apparmor docker
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
docker |
New
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
Docker version 24.0.5, build 24.0.5-0ubuntu1
Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled.
[17990.085295] audit: type=1400 audit(169721324
[17992.112517] audit: type=1400 audit(169721324
Applies to all signals.
# docker kill -s sigusr1 dynamodb-local 2e8b59debd22a24 39f4709c5fafe3d bf46a0a06f67ba6 5204: unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied
Error response from daemon: Cannot kill container: dynamodb-local: Cannot kill container fe323ad3ca9648f
: unknown
[33054.783037] audit: type=1400 audit(169722830 8.520:1037) : apparmor="DENIED" operation="signal" class="signal" profile= "docker- default" pid=189468 comm="runc" requested_ mask="receive" denied_ mask="receive" signal=usr1 peer="/ usr/sbin/ runc"