Kernel logs on the host when running `apt update` in a container.
2025-04-26T10:06:40.559507+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.556:604): apparmor="DENIED" operation="signal" class="signal" profile="incus-noble_</var/lib/incus>" pid=6047 comm="apt" requested_mask="send" denied_mask="send" signal=int peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.564510+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.562:605): apparmor="DENIED" operation="ptrace" class="ptrace" profile="incus-noble_</var/lib/incus>" pid=6053 comm="systemctl" requested_mask="read" denied_mask="read" peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.576500+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.574:606): apparmor="DENIED" operation="ptrace" class="ptrace" profile="incus-noble_</var/lib/incus>" pid=5056 comm="systemd" requested_mask="read" denied_mask="read" peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.576509+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.574:607): apparmor="DENIED" operation="ptrace" class="ptrace" profile="incus-noble_</var/lib/incus>" pid=5103 comm="systemd-journal" requested_mask="read" denied_mask="read" peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.577490+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.575:608): apparmor="DENIED" operation="ptrace" class="ptrace" profile="incus-noble_</var/lib/incus>" pid=5103 comm="systemd-journal" requested_mask="read" denied_mask="read" peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.584543+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.582:609): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 namespace="root//incus-noble_<var-lib-incus>" profile="unconfined" name="ubuntu_pro_apt_news" pid=6055 comm="(python3)" 2025-04-26T10:06:40.585538+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.583:610): apparmor="DENIED" operation="ptrace" class="ptrace" profile="incus-noble_</var/lib/incus>" pid=5056 comm="systemd" requested_mask="read" denied_mask="read" peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.585544+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.583:611): apparmor="DENIED" operation="signal" class="signal" profile="incus-noble_</var/lib/incus>" pid=6053 comm="systemctl" requested_mask="send" denied_mask="send" signal=term peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:40.600499+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.598:612): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 namespace="root//incus-noble_<var-lib-incus>" profile="unconfined" name="ubuntu_pro_esm_cache" pid=6056 comm="(python3)" 2025-04-26T10:06:40.751507+00:00 testing-if-incus-works kernel: audit: type=1400 audit(1745662000.749:613): apparmor="DENIED" operation="signal" class="signal" profile="incus-noble_</var/lib/incus>" pid=6055 comm="python3" requested_mask="send" denied_mask="send" signal=int peer="incus-noble_</var/lib/incus>//&unconfined" 2025-04-26T10:06:45.766516+00:00 testing-if-incus-works kernel: kauditd_printk_skb: 6 callbacks suppressed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2109394 Title: AppArmor breaks Incus containers Status in apparmor package in Ubuntu: New Bug description: With Ubuntu 25.04, launching an Incus container and issuing "apt update" inside it just...stalls. It never proceeds. There's a lot of complaints about ptract and signal being denied by AppArmor and, indeed, adding 'raw.apparmor="signal,"' to the container's configuration allows "apt update" to work normally again. Tested both with a fresh install of 25.04 and with an upgrade from 24.04 to 24.10 and then to 25.04, the result is the same. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2109394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
