To make this generic so that it will work on older and newer hosts we
should probably change the peer expression to
signal (receive) peer={runc,unconfined},
or possibly, define an @{runc} variable in the preamble and use that.
This really only is advantageous, in that it shows semantic intent, if
if using the value of unconfined, or if @[runc} is used multiple times
within the profile.
@{runc}={peer,unconfined}
signal (receive) peer=@{runc},
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2039294
Title:
apparmor docker
Status in docker:
New
Status in apparmor package in Ubuntu:
Incomplete
Bug description:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
Docker version 24.0.5, build 24.0.5-0ubuntu1
Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all
signals?) doesn't reach the target process. Works when apparmor is uninstalled.
[17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED"
operation="signal" class="signal" profile="docker-default" pid=172626
comm="runc" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/runc"
[17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED"
operation="signal" class="signal" profile="docker-default" pid=172633
comm="runc" requested_mask="receive" denied_mask="receive" signal=kill
peer="/usr/sbin/runc"
To manage notifications about this bug go to:
https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
