Docker not working: "apparmor failed to apply profile: write /proc/self/attr/exec: invalid argument: unknown."

anthraxx / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

Other

567 stars 56 forks source link

Docker not working: "apparmor failed to apply profile: write /proc/self/attr/exec: invalid argument: unknown." #58

Closed figbux closed 3 years ago

figbux commented 3 years ago

Hello,

Trying to start docker and having the same issue as stated in: https://github.com/docker/for-linux/issues/1199

Tested on: 5.10.17-hardened1-1-hardened

Would you mind solving this or should we try working around it?

Thanks!

anthraxx commented 3 years ago

Hello @figbux , reading through the bug I don't see how this is an issue with our kernels, the regression is clearly not on our side but a shortcoming in the container runtime

figbux commented 3 years ago

I actually opened this issue regarding to the comment:

https://github.com/docker/for-linux/issues/1199#issuecomment-776584489

I don't mean regression is on our or on their side; I just don't know. So I've opened this issue to ask. If you feel like that you can close the issue.

Thanks.

anthraxx commented 3 years ago

@figbux I see, thank you very much for reaching out to us, this is really important! I think the right conclusion here is that we simply prioritize to backport the runc pull request to allow it to work with the appropriate lsm interface. This would resolve the issue in our packages at the right spot :cat: Thanks again!