docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded

F

6

15

I install docker-ce 19.03.3, on ubuntu 19.04 following the installation procedure described on the official website. The installation worked well. But when I wanted to test by creating a container,

I have this error:

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded

running /usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default911109442

failed with output:

'AppArmor parser error for /var/lib/docker/tmp/docker-default911109442 in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'

`

Felten answered 15/10, 2019 at 11:27 Comment(1)

The same issue has been fixed here. – Licastro 13/11, 2019 at 22:44

M

27

Maybe you don't have AppArmor installed.

Try to do this:

apt install apparmor -y

Then restart the container.

Methodism answered 16/10, 2022 at 2:15 Comment(0)

E

12

Installing the apparmor-utils package solved it for me 🎉

https://docs.docker.com/engine/release-notes/23.0/#known-issues

Etymology answered 3/2, 2023 at 7:19 Comment(0)

S

5

You have your answer in this docker issue: https://github.com/moby/moby/issues/20554

You just have to create this file: /etc/apparmor.d/tunables/proc

And put this line inside:

@{PROC}=/proc/

Stepchild answered 14/11, 2019 at 20:35 Comment(2)

This worked for me. I'm using Docker version 19.03.5, build 633a0ea838 on Debian 10. – Adahadaha 16/12, 2019 at 3:25

another reason could be an unprivileged LXC container bein used to run docker - needs to be privileged – Eczema 18/7, 2021 at 6:11

A

5

I installed a new version of Linux Mint 20 Ulyana on a partition of a new drive (with my home directory synced to a different partition), and found Apparmor would not start, and docker would not run with any containers, not even hello_word. The errors all mentioned apparmor. I found that many of the files in

/etc/apparmor.d/

had text to line 7, but showed binary symbols for line 7. I found that the config could be recreated by running:

$ sudo dpkg-reconfigure apparmor

after which the config files in

/etc/apparmor.d/

were all text. Then apparmor would start with

$ /etc/init.d/apparmor restart

Then my docker containers ran again.

Acupuncture answered 26/7, 2020 at 3:52 Comment(0)

A

4

Running Ubuntu 20.04 LTS, just ran a 'apt update' then 'apt dist-upgrade', got a similar error starting docker. Normally I remove apparmor, as was the case here. I had to re-install apparmor then remove it before docker containers would start.

Aftercare answered 2/2, 2023 at 18:20 Comment(0)

W

0

I’m consistently running into this as well: Debian bullseye offers apparmour but I don’t want it so I don’t have it installed, but something (Docker?) loads the kernel module, which defaults to enabled, and Docker does not properly check that the apparmour tools are present when wanting to use it.

Adding the --security-opt apparmor=unconfined makes it not try:

$ docker run -it alpine:latest
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output: 
error: exec: "apparmor_parser": executable file not found in $PATH.
$ docker run --security-opt apparmor=unconfined -it alpine:latest
/ # …

Wareing answered 14/6 at 21:10 Comment(0)

Recommended topics

Hot tags