Docker, AppArmor & LXC

As discussed in the previous post, I use a Proxmox setup, where I rely heavily on LXC containers with nested Docker containers as workloads. And recently, Docker released a new update where AppArmor is enabled by default for docker, docker compose etc. which was crashing unless using privileged containers.

After trying to understand the issue a bit more, the correct way to fix it was to actually allow more permissions inside the LXC containers, thus allowing AppArmor to run and load Docker profiles successfully. Thus I removed the global restrictions using the forum link mentioned here, and then inside the containers dropped privileges for the containers, successfully loading everything.

After putting in this script, a simple reboot will allow the container to start correctly. Now if we install apparmor and docker from apt, everything works fine. The side effect of this is that now my containers have pointlessly more permissions than needed, and it is basically a new configuration deviation from standard Proxmox deployment that I've to manage for my homelab.

Hopefully this helps you optimize your workflow, if indeed you run a setup similar to mine.