apparmor

Where should I report such problems: System logs full of: apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="system_tor" pid=28980 comm="tor" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none Related to unix...

Hi I upgraded proxmox and everything seems to be working ok; however am constantly seeing this in the syslog. Would anyone have an idea about this or whether this is a concern. Aug 10 00:00:01 pve kernel: audit: type=1400 audit(1754798401.538:4061): apparmor="DENIED" operation="create"...

Hi; i'm very new to this but yesterday upgrade Proxmox to PVE9 and everything is working so far. How I am seeing this constantly hit the low. Any idea what this is and whether its a concern. Aug 10 00:00:01 pve kernel: audit: type=1400 audit(1754798401.538:4061): apparmor="DENIED"...

I'm looking to activate Apparmor for the Proxmox VMs, in order to add an additional level of security, especially the processes are running as root. Currently, this is what I've came up with: #include <tunables/global> profile /usr/bin/qemu-system-x86_64 flags=(attach_disconnected...

After creating LXC from opensuse-15.6-default_20240910_amd64.tar.xz template and then updating it with zypper update after restart it causes agetty failing to start preventing Console usage from Proxmox. In LXC logs can see (d-sysctl)[82]: systemd-sysctl.service: Failed at step CREDENTIALS...

So I had a proxmox installation which unfortunately got corrupted as the SSD it was installed to failed. However I had stored my LXC containers on another disk so managed to recover their raw disk files. I reinstalled proxmox onto another SSD, created a new container but replaced rootfs in...

I have a HDD connected to my PVE host, that holds data in various btrfs subvolumes. I would like to access (and ideally manage) them from an unprivileged LXC container. After reading through several documentation pages and forum posts I attempted the following: Create a "lxc_mount" group on the...

Hi, I run all my LXC container unprivileged. Now and then I have issues with systemd and/or logrotate and some more services not starting. I resolve the issues with lxc.apparmor.profile unconfined in the LXC conf file. But I could resolve it by setting nested=1 option in LXC conf file. So, what...

pveversion is at the bottom to save time for people looking only for the fix. Generally I do not use apparmor on my containers and I find them suitably secure as they are. But recently I experienced a situation where I had to get apparmor working, if not just temporarily. During the...

I want to setup a Samba file server in an LXC container. I found that it works perfectly fine when I use a privileged container. However, I am unsure if it is a good idea to use a privileged container. I could sleep well better if I used a unprivileged container, but using the exactly same...

I would like to beef up my Proxmox server's security a bit. Just wondering if there are any AppArmor profiles out there for Proxmox or need to know if it's just not recommended to enable AppArmor on the Proxmox server at all?

Hi zusammen, kurz zum Hintergrund: ich bin durch Bitwarden zum Proxmox gekommen. Wollte keepass durch etwas modernes ersetzen, aber bei mir zuhause gehostet. Hatte bisher nur mit Linux nur am Rande zu tun, geschäftlich und privat. Durch diverse Tutorials & Co lief der Proxmox recht fix und...

Hi there! I am running Proxmox 6.4-13 and from the information that I gathered I seem to have an issue with apparmor after doing an update & dist-upgrade for my container. There is a thread from 2017 that talked about a similar issue and the solution was to downgrade the kernel. I posted in...

Hi I have been using the openSUSE 15.3 container template for a while now and it has been working great, but after upgrade to 7.2x the apparmor do not work in the containers, old as new ones, it seems to work in the Ubuntu 20.04 container i also have running. i tried to create a new container...

I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a...

Hey there, I work at a small startup where we're currently trying to evaluate whether Proxmox might be able to allow us to run an LXC for each of our data scientists to use and RDP into. Unfortunately, during our testing we're running into some issues that are making this quite difficult. This...

Hello. Please help, containers won't start. Error related to AppArmor . :~# pct start 103 --debug run_apparmor_parser: 915 Failed to run apparmor_parser on "/var/lib/lxc/103/apparmor/lxc-103_<-var-lib-lxc>": Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4...

I'm trying to install the Certbot snap inside a Proxmox container but having issues. Reading the forum threads, I've added the following features to the container: 'nesting=1,fuse=1' But unfortunately, this doesn't help. The relevant error messages are: Unpacking squashfs-tools...

Hi to all, I am trying to install snapd inside lxc of ubuntu 22.04. This was previously ubuntu 21.10 and everything worked fine, but after the upgrade it does not work. I get this error: root@ubuntu-gui:~# apt install snapd Reading package lists... Done Building dependency tree... Done...

I have a problem which might be normal behavior or not, I'm looking for confirmation. Every time I start a privileged container or restart apparmor inside I get the following message in the host's syslog: Apr 12 17:49:12 pm kernel: [154462.321869] audit: type=1400 audit(1649778552.937:390)...