I can install flatpak in an Ubuntu 24.04 container without issue. However, when I later install the apparmor package inside this container, I start getting the Couldn't resolve host name error when adding new flatpaks.
My host is a vanilla Ubuntu 24.04 with Incus 6.20 from Zabbly. This is how to recreate this:
incus launch images:ubuntu/24.04 -p default flatpak -c security.nesting=true
incus exec flatpak -- sudo --login --user ubuntu
sudo apt update && sudo apt upgrade
sudo apt install flatpak
sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
sudo flatpak install flathub dev.zed.Zed
Up to this point everything works fine. But when I install apparmor, no more flatpaks can be added:
sudo apt install apparmor
sudo flatpak install flathub com.vscodium.codium
error: Unable to load summary from remote flathub: While fetching https://dl.flathub.org/repo/summary.idx: [6] Couldn't resolve host name
In dmesg on the host, I can now see this error:
sudo dmesg | grep --color=always DENIED | grep -i flatpak
[88660.854274] audit: type=1400 audit(1766310631.037:137018): apparmor="DENIED" operation="create" class="net" info="failed af match" error=-13 namespace="root//incus-t_<var-lib-incus>" profile="flatpak" pid=399745 comm="flatpak" family="inet" sock_type="dgram" protocol=0 requested="create" denied="create"
Does anyone have any ideas on how to fix this? Besides uninstalling apparmor :]