I have a server with debian 10.11 (buster) and lxc (from debian repos, 1:3.1.0+really3.0.3-8) installed.
When I create a new lxc container (bullseye) (using lxc-create -t download -n redis-container -- -d debian -r bullseye -a amd64) I get a new, perfectly working container with apparmor enabled (profile=generated, allow_nesting=1). Then, I install redis in the lxc container using apt install redis-server and it installs as it should (version 5:6.0.16-1+deb11u1), but it does not start, it errors with:
dec 16 00:18:28 redis-container redis-server[2391]: *** FATAL CONFIG FILE ERROR (Redis 6.0.16) ***
dec 16 00:18:28 redis-container redis-server[2391]: Reading the configuration file, at line 260
dec 16 00:18:28 redis-container redis-server[2391]: >>> 'logfile /var/log/redis/redis-server.log'
dec 16 00:18:28 redis-container redis-server[2391]: Can't open the log file: Read-only file system
After investigation, I was able to narrow the problem a little bit. The default systemd unit has the following lines:
ReadOnlyDirectories=/
ReadWritePaths=-/var/lib/redis
ReadWritePaths=-/var/log/redis
ReadWritePaths=-/var/run/redis
I moved to disable apparmor to be sure that was not the problem, but the error kept returning. At some point, I got starting the service working by changing ReadWritePaths to ReadWriteDirectories, but stopping the service would result in a similar error, but about writing the save file to /var/lib/redis. As of writing this, I am unable to reproduce this, it does not start that way.
The only way to get the service started, and working perfectly, is by commenting the line ReadOnlyDirectories=/.
I would appreciate if someone could help me find the problem.
