I install docker-ce 19.03.3, on ubuntu 19.04 following the installation procedure described on the official website. The installation worked well. But when I wanted to test by creating a container,...

I have been using snap for some time but after a recent upgrade, I get this error when I try opening any application Snap-confine has elevated permissions and is not confined but should be. Refusin...

I am working with logstash and it is unable to read some log files. To be able to read, I think I have to add a profile in apparmor but am pretty lost at this point. The app is run as: java -jar ...

Tough task: Everytime I try to stop or kill a running container, I get permission denied as an error response from Daemon. I just started learning how to use docker by using a Ubuntu18.04 VM. I w...

I am trying to apply the following simple AppArmor profile: #include <tunables/global> profile docker-profile flags=(attach_disconnected,mediate_deleted) { #include <abstractions/base&...

The following issue takes place in Debian Jessie (under Vagrant): The docker documentation claims that an apparmor profile is automatically placed in /etc/apparmor.d/docker, yet when I list the co...

Is it possible to disable AppArmor for a particular Docker container? I want to make ptrace accessible so I can attach gdb to a running process but run into the following issue when I want to chang...

I just check /etc/apparmor.d/usr.sbin.mysqld I saw, /var/lib/mysql/** rwk, // what is rwk stand for ? Is it read, write?? then what does k stands for? /var/log/mysql/ r, What does rwk st...

The AppArmor documentation mentions giving applications the ability to execute other programs with or without enviroment scrubbing. Apparently a scrubbed environment is more secure, but the documen...