The patch above doesn't work as it stands. We are still getting signal filters in the audit log
May 14 11:13:06 srv-omzr6 kernel: audit: type=1400 audit(1715685186.296:112): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8031 comm="3" requested_mask="receive" denied_mask="receive" signal=term peer="crun" May 14 11:13:06 srv-omzr6 kernel: audit: type=1400 audit(1715685186.318:113): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8033 comm="3" requested_mask="receive" denied_mask="receive" signal=term peer="crun" May 14 11:13:16 srv-omzr6 kernel: audit: type=1400 audit(1715685196.340:114): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8035 comm="3" requested_mask="receive" denied_mask="receive" signal=kill peer="crun" May 14 11:13:21 srv-omzr6 kernel: audit: type=1400 audit(1715685201.413:115): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=7664 comm="conmon" requested_mask="receive" denied_mask="receive" signal=term peer="podman" May 14 11:14:31 srv-omzr6 kernel: audit: type=1400 audit(1715685271.577:116): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8049 comm="3" requested_mask="receive" denied_mask="receive" signal=term peer="crun" May 14 11:14:36 srv-omzr6 kernel: audit: type=1400 audit(1715685276.326:117): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8052 comm="3" requested_mask="receive" denied_mask="receive" signal=kill peer="crun" May 14 11:14:41 srv-omzr6 kernel: audit: type=1400 audit(1715685281.392:118): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=7458 comm="conmon" requested_mask="receive" denied_mask="receive" signal=term peer="podman" May 14 11:14:41 srv-omzr6 kernel: audit: type=1400 audit(1715685281.604:119): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4" pid=8055 comm="3" requested_mask="receive" denied_mask="receive" signal=kill peer="crun"
The patch above doesn't work as it stands. We are still getting signal filters in the audit log
May 14 11:13:06 srv-omzr6 kernel: audit: type=1400 audit(171568518 6.296:112) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8031 comm="3" requested_ mask="receive" denied_ mask="receive" signal=term peer="crun" 6.318:113) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8033 comm="3" requested_ mask="receive" denied_ mask="receive" signal=term peer="crun" 6.340:114) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8035 comm="3" requested_ mask="receive" denied_ mask="receive" signal=kill peer="crun" 1.413:115) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=7664 comm="conmon" requested_ mask="receive" denied_ mask="receive" signal=term peer="podman" 1.577:116) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8049 comm="3" requested_ mask="receive" denied_ mask="receive" signal=term peer="crun" 6.326:117) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8052 comm="3" requested_ mask="receive" denied_ mask="receive" signal=kill peer="crun" 1.392:118) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=7458 comm="conmon" requested_ mask="receive" denied_ mask="receive" signal=term peer="podman" 1.604:119) : apparmor="DENIED" operation="signal" class="signal" profile= "containers- default- 0.57.4" pid=8055 comm="3" requested_ mask="receive" denied_ mask="receive" signal=kill peer="crun"
May 14 11:13:06 srv-omzr6 kernel: audit: type=1400 audit(171568518
May 14 11:13:16 srv-omzr6 kernel: audit: type=1400 audit(171568519
May 14 11:13:21 srv-omzr6 kernel: audit: type=1400 audit(171568520
May 14 11:14:31 srv-omzr6 kernel: audit: type=1400 audit(171568527
May 14 11:14:36 srv-omzr6 kernel: audit: type=1400 audit(171568527
May 14 11:14:41 srv-omzr6 kernel: audit: type=1400 audit(171568528
May 14 11:14:41 srv-omzr6 kernel: audit: type=1400 audit(171568528