Public bug reported:
Is there any chance that this PR can be implemented to current Ubuntu
release?
Because as for now apparmor denies signals from runc and this results in
many pods kept in Terminating state:
audit: type=1400 audit(1715342953.323:200): apparmor="DENIED"
operation="signal" class="signal" profile="cri-containerd.apparmor.d"
pid=741102 comm="runc" requested_mask="receive" denied_mask="receive"
signal=kill peer="runc"
** Affects: containerd-app (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065423
Title:
Update AppArmor template to allow confined runc to kill containers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
