Closed Oratorian closed 11 months ago
Exactly the same here. Seem to be a problem with docker-ce itself. Should be solved in docker-ce=23.0.1. See here: https://github.com/moby/moby/issues/44900
This is not working for me. Temporary solution: revert to previous docker-ce version e.g.:
apt install docker-ce=5:20.10.23~3-0~debian-bullseye
Also a solution: Install apparmor prior to upgrading to docker 23.0.1 or restart docker after installation of apparmor.
apt install apparmor
and then restart docker, e.g. systemctl restart docker
.
Finally restart mailcow docker-compose up -d
.
or simply set Edit: not a good security advice if forgotten...apparmor=0
on the kernel command line.
See: https://github.com/moby/moby/issues/44970#issuecomment-1427428554
for the record, upgrading to docker-ce=23.0.1 did not solve the problem for me, but manually installing the apparmor
package and then restarting docker did. Thanks cnbhl!
i struggled with this problem the last 2 days. I try'd Debian 11 and Ubuntu 22.10.
On Debian11 apt install apparmor
solved the problem.
On Ubuntu 22.10 didnt.
Maybe can someone post where in the Docker Install script i can specify the version to 23.0 ?
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
i struggled with this problem the last 2 days. I try'd Debian 11 and Ubuntu 22.10. On Debian11
apt install apparmor
solved the problem. On Ubuntu 22.10 didnt. Maybe can someone post where in the Docker Install script i can specify the version to 23.0 ? curl -sSL https://get.docker.com/ | CHANNEL=stable sh
The people from moby/moby are aware of the incomplete fix for the missing apparmor check.
I tried with Ubuntu 22.10 and it worked for me. Maybe you try apt install docker-ce=5:20.10.23~3-0~ubuntu-kinetic
to downgrade to a previous docker version and wait until there is the final fix for the apparmor check.
for the record, upgrading to docker-ce=23.0.1 did not solve the problem for me, but manually installing the
apparmor
package and then restarting docker did. Thanks cnbhl!
@stefan2904 The solution was never to update to 23.0.1, docker-ce 23.0.1 is the problem, the solution is either to downgrade back to 23.0.0 or set all containers to priviliged mode or stop mailcow, docker install apparmor and restart everything.
I have the same issue on vanilla OS, based on ubuntu 22.10. It seens there is a missing file on /etc/apparmor.d/tunebles, called home. sudo systemctl status apparmor should show inactive due to errors on startup. /etc/apparmor.d/tunebles/home on debian11 is:
#
# Copyright (C) 2006-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# @{HOME} is a space-separated list of all user home directories. While
# it doesn't refer to a specific home directory (AppArmor doesn't
# enforce discretionary access controls) it can be used as if it did
# refer to a specific home directory
@{HOME}=@{HOMEDIRS}/*/ /root/
# @{HOMEDIRS} is a space-separated list of where user home directories
# are stored, for programs that must enumerate all home directories on a
# system.
@{HOMEDIRS}=/home/
# Also, include files in tunables/home.d for site-specific adjustments to
# @{HOMEDIRS}.
include <tunables/home.d>
Just create this file and restart the system, to make sure everything is restarted, solved my problem
Problem Solved by installing this packages for me: apt install apparmor apparmor-utils apparmor-notify apparmor-profiles apparmor-profiles-extra
and reboot.
WTF
If you are using a security module other than AppArmor and docker-ce = 23.0.1, you can work around the issue by disabling AppArmor on the kernel's command line. This can be achieved by adding 'apparmor=0' in the kernel command line, which can be done as follows:
For example:
$ grep "GRUB_CMDLINE_LINUX=" /etc/default/grub GRUB_CMDLINE_LINUX="apparmor=0 security=xxx"
Once your machine has restarted, your containers should start without any issues.
@zandercodes
Thanks you. I had same problem on docker 23.0.1 on debian 11.
your solution fixed my problem:
apt install apparmor apparmor-utils apparmor-notify apparmor-profiles apparmor-profiles-extra
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Contribution guidelines
I've found a bug and checked that ...
Description
Logs:
Steps to reproduce:
Which branch are you using?
master
Operating System:
Ubuntu 22.04.1 LTS
Server/VM specifications:
32GB / 4 Cores / 8 Threads
Is Apparmor, SELinux or similar active?
yes
Virtualization technology:
none
Docker version:
23.0.1
docker-compose version or docker compose version:
2.16.0
mailcow version:
2023-02
Reverse proxy:
none
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check: