supr · January 20, 2014 01:30
diff --git a/audit.log b/audit.log
 type=ANOM_PROMISCUOUS msg=audit(1390181243.529:735): dev=vethDvSeyL prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
 type=SYSCALL msg=audit(1390181243.529:735): arch=c000003e syscall=16 success=yes exit=0 a0=a a1=89a2 a2=7fff4caa1640 a3=7fff4caa1460 items=0 ppid=1806 pid=1935 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=filter family=2 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=raw family=2 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=security family=2 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=mangle family=2 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=nat family=2 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=filter family=10 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=raw family=10 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=security family=10 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=mangle family=10 entries=0
 type=NETFILTER_CFG msg=audit(1390181243.530:736): table=nat family=10 entries=0
 type=SYSCALL msg=audit(1390181243.530:736): arch=c000003e syscall=56 success=yes exit=1945 a0=6c020011 a1=7fff4caa1760 a2=6d a3=7fff4caa17bc items=0 ppid=1806 pid=1935 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
 type=AVC msg=audit(1390181243.555:737): avc:  denied  { mounton } for  pid=1945 comm="lxc-start" path="/dev/ptmx" dev="dm-4" ino=131989 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
 type=SYSCALL msg=audit(1390181243.555:737): arch=c000003e syscall=165 success=no exit=-13 a0=7f5926e06267 a1=7f5926e06296 a2=7f5926e04b4b a3=1000 items=0 ppid=0 pid=1945 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
 type=ANOM_PROMISCUOUS msg=audit(1390181243.575:738): dev=vethDvSeyL prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
diff --git a/stdout b/stdout
 [prudhvi@taygeta ~]$ docker run -i -t centos /bin/bash
 lxc-start: Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'
 lxc-start: failed to setup the new pts instance
 lxc-start: failed to setup the container
 lxc-start: invalid sequence number 1. expected 2
 lxc-start: failed to spawn 'c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/cpuset/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/cpu,cpuacct/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/memory/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/devices/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/freezer/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/net_cls/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/blkio/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/perf_event/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/hugetlb/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
 [error] commands.go:2445 Error getting size: bad file descriptor
	type=ANOM_PROMISCUOUS msg=audit(1390181243.529:735): dev=vethDvSeyL prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
	type=SYSCALL msg=audit(1390181243.529:735): arch=c000003e syscall=16 success=yes exit=0 a0=a a1=89a2 a2=7fff4caa1640 a3=7fff4caa1460 items=0 ppid=1806 pid=1935 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=filter family=2 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=raw family=2 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=security family=2 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=mangle family=2 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=nat family=2 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=filter family=10 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=raw family=10 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=security family=10 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=mangle family=10 entries=0
	type=NETFILTER_CFG msg=audit(1390181243.530:736): table=nat family=10 entries=0
	type=SYSCALL msg=audit(1390181243.530:736): arch=c000003e syscall=56 success=yes exit=1945 a0=6c020011 a1=7fff4caa1760 a2=6d a3=7fff4caa17bc items=0 ppid=1806 pid=1935 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
	type=AVC msg=audit(1390181243.555:737): avc: denied { mounton } for pid=1945 comm="lxc-start" path="/dev/ptmx" dev="dm-4" ino=131989 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
	type=SYSCALL msg=audit(1390181243.555:737): arch=c000003e syscall=165 success=no exit=-13 a0=7f5926e06267 a1=7f5926e06296 a2=7f5926e04b4b a3=1000 items=0 ppid=0 pid=1945 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts3 comm="lxc-start" exe="/usr/bin/lxc-start" subj=system_u:system_r:docker_t:s0 key=(null)
	type=ANOM_PROMISCUOUS msg=audit(1390181243.575:738): dev=vethDvSeyL prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
	[prudhvi@taygeta ~]$ docker run -i -t centos /bin/bash
	lxc-start: Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'
	lxc-start: failed to setup the new pts instance
	lxc-start: failed to setup the container
	lxc-start: invalid sequence number 1. expected 2
	lxc-start: failed to spawn 'c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/cpuset/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/cpu,cpuacct/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/memory/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/devices/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/freezer/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/net_cls/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/blkio/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/perf_event/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/hugetlb/lxc/c8bc7c373ae20d720c5d0ab1fba6032ed1e088cc91e236583c644ac4178ce51b'
	[error] commands.go:2445 Error getting size: bad file descriptor