I used LXD to setup the Unifi Controller and things mostly work well. It is a default install with the bridge networking.
I used lxc config to add a proxy device for all the ports I needed exposed. For the one port that is an issue here is the command I used:
lxc config device add unifi unifi10001 proxy listen=udp:0.0.0.0:10001 connect=udp:127.0.0.1:10001 proxy_protocol=true
The problem is that the app is trying to open the socket in raw mode and the AppArmor profile does not allow it:
Nov 18 01:09:03 alpha kernel: [ 142.496256] audit: type=1400 audit(1637215743.511:188): apparmor=“DENIED” operation=“create” profile=“lxd_forkproxy-unifi10001_unifi_</var/snap/lxd/common/lxd>” pid=4863 comm=“lxd” family=“netlink” sock_type=“raw” protocol=0 requested_mask=“create” denied_mask=“create”
In the AppArmor profile it has lines such as “network dgram” but not “network raw”. I tried to update this file and reboot but it looks like the config is regenerated to its original state.
I can solve the problem by using “apparmor_parser -r -C” on the rule to turn it off but I have to do that after each reboot and would like to learn how to solve it permanently.
Is there a way to allow raw network sockets or to disable the AppArmor profile for just the specific proxy device?