Docker and AppArmor

Docker and AppArmor

My setup relies heavily on Docker containers running inside LXC containers, which run on Proxmox. While this setup is for mostly personal use, it gives me good utilisation for my low cost infrastructure.

However, recently Docker-CE pushed an update that broke nested containers for me. In fact google-ing around quickly landed me to this exact issue:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused “process_linux.go:449: container init caused \“apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: permission denied\”″ · Issue #1129 · docker/for-linux
This is a bug report This is a feature request I searched existing issues before opening this one Expected behavior docker run should be able to run the container Actual behavior Running docker run…

And while I'll love to have a flag implementation to turn off the AppArmor check, I could not do it, simply because there is no such flag. 🤦‍♂️

In the meantime, the easiest suggestion was to downgrade Docker and related plugins. Following is my gist for it.

I hope it helps you.