As a temporary patch on my system, I disabled the apparmor rules for /usr/sbin/runc
Following the documentation to disable one single apparmor profile (link: https://help.ubuntu.com/community/AppArmor#Disable_one_profile ) : ``` sudo ln -s /etc/apparmor.d/usr.sbin.runc /etc/apparmor.d/disable/ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.runc ``` docker can now send signals to its containers. --- re-activating is documented in the next paragraph in the page above: ``` sudo rm /etc/apparmor.d/disable/usr.sbin.runc sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.runc ``` docker stop will not be able to send a signal to its containers anymore. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2039294 Title: apparmor docker Status in docker: New Status in apparmor package in Ubuntu: Incomplete Bug description: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 23.10 Release: 23.10 Codename: mantic Docker version 24.0.5, build 24.0.5-0ubuntu1 Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled. [17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172626 comm="runc" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/runc" [17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172633 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/sbin/runc" To manage notifications about this bug go to: https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
