Trying to spin up an nginx container and I see some error with AppArmor. The test server is a fresh AlmaLinux 8 container.
[philip@alma8-test ~]$ docker run -it -d -p 80:80 nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
01b5b2efb836: Pull complete
db354f722736: Pull complete
abb02e674be5: Pull complete
214be53c3027: Pull complete
a69afcef752d: Pull complete
625184acb94e: Pull complete
Digest: sha256:bb64db4779cb6f1c1b9cbc446f186908f50042479880c5e2804e05b663d7e26c
Status: Downloaded newer image for nginx:latest
9caf042392977237280fc18462c83a2f5da8a409323f613c749deecd27750195
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output:
error: exec: "apparmor_parser": executable file not found in $PATH.
Did some googling and found posts that ask to install AppArmor. Not sure how to install that - yum/dnf doesn’t find apparmor packages to install.
Yes. Though I don’t see AppArmor installed on AlmaLinux 8. Can’t install it with dnf/yum too.
This is first time this error cropped up. Previously docker worked without issues. I saw some posts that RHEL derivatives use SELinux and not AppArmor.
Do you think some lxc config has to be changed in order to fix this - especially because it says AppArmor is enabled but could not be loaded?
I can’t apply it to the profile. Did the key change?
lxc config set alma8-test raw.lxc "lxc.aa_profile=unconfined"
Error: Failed to load config file "/tmp/lxd_config_2472379704": loading config file for the container failed
Okay. Enabled it on the container and restarted it. Now I get a new error
docker: Error response from daemon: Could not check if docker-default AppArmor profile was loaded: open /sys/kernel/security/apparmor/profiles: permission denied.
I confirm Philip_C’s findings, only I am using Rocky 8 flavour as LXC container for Docker and Ubuntu Jammy as LXC host. It did work no problems just a few days back so some change in Docker made this an issue.
A quick fix I found was that running Ubuntu Jammy as the LXC container for Docker makes the problem go away. I use Docker’s own repo, not default Ubuntu ones. I guess this is because apparmor-utils are in Jammy while RHEL derivatives don’t have this because SELinux. For my use cases I will just change my Docker LXC hosts from Rocky to Ubuntu and I am fine. Not sure if this is an option for you Philip.