apparmor

  1. G

    Minor apparmor problem with tor

    Where should I report such problems: System logs full of: apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="system_tor" pid=28980 comm="tor" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none Related to unix...
  2. C

    Proxmox PVE9 Upgrade - Apparmor Denied Messages

    Hi I upgraded proxmox and everything seems to be working ok; however am constantly seeing this in the syslog. Would anyone have an idea about this or whether this is a concern. Aug 10 00:00:01 pve kernel: audit: type=1400 audit(1754798401.538:4061): apparmor="DENIED" operation="create"...
  3. C

    Proxmov PVE9 Upgrade AppArmor Error

    Hi; i'm very new to this but yesterday upgrade Proxmox to PVE9 and everything is working so far. How I am seeing this constantly hit the low. Any idea what this is and whether its a concern. Aug 10 00:00:01 pve kernel: audit: type=1400 audit(1754798401.538:4061): apparmor="DENIED"...
  4. BelCloud

    Apparmor for VM

    I'm looking to activate Apparmor for the Proxmox VMs, in order to add an additional level of security, especially the processes are running as root. Currently, this is what I've came up with: #include <tunables/global> profile /usr/bin/qemu-system-x86_64 flags=(attach_disconnected...
  5. D

    systemd update on openSUSE LXC + Proxmox AppArmor breaks stuff

    After creating LXC from opensuse-15.6-default_20240910_amd64.tar.xz template and then updating it with zypper update after restart it causes agetty failing to start preventing Console usage from Proxmox. In LXC logs can see (d-sysctl)[82]: systemd-sysctl.service: Failed at step CREDENTIALS...
  6. E

    Unable to start snaps after migrating LXC container

    So I had a proxmox installation which unfortunately got corrupted as the SSD it was installed to failed. However I had stored my LXC containers on another disk so managed to recover their raw disk files. I reinstalled proxmox onto another SSD, created a new container but replaced rootfs in...
  7. L

    Block device (btrfs) in unprivileged LXC container

    I have a HDD connected to my PVE host, that holds data in various btrfs subvolumes. I would like to access (and ideally manage) them from an unprivileged LXC container. After reading through several documentation pages and forum posts I attempted the following: Create a "lxc_mount" group on the...
  8. K

    LXC unprivileged nested=1 vs lxc.apparmor.profile unconfined what is more unsecure

    Hi, I run all my LXC container unprivileged. Now and then I have issues with systemd and/or logrotate and some more services not starting. I resolve the issues with lxc.apparmor.profile unconfined in the LXC conf file. But I could resolve it by setting nested=1 option in LXC conf file. So, what...
  9. E

    [SOLVED] i2p on Debian containers Proxmox, aka. Apparmor is broken on Debian LXC Container for both privileged and unprivileged. Fix inside.

    pveversion is at the bottom to save time for people looking only for the fix. Generally I do not use apparmor on my containers and I find them suitably secure as they are. But recently I experienced a situation where I had to get apparmor working, if not just temporarily. During the...
  10. M

    Samba file server in LXC container

    I want to setup a Samba file server in an LXC container. I found that it works perfectly fine when I use a privileged container. However, I am unsure if it is a good idea to use a privileged container. I could sleep well better if I used a unprivileged container, but using the exactly same...
  11. D

    Are there any AppArmor profiles that I can use on the Proxmox host server? Or is AppArmor not recommended for the host server?

    I would like to beef up my Proxmox server's security a bit. Just wondering if there are any AppArmor profiles out there for Proxmox or need to know if it's just not recommended to enable AppArmor on the Proxmox server at all?
  12. K

    [SOLVED] Docker / Portainer läuft nicht mehr

    Hi zusammen, kurz zum Hintergrund: ich bin durch Bitwarden zum Proxmox gekommen. Wollte keepass durch etwas modernes ersetzen, aber bei mir zuhause gehostet. Hatte bisher nur mit Linux nur am Rande zu tun, geschäftlich und privat. Durch diverse Tutorials & Co lief der Proxmox recht fix und...
  13. P

    LXC does not start after update/upgrade - apparmor issue(?)

    Hi there! I am running Proxmox 6.4-13 and from the information that I gathered I seem to have an issue with apparmor after doing an update & dist-upgrade for my container. There is a thread from 2017 that talked about a similar issue and the solution was to downgrade the kernel. I posted in...
  14. R

    AppArmor problem in containers based on openSUSE template

    Hi I have been using the openSUSE 15.3 container template for a while now and it has been working great, but after upgrade to 7.2x the apparmor do not work in the containers, old as new ones, it seems to work in the Ubuntu 20.04 container i also have running. i tried to create a new container...
  15. 4

    Ubuntu LXC - Can't start AppArmor

    I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a...
  16. R

    Privileged Containers and AppArmor: Any advice appreciated!

    Hey there, I work at a small startup where we're currently trying to evaluate whether Proxmox might be able to allow us to run an LXC for each of our data scientists to use and RDP into. Unfortunately, during our testing we're running into some issues that are making this quite difficult. This...
  17. W

    Failed to initialize container

    Hello. Please help, containers won't start. Error related to AppArmor . :~# pct start 103 --debug run_apparmor_parser: 915 Failed to run apparmor_parser on "/var/lib/lxc/103/apparmor/lxc-103_<-var-lib-lxc>": Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4...
  18. N

    [SOLVED] Snapd, Certbot inside a Proxmox container

    I'm trying to install the Certbot snap inside a Proxmox container but having issues. Reading the forum threads, I've added the following features to the container: 'nesting=1,fuse=1' But unfortunately, this doesn't help. The relevant error messages are: Unpacking squashfs-tools...
  19. D

    unable to install snapd inside lxc ubuntu 22.04

    Hi to all, I am trying to install snapd inside lxc of ubuntu 22.04. This was previously ubuntu 21.10 and everything worked fine, but after the upgrade it does not work. I get this error: root@ubuntu-gui:~# apt install snapd Reading package lists... Done Building dependency tree... Done...
  20. T

    Apparmor in privileged container

    I have a problem which might be normal behavior or not, I'm looking for confirmation. Every time I start a privileged container or restart apparmor inside I get the following message in the host's syslog: Apr 12 17:49:12 pm kernel: [154462.321869] audit: type=1400 audit(1649778552.937:390)...