Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown

[QGB]

version: '3'

services:
  nfs-server:
    image: erichough/nfs-server
    ports:
      - 127.0.11.20:2049:2049
      - 127.0.11.20:111:111
      - 127.0.11.20:32767:32767
      - 127.0.11.20:32765:32765
    volumes:
      - ./exports.txt:/etc/exports:ro
  #   - ./data/nfs-export:/export
      - /lib/modules:/lib/modules:ro
    cap_add:
        - SYS_ADMIN
        - SYS_MODULE
    security_opt:
      - apparmor=erichough-nfs

error:

# docker-compose up
[+] Running 2/2
 ⠿ Network qgb_nfs_default         Created                                                                                                                                            0.1s
 ⠿ Container qgb_nfs-nfs-server-1  Created                                                                                                                                            0.1s
Attaching to qgb_nfs-nfs-server-1
Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown

[QGB]

remove security_opt:

• apparmor=erichough-nfs

  [+] Running 1/1
  ⠿ Container qgb_nfs-nfs-server-1  Recreated                                                                                                                                          0.1s
  Attaching to qgb_nfs-nfs-server-1
  qgb_nfs-nfs-server-1  | 
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  |       SETTING UP ...
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  | ----> setup complete
  qgb_nfs-nfs-server-1  | 
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  |       STARTING SERVICES ...
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  | mount: mounting rpc_pipefs on /var/lib/nfs/rpc_pipefs failed: Permission denied
  qgb_nfs-nfs-server-1  | ----> 
  qgb_nfs-nfs-server-1  | ----> ERROR: unable to mount rpc_pipefs filesystem onto /var/lib/nfs/rpc_pipefs
  qgb_nfs-nfs-server-1  | ----> 
  qgb_nfs-nfs-server-1  | 
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  |       TERMINATING ...
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  | ----> terminating nfsd
  qgb_nfs-nfs-server-1  | ----> WARNING: unable to terminate nfsd. if it had started already, check Docker host for lingering [nfsd] processes
  qgb_nfs-nfs-server-1  | ----> rpc.statd was not running
  qgb_nfs-nfs-server-1  | ----> rpc.mountd was not running
  qgb_nfs-nfs-server-1  | ----> un-exporting filesystem(s)
  qgb_nfs-nfs-server-1  | ----> rpcbind was not running
  qgb_nfs-nfs-server-1  | ----> no active mount at /proc/fs/nfsd
  qgb_nfs-nfs-server-1  | ----> no active mount at /var/lib/nfs/rpc_pipefs
  qgb_nfs-nfs-server-1  | 
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1  |       TERMINATED
  qgb_nfs-nfs-server-1  | ==================================================================
  qgb_nfs-nfs-server-1 exited with code 0

[QGB]

apparmor_status

# apparmor_status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/lxd/lxd-bridge-proxy
   /usr/sbin/tcpdump
   docker-default
   lxc-container-default
   lxc-container-default-cgns
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
0 profiles are in complain mode.
7 processes have profiles defined.
7 processes are in enforce mode.
   /sbin/dhclient (904) 
   docker-default (2054) 
   docker-default (2093) 
   docker-default (2118) 
   docker-default (2119) 
   docker-default (29671) 
   docker-default (32254) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.