Docker on Debian

capriciousduck · July 20, 2022, 11:44am

Hello. I am trying to get the network working within Docker containers running on Debian (this is a new thread, I have an old one lying around). I saw through other posts and did a lot of googling and one thing seemed to fix the problem: Removing AppArmor. But, I guess that’s not a good solution. So I tried to compare the AppArmor versions running on Ubuntu with Debian.

I found out that the AppArmor package running on Debian is too old. I’m aware that packages on Debian sometimes have not-so-newer versions, but I think, with Apparmor, it’s way too old. Below you can see the Apparmor versions running on Ubuntu and Debian.

On Ubuntu Jammy:

sudo dpkg --list | grep apparmor
ii  apparmor                        3.0.4-2ubuntu2.1                        amd64        user-space parser utility for AppArmor
ii  libapparmor1:amd64              3.0.4-2ubuntu2.1                        amd64        changehat AppArmor library

On Debian 11:

sudo dpkg --list | grep apparmor
ii  libapparmor1:amd64         2.13.6-10                    amd64        changehat AppArmor library

Is that causing the problem?

EDIT:

Some more information. Here is the output when I try to spin up an Nginx container.

admin@debdocker:~$ docker run -p 80:80 nginx:alpine
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/07/20 15:09:24 [emerg] 1#1: socket() 0.0.0.0:80 failed (13: Permission denied)
nginx: [emerg] socket() 0.0.0.0:80 failed (13: Permission denied)

Why can the container bind to port 80? Nothing else is running on port 80 (checked with netstat) and I’ve added myself into the "docker " group to run docker as a non-root user. Only by passing “–privileged” the container could bind to port 80. If this is caused by AppArmor, what do I need to do?