apparmor

I'm looking to activate Apparmor for the Proxmox VMs, in order to add an additional level of security, especially the processes are running as root. Currently, this is what I've came up with: #include <tunables/global> profile /usr/bin/qemu-system-x86_64 flags=(attach_disconnected...

After creating LXC from opensuse-15.6-default_20240910_amd64.tar.xz template and then updating it with zypper update after restart it causes agetty failing to start preventing Console usage from Proxmox. In LXC logs can see (d-sysctl)[82]: systemd-sysctl.service: Failed at step CREDENTIALS...

So I had a proxmox installation which unfortunately got corrupted as the SSD it was installed to failed. However I had stored my LXC containers on another disk so managed to recover their raw disk files. I reinstalled proxmox onto another SSD, created a new container but replaced rootfs in...

I have a HDD connected to my PVE host, that holds data in various btrfs subvolumes. I would like to access (and ideally manage) them from an unprivileged LXC container. After reading through several documentation pages and forum posts I attempted the following: Create a "lxc_mount" group on the...

Hi, I run all my LXC container unprivileged. Now and then I have issues with systemd and/or logrotate and some more services not starting. I resolve the issues with lxc.apparmor.profile unconfined in the LXC conf file. But I could resolve it by setting nested=1 option in LXC conf file. So, what...

pveversion is at the bottom to save time for people looking only for the fix. Generally I do not use apparmor on my containers and I find them suitably secure as they are. But recently I experienced a situation where I had to get apparmor working, if not just temporarily. During the...

I want to setup a Samba file server in an LXC container. I found that it works perfectly fine when I use a privileged container. However, I am unsure if it is a good idea to use a privileged container. I could sleep well better if I used a unprivileged container, but using the exactly same...

I would like to beef up my Proxmox server's security a bit. Just wondering if there are any AppArmor profiles out there for Proxmox or need to know if it's just not recommended to enable AppArmor on the Proxmox server at all?

Hi zusammen, kurz zum Hintergrund: ich bin durch Bitwarden zum Proxmox gekommen. Wollte keepass durch etwas modernes ersetzen, aber bei mir zuhause gehostet. Hatte bisher nur mit Linux nur am Rande zu tun, geschäftlich und privat. Durch diverse Tutorials & Co lief der Proxmox recht fix und...

Hi there! I am running Proxmox 6.4-13 and from the information that I gathered I seem to have an issue with apparmor after doing an update & dist-upgrade for my container. There is a thread from 2017 that talked about a similar issue and the solution was to downgrade the kernel. I posted in...

Hi I have been using the openSUSE 15.3 container template for a while now and it has been working great, but after upgrade to 7.2x the apparmor do not work in the containers, old as new ones, it seems to work in the Ubuntu 20.04 container i also have running. i tried to create a new container...

I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a...

Hey there, I work at a small startup where we're currently trying to evaluate whether Proxmox might be able to allow us to run an LXC for each of our data scientists to use and RDP into. Unfortunately, during our testing we're running into some issues that are making this quite difficult. This...

Hello. Please help, containers won't start. Error related to AppArmor . :~# pct start 103 --debug run_apparmor_parser: 915 Failed to run apparmor_parser on "/var/lib/lxc/103/apparmor/lxc-103_<-var-lib-lxc>": Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4...

I'm trying to install the Certbot snap inside a Proxmox container but having issues. Reading the forum threads, I've added the following features to the container: 'nesting=1,fuse=1' But unfortunately, this doesn't help. The relevant error messages are: Unpacking squashfs-tools...

Hi to all, I am trying to install snapd inside lxc of ubuntu 22.04. This was previously ubuntu 21.10 and everything worked fine, but after the upgrade it does not work. I get this error: root@ubuntu-gui:~# apt install snapd Reading package lists... Done Building dependency tree... Done...

I have a problem which might be normal behavior or not, I'm looking for confirmation. Every time I start a privileged container or restart apparmor inside I get the following message in the host's syslog: Apr 12 17:49:12 pm kernel: [154462.321869] audit: type=1400 audit(1649778552.937:390)...

Recently performed an upgrade from 5.4 to 6 and everything seemed alright, then did one from 6 to 7 and now containers are failing to load. ➜ ~ lxc-start -n 100 -lDEBUG --logfile 100_fail.log lxc-start 100 20211227045635.919 ERROR apparmor - lsm/apparmor.c:run_apparmor_parser:915 - Failed...

I am trying to install and cant seem to get it to work. I have enabled FUSE and Nested, Unprivileged = no . I keep getting this apparmor error: root@wekan:~# snap install wekan error: cannot perform the following tasks: - Setup snap "core" (11420) security profiles (cannot setup profiles for...

Hi guys! I'm pretty new to Proxmox, but I feel like I've been doing pretty fine. However, I've run into this really weird issue where I cannot use APT to install some packages in my LXC container. I also had some issues earlier with Docker, but I fixed those by turning on nesting. However, now...