Ubuntu
linux package

apparmor="DENIED" on docker container files

Bug #1880025 reported by Jan Berghoff-Flüel
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

% docker run -it ubuntu bash
yields:
    kernel: audit: type=1400 audit(1590071666.897:72): apparmor="DENIED" operation="open"
    profile="snap.docker.dockerd" name="/root/.bashrc" pid=3497 comm="bash" requested_mask="r"
    denied_mask="r" fsuid=0 ouid=0
with:
    vmlinuz-5.4.0-31-generic

Nearly all containers cannot start properly and hence malfunction.

With vmlinuz-5.4.0-29-generic its ok and containers can be started and work properly.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for filing a bug, but this is not a bug for the AppArmor project. It sounds like it might be a bug against the docker snap. This looks similar to docker not transitioning the container into the container profile. I'm tentatively going to assign this to the snapd project since a snapd developer may be able to advise on how to fix the docker snap.

affects: apparmor → snapd
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Actually, this is 1879690 which is a bug in the Ubuntu kernel.

affects: snapd → linux (Ubuntu)
Changed in linux (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor)
Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.