Closed Oratorian closed 11 months ago
cnbhl
commented
1 year ago Exactly the same here. Seem to be a problem with docker-ce itself. Should be solved in docker-ce=23.0.1. See here: https://github.com/moby/moby/issues/44900
This is not working for me. Temporary solution: revert to previous docker-ce version e.g.:
apt install docker-ce=5:20.10.23~3-0~debian-bullseye
cnbhl
commented
1 year ago Also a solution: Install apparmor prior to upgrading to docker 23.0.1 or restart docker after installation of apparmor.
apt install apparmor and then restart docker, e.g. systemctl restart docker.
Finally restart mailcow docker-compose up -d.
or simply set Edit: not a good security advice if forgotten...apparmor=0 on the kernel command line.
See: https://github.com/moby/moby/issues/44970#issuecomment-1427428554
stefan2904
commented
1 year ago for the record, upgrading to docker-ce=23.0.1 did not solve the problem for me, but manually installing the apparmor package and then restarting docker did. Thanks cnbhl!
Margrie
commented
1 year ago i struggled with this problem the last 2 days. I try'd Debian 11 and Ubuntu 22.10.
On Debian11 apt install apparmor solved the problem.
On Ubuntu 22.10 didnt.
Maybe can someone post where in the Docker Install script i can specify the version to 23.0 ?
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
cnbhl
commented
1 year ago i struggled with this problem the last 2 days. I try'd Debian 11 and Ubuntu 22.10. On Debian11
apt install apparmorsolved the problem. On Ubuntu 22.10 didnt. Maybe can someone post where in the Docker Install script i can specify the version to 23.0 ? curl -sSL https://get.docker.com/ | CHANNEL=stable sh
The people from moby/moby are aware of the incomplete fix for the missing apparmor check.
I tried with Ubuntu 22.10 and it worked for me. Maybe you try apt install docker-ce=5:20.10.23~3-0~ubuntu-kinetic to downgrade to a previous docker version and wait until there is the final fix for the apparmor check.
Oratorian
commented
1 year ago for the record, upgrading to docker-ce=23.0.1 did not solve the problem for me, but manually installing the
apparmorpackage and then restarting docker did. Thanks cnbhl!
@stefan2904 The solution was never to update to 23.0.1, docker-ce 23.0.1 is the problem, the solution is either to downgrade back to 23.0.0 or set all containers to priviliged mode or stop mailcow, docker install apparmor and restart everything.
celangoni
commented
1 year ago I have the same issue on vanilla OS, based on ubuntu 22.10. It seens there is a missing file on /etc/apparmor.d/tunebles, called home. sudo systemctl status apparmor should show inactive due to errors on startup. /etc/apparmor.d/tunebles/home on debian11 is:
#
# Copyright (C) 2006-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# @{HOME} is a space-separated list of all user home directories. While
# it doesn't refer to a specific home directory (AppArmor doesn't
# enforce discretionary access controls) it can be used as if it did
# refer to a specific home directory
@{HOME}=@{HOMEDIRS}/*/ /root/
# @{HOMEDIRS} is a space-separated list of where user home directories
# are stored, for programs that must enumerate all home directories on a
# system.
@{HOMEDIRS}=/home/
# Also, include files in tunables/home.d for site-specific adjustments to
# @{HOMEDIRS}.
include <tunables/home.d>Just create this file and restart the system, to make sure everything is restarted, solved my problem
zandercodes
commented
1 year ago Problem Solved by installing this packages for me: apt install apparmor apparmor-utils apparmor-notify apparmor-profiles apparmor-profiles-extra and reboot.
landonstewart
commented
1 year ago WTF
sthempura
commented
1 year ago If you are using a security module other than AppArmor and docker-ce = 23.0.1, you can work around the issue by disabling AppArmor on the kernel's command line. This can be achieved by adding 'apparmor=0' in the kernel command line, which can be done as follows:
For example:
$ grep "GRUB_CMDLINE_LINUX=" /etc/default/grub GRUB_CMDLINE_LINUX="apparmor=0 security=xxx"
Once your machine has restarted, your containers should start without any issues.
alimp5
commented
1 year ago @zandercodes
Thanks you. I had same problem on docker 23.0.1 on debian 11.
your solution fixed my problem:
apt install apparmor apparmor-utils apparmor-notify apparmor-profiles apparmor-profiles-extra
milkmaker
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
milkmaker
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Contribution guidelines
I've found a bug and checked that ...
Description
Logs:
Steps to reproduce:
Which branch are you using?
master
Operating System:
Ubuntu 22.04.1 LTS
Server/VM specifications:
32GB / 4 Cores / 8 Threads
Is Apparmor, SELinux or similar active?
yes
Virtualization technology:
none
Docker version:
23.0.1
docker-compose version or docker compose version:
2.16.0
mailcow version:
2023-02
Reverse proxy:
none
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check: