I can easily reproduce with stgraber's instructions on an arm64 VM running 20.04 with the 5.4 kernel.
Maciej asked me to provide the output of the following commands:
in the LXD container:
root@c1:~# echo 'profile snap-test { capability bpf, }' | apparmor_parser --preprocess ; echo $? Warning from stdin (line 1): apparmor_parser: Warning capping number of jobs to 0 * # of cpus == '16'AppArmor parser error, in stdin line 1: Invalid capability bpf. 0
on the host:
ubuntu@anbox-streaming-stack-0:~$ echo 'profile snap-test { capability bpf, }' | apparmor_parser --preprocess ; echo $? AppArmor parser error, in stdin line 1: Invalid capability bpf. profile snap-test { capability bpf1
I can easily reproduce with stgraber's instructions on an arm64 VM running 20.04 with the 5.4 kernel.
Maciej asked me to provide the output of the following commands:
in the LXD container:
root@c1:~# echo 'profile snap-test { capability bpf, }' | apparmor_parser --preprocess ; echo $?
Warning from stdin (line 1): apparmor_parser: Warning capping number of jobs to 0 * # of cpus == '16'AppArmor parser error, in stdin line 1: Invalid capability bpf.
0
on the host:
ubuntu@ anbox-streaming -stack- 0:~$ echo 'profile snap-test { capability bpf, }' | apparmor_parser --preprocess ; echo $?
AppArmor parser error, in stdin line 1: Invalid capability bpf.
profile snap-test { capability bpf1