Public bug reported: Is there any chance that this PR can be implemented to current Ubuntu release?
Because as for now apparmor denies signals from runc and this results in many pods kept in Terminating state: audit: type=1400 audit(1715342953.323:200): apparmor="DENIED" operation="signal" class="signal" profile="cri-containerd.apparmor.d" pid=741102 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="runc" ** Affects: containerd-app (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065423 Title: Update AppArmor template to allow confined runc to kill containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs