As a temporary workaround, put the file I have attached to /etc/apparmor.d/docker-default and load it with "apparmor_parser -Kr /etc/apparmor.d/docker-default". This will make dockerd skip loading its builtin profile and use this one instead. The only difference between the builtin one and this one is the following rule:
# runc may send signals to container processes signal (receive) peer=runc, I've opened PRs upstream: - https://github.com/containerd/containerd/pull/10123 - https://github.com/moby/moby/pull/47749 I think I'll need to work a little bit more on them to add rules only for profiles that exist. (It works even if they don't exist though.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2039294 Title: apparmor docker To manage notifications about this bug go to: https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
