[Rootless] nerdctl rm fails when AppArmor is loaded: error="unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"
#2730
Labels
Milestone
Comments
AkihiroSuda
added
bug
AkihiroSuda
changed the title
nerdctl rm fails when AppArmor is loaded: error="unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"nerdctl rm fails when AppArmor is loaded: error="unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"
|
The audit log: |
|
The fix is applied to nerdctl v1.7.6, via: |
|
There are the same problem in the version v2.0.2 of nerdctl. ~/download ❯ nerdctl run \ took 10s at 11:27:02
-p 12345:3306 \
--name mysql \
-v /data/mysql/conf:/etc/mysql/conf.d \
-v /data/mysql/logs:/logs \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
--rm mysql:8.0.40
2025-01-10 03:27:20+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.40-1.el9 started.
2025-01-10 03:27:24+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2025-01-10 03:27:24+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.40-1.el9 started.
2025-01-10T03:27:25.266322Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.40) starting as process 1
2025-01-10T03:27:25.266393Z 0 [ERROR] [MY-010338] [Server] Can't find error-message file '/usr/share/mysql-8.0/errmsg.sys'. Check error-message file location and 'lc-messages-dir' configuration directive.
2025-01-10T03:27:25.449975Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2025-01-10T03:27:29.382184Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2025-01-10T03:27:32.064946Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2025-01-10T03:27:32.065041Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2025-01-10T03:27:32.921962Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2025-01-10T03:27:32.922065Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.40' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL.
^CERRO[0058] forward signal interrupt error="unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n"
ERRO[0058] forward signal child exited error="unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n"The OS version: ~/download ❯ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
~/download ❯ uname -a
Linux oldsix 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
~/download ❯ apparmor_parser --version
AppArmor parser version 4.0.1
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2018 Canonical Ltd.
~/download ❯ nerdctl --version at 13:19:43
nerdctl version 2.0.2
~/download ❯ containerd --version at 13:22:25
containerd github.com/containerd/containerd/v2 v2.0.0 207ad711eabd375a01713109a8a197d197ff6542 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nerdctl v1.7.2, containerd v1.7.11, runc v1.1.10, on Ubuntu 23.10 (kernel 6.5.0-14-generic).
The binaries are installed onto
/usr/local(via Lima).The issue doesn't seem to happen on Ubuntu 22.04 LTS.
Some apparmor stuff seems to have changed in 23.XX.
Workaround
OR
The text was updated successfully, but these errors were encountered: