Closed AkihiroSuda closed 4 months ago
The audit log:
Apr 23 11:51:02 suda-ws01 kernel: audit: type=1400 audit(1713840662.766:122): apparmor="DENIED" operation="signal" class="signal" profile="nerdctl-default" pid=366783 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/local/bin/rootlesskit"
The fix is applied to nerdctl v1.7.6, via:
nerdctl v1.7.2, containerd v1.7.11, runc v1.1.10, on Ubuntu 23.10 (kernel 6.5.0-14-generic). The binaries are installed onto
/usr/local
(via Lima).The issue doesn't seem to happen on Ubuntu 22.04 LTS. Some apparmor stuff seems to have changed in 23.XX.
Workaround
OR