snapd

docker-support doesn't quite work for docker with base:core22

Bug #2011485 reported by Dimitri John Ledkov on 2023-03-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	Fix Committed	Undecided	Unassigned

Bug Description

core20
+ sudo docker run --rm hello-world
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser --version` failed with output: Failed to load policy-features from '/etc/apparmor.d/abi/2.13': Permission denied

core22
+ sudo docker run --rm hello-world
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser --version` failed with output: Failed to load policy-features from '/etc/apparmor.d/abi/kernel-5.4-outoftree-network': Permission denied

it seems modern apparmor_parser wants to read the abi policy file by default, as specified by default in the parser.conf. In such cases, reading such files should be allowed.

Imho `apparmor_parser --version` should pass, as needed for the docker support interface.

Revision history for this message

Michael Vogt (mvo) wrote on 2023-03-15:

Merged in https://github.com/snapcore/snapd/pull/12644

Changed in snapd:
status:	New → In Progress
status:	In Progress → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.