Public bug reported:

Is there any chance that this PR can be implemented to current Ubuntu
release?

Because as for now apparmor denies signals from runc and this results in
many pods kept in Terminating state:

audit: type=1400 audit(1715342953.323:200): apparmor="DENIED"
operation="signal" class="signal" profile="cri-containerd.apparmor.d"
pid=741102 comm="runc" requested_mask="receive" denied_mask="receive"
signal=kill peer="runc"

** Affects: containerd-app (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065423

Title:
  Update AppArmor template to allow confined runc to kill containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to