Can't apply AppArmor profile on container: "no such file or directory"

Asked 30/1, 2019 at 7:52 Answered 7/6, 2021 at 3:7

I am trying to apply the following simple AppArmor profile:

#include <tunables/global>

profile docker-profile flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/base>
  #network,
  #capability,
  #file,
  #umount,
  #ptrace,
  #mount,
  pivot_root,
}

When I run docker run -it --rm --security-opt apparmor=docker-profile alpine I get the following error:

docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"process_linux.go:359: container init caused \\"apparmor failed to apply profile: no such file or directory\\"\"\n".

I tried to reinstall it (based on suggestions here):

rm -rf /etc/apparmor*
apt install apparmor --reinstall
service apparmor restart
service docker restart

It didn't help, I am still getting the same error.

Any suggestion what can be the reason and how to solve it ?

Bedstead answered 30/1, 2019 at 7:52 Comment(1)

In my case its turned out that Linux distribution (Ubuntu 22.04) that my VPS provider installed didn't have support for AppArmor. You can check it by running sudo modprobe apparmor. But for some reason systemctl tried to run AppArmor service, which failed, you can check it by running sudo systemctl status apparmor. I tried various ways to fix that, but nothing worked. Eventually I ended up with reinstall OS to Debian 11. AppArmor module still wasn't installed, but systemctl didn't tried to execute it and Docker has worked. – Tiloine 15/8 at 8:55

I needed to register the profile by running apparmor_parser -r -W docker.profile.

More information can be found here:
https://docs.docker.com/engine/security/apparmor/

Bedstead answered 30/1, 2019 at 8:38 Comment(0)

sudo apt-get purge apparmor apparmor-profiles apparmor-utils

sudo apt-get install apparmor-utils apparmor-profiles apparmor-profiles-extra vim-addon-manager

reboot

Muldon answered 7/6, 2021 at 3:7 Comment(7)

Welcome to Stack Overflow! While this code may solve the question, including an explanation of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please edit your answer to add explanations and give an indication of what limitations and assumptions apply. – Euphoria 11/6, 2021 at 6:14

this worked for me on Debian 11 bullseye! thanks! – Carpenter 13/2, 2023 at 2:28

this worked for me on MxLinux 21 – Afloat 28/2, 2023 at 23:47

I'm Running omv6, and something happened when I updated and all the docker container refused to load. I don't know what happened but this fixed it. – Curative 1/3, 2023 at 5:6

worked for Debian 11 bullseye!!!!!! – Jolie 3/3, 2023 at 10:4

The vim-addon-manager is not needed... but it works! – Briney 8/3, 2023 at 17:49

I was having the same issue on orange pi+ 2 after installing the docker from armbian-config utility, I ran the above commands and things seems to be working for me. – Ignore 9/3, 2023 at 7:21

I needed to register the profile by running apparmor_parser -r -W docker.profile.

More information can be found here:
https://docs.docker.com/engine/security/apparmor/

Bedstead answered 30/1, 2019 at 8:38 Comment(0)

Recommended topics

Hot tags