Keep in mind this is not just about free or curl. It's about any tool which is used in a redirect to file where:
a) the tool is confined b) this is being run inside lxd c) I see this happening in a questing lxd with a noble host (kernel 6.8.0-79-generic) d) the profile of the tool does not inherently allow it to write to where the redirect is happening Quick second example: This works: root@q-apparmord:~# tcpdump > foo tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^C103 packets captured 117 packets received by filter 0 packets dropped by kernel root@q-apparmord:~# l foo -rw-r--r-- 1 root root 17K Sep 3 13:29 foo This doesn't: root@q-apparmord:/var/log# cd /var/log root@q-apparmord:/var/log# tcpdump > foo tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes tcpdump: Unable to write output: Message too long root@q-apparmord:/var/log# l foo -rw-r--r-- 1 root root 0 Sep 3 13:33 foo [Wed Sep 3 13:29:43 2025] audit: type=1400 audit(1756906183.032:1015): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxd-q-apparmord_<var-snap-lxd-common-lxd>" profile="tcpdump" name="/var/log/foo" pid=35785 comm="tcpdump" requested_mask="w" denied_mask="w" fsuid=1000000 ouid=1000000 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121552 Title: "free > file" blocked by apparmor inside questing lxd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121552/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
