[Bug 1089732] New: Virtualization:containers/docker: SLES_12: Docker not running due to missing apparmor profile
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732 Bug ID: 1089732 Summary: Virtualization:containers/docker: SLES_12: Docker not running due to missing apparmor profile Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: containers-bugowner@suse.de Reporter: proletheus@freenet.de QA Contact: opensuse-communityscreening@forge.provo.novell.com CC: fcastelli@suse.com Found By: --- Blocker: --- Hello, starting a container fails with: docker run --rm hello-world docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default167860293` failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default167860293 in /var/lib/docker/tmp/docker-default167860293 at line 13: syntax error, unexpected TOK_OPENPAREN, expecting TOK_MODE There is no file /var/lib/docker/tmp/docker-default167860293. Tested: - stopped apparmor / restarted docker --> no success - restarted apparmor / Restarted docker --> no success - disabled boot.apparmor --> no success -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732#c1
Aleksa Sarai
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732#c2
--- Comment #2 from Aleksa Sarai
This may be related to a recent change where the AppArmor profile was updated to fix a kernel regression (signals would not be sent properly). Can you check if building a package without bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch fixes the issue?
In particular it looks like old SLE versions cannot handle
signal (receive) peer=unconfined,
(though I haven't tested this myself). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732#c3
Goldwyn Rodrigues
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732#c4
--- Comment #4 from Robert Herb
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732
http://bugzilla.opensuse.org/show_bug.cgi?id=1089732#c5
Aleksa Sarai
participants (1)
-
bugzilla_noreply@novell.com