Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman 1.4.0 requires apparmor module active in kernel #3331

Closed
bvdeenen opened this issue Jun 13, 2019 · 5 comments · Fixed by #3334
Closed

podman 1.4.0 requires apparmor module active in kernel #3331

bvdeenen opened this issue Jun 13, 2019 · 5 comments · Fixed by #3334
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@bvdeenen
Copy link

Using podman on Void Linux, I found that apparmor needs to be installed, and activated in the kernel in order to podman run any image. When not enabled in the kernel, it podman run will abort with an broken pipe error.

Enabling apparmor in the kernel (adding apparmor=1 security=apparmor to the kernel command line) was enough to make the issue go away.
Full details on the void linux reddit page:

@mheon
Copy link
Member

mheon commented Jun 13, 2019

@vrothberg Mind taking a look here?

@mheon mheon added the kind/bug Categorizes issue or PR as related to a bug. label Jun 13, 2019
@rhatdan
Copy link
Member

rhatdan commented Jun 14, 2019

@bvdeenen most of us are much more experienced with SELinux then Apparmor. Any chance you could look at the code and Open a PR?

@vrothberg
Copy link
Member

I just had a look and believe to have a fix. I'll wrap up a PR, so you can test if that solves the issue.

vrothberg added a commit to vrothberg/libpod that referenced this issue Jun 14, 2019
@vrothberg
pkg/apparmor: fix when AA is disabled
e611176 
Do not try to load the default profile when AppArmor is disabled on the
host.

Fixes: containers#3331
Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg vrothberg mentioned this issue Jun 14, 2019
Merged
@vrothberg
Copy link
Member

#3334 should do the trick. I am currently restricted with bandwidth and cannot set up a new VM for testing.

@bvdeenen
Copy link
Author

I'll have a look in a few hours. I'm travelling and on a very limited bandwidth, so I'm not sure I can build runc. Depends on how much stuff I have to pull in.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pkg/apparmor: fix when AA is disabled vrothberg/libpod
4 participants
@bvdeenen @rhatdan @mheon @vrothberg