-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to disable AppArmor even if available #353
Comments
How are you starting the docker image? For me the
|
Since I'm trying to use opencpu in a larger setup, I use a compose file and More important is the fact that this error only happens when a start the container inside an other docker container (therefor, docker in docker using the docker:dind image) on an Ubuntu host. I know this is a very special usecase, nevertheless, here is some minimal code to reproduce: On a Window host maschine, as expected App Armor is not started:
But on an Ubuntu system I get:
|
Can you try setting options(apparmor = FALSE) to your |
Good idea, thx. I tried this but does not do the trick. I guess this is due to these lines in the "onstartup.R" file, which come directly after setting apparmor to true but befor reading the Rprofile.
If I modify the "onstartup.R" file, remove the line and build opencpu from scratch, app armor stays disabled. But I would really like to not do this. Since:
|
I'll add an way to disable it via an environment variable so you can set that in |
Thx a lot. Great work :). |
Is there any configuration option to prevent the use of AppArmor at all even if it is available?
Reason I'm asking:
I’m trying to run openCPU using the openCPU/debian-10 docker image and a Docker in Docker approach. Startup works fine but every request fails with status code 400:
System failure for: aa_change_profile() (No such file or directory)
I think this might be related to jeroen/RAppArmor#21 but I'm not able to run the Container in privileged mode in the Docker in Docker use case, which unluckily I require for running Test-Pipelines on GitLab.
If I understand correctly from the Docu, AppArmor should not be used by openCPU on Debian by default? I guess since the parent container image is Ubuntu and they share the Linux Kernel it still tries to use AppArmor, which then can not mount securityfs. (https://stackoverflow.com/questions/25533666/cannot-reload-or-start-apparmor-in-docker)
PS.: The openCPU Server Container works fine if I run the container without Docker in Docker on a maschine without AppArmor available.
The text was updated successfully, but these errors were encountered: