Ubuntu
apparmor package

apparmor docker

Bug #2039294 reported by adam furtenbach
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
New
Undecided
Unassigned

Bug Description

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic

Docker version 24.0.5, build 24.0.5-0ubuntu1

Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled.

[17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172626 comm="runc" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/runc"
[17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172633 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/sbin/runc"

Revision history for this message
adam furtenbach (zmoosh) wrote :

Applies to all signals.

# docker kill -s sigusr1 dynamodb-local
Error response from daemon: Cannot kill container: dynamodb-local: Cannot kill container fe323ad3ca9648f2e8b59debd22a2439f4709c5fafe3dbf46a0a06f67ba65204: unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied
: unknown

[33054.783037] audit: type=1400 audit(1697228308.520:1037): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=189468 comm="runc" requested_mask="receive" denied_mask="receive" signal=usr1 peer="/usr/sbin/runc"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.