Failed at step NAMESPACE spawning /usr/sbin/logrotate: Permission denied Oct 28 00:00:59 vbaculaacpn1 systemd[1]: logrotate.service: Main process exited, code=exited, status=226/NAMESPACE Oct 28 00:00:59 vbaculaacpn1 systemd[1]: logrotate.service: Failed with result 'exit-code'. Oct 28 00:00:59 vbaculaacpn1 systemd[1]: Failed to start Rotate log files. And on PVE: Oct 28 00:00:59 beppe kernel: [280466.359176] audit: type=1400 audit(1635372059.192:31): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-102_" name="/run/systemd/unit-root/proc/" pid=3059401 comm="(ogrotate)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" ?! I've tried to google around a bit, but found nothing. Thanks. -- Alla fiera dell'est, per due soldi un topolino mio padre compro` (A. Branduardi)