I also tried
aa-disable usr.bin.crun
but that doesn't work either. I guess it's not really crun, but profile="containers-default-0.50.1", but that is created dynamically -- it's not anywhere in /etc/apparmor.d/. I grepped the whole file system for that:
grep: /usr/lib/podman/rootlessport: binary file matches grep: /usr/bin/podman: binary file matches grep: /usr/bin/buildah: binary file matches
Running an individual container with --security-opt=label=disable also doesn't work, same DENIED and failure.
"man containers.conf" points at apparmor_profile="containerādefault", but not how to disable it. I naively tried apparmor_profile="none" but
Error: AppArmor profile "none" specified but not loaded
But curiously an empty string works. š So, my official workaround:
mkdir -p /etc/containers/containers.conf.d printf '[CONTAINERS]\napparmor_profile=""\n' > /etc/containers/containers.conf.d/disable-apparmor.conf
I also tried
aa-disable usr.bin.crun
but that doesn't work either. I guess it's not really crun, but profile= "containers- default- 0.50.1" , but that is created dynamically -- it's not anywhere in /etc/apparmor.d/. I grepped the whole file system for that:
grep: /usr/lib/ podman/ rootlessport: binary file matches
grep: /usr/bin/podman: binary file matches
grep: /usr/bin/buildah: binary file matches
Running an individual container with --security- opt=label= disable also doesn't work, same DENIED and failure.
"man containers.conf" points at apparmor_ profile= "containerā default" , but not how to disable it. I naively tried apparmor_ profile= "none" but
Error: AppArmor profile "none" specified but not loaded
But curiously an empty string works. š So, my official workaround:
mkdir -p /etc/containers /containers. conf.d \napparmor_ profile= ""\n' > /etc/containers /containers. conf.d/ disable- apparmor. conf
printf '[CONTAINERS]