apparmor

  1. E

    [SOLVED] i2p on Debian containers Proxmox, aka. Apparmor is broken on Debian LXC Container for both privileged and unprivileged. Fix inside.

    pveversion is at the bottom to save time for people looking only for the fix. Generally I do not use apparmor on my containers and I find them suitably secure as they are. But recently I experienced a situation where I had to get apparmor working, if not just temporarily. During the...
  2. M

    Samba file server in LXC container

    I want to setup a Samba file server in an LXC container. I found that it works perfectly fine when I use a privileged container. However, I am unsure if it is a good idea to use a privileged container. I could sleep well better if I used a unprivileged container, but using the exactly same...
  3. D

    Are there any AppArmor profiles that I can use on the Proxmox host server? Or is AppArmor not recommended for the host server?

    I would like to beef up my Proxmox server's security a bit. Just wondering if there are any AppArmor profiles out there for Proxmox or need to know if it's just not recommended to enable AppArmor on the Proxmox server at all?
  4. K

    [SOLVED] Docker / Portainer läuft nicht mehr

    Hi zusammen, kurz zum Hintergrund: ich bin durch Bitwarden zum Proxmox gekommen. Wollte keepass durch etwas modernes ersetzen, aber bei mir zuhause gehostet. Hatte bisher nur mit Linux nur am Rande zu tun, geschäftlich und privat. Durch diverse Tutorials & Co lief der Proxmox recht fix und...
  5. P

    LXC does not start after update/upgrade - apparmor issue(?)

    Hi there! I am running Proxmox 6.4-13 and from the information that I gathered I seem to have an issue with apparmor after doing an update & dist-upgrade for my container. There is a thread from 2017 that talked about a similar issue and the solution was to downgrade the kernel. I posted in...
  6. R

    AppArmor problem in containers based on openSUSE template

    Hi I have been using the openSUSE 15.3 container template for a while now and it has been working great, but after upgrade to 7.2x the apparmor do not work in the containers, old as new ones, it seems to work in the Ubuntu 20.04 container i also have running. i tried to create a new container...
  7. 4

    Ubuntu LXC - Can't start AppArmor

    I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a...
  8. R

    Privileged Containers and AppArmor: Any advice appreciated!

    Hey there, I work at a small startup where we're currently trying to evaluate whether Proxmox might be able to allow us to run an LXC for each of our data scientists to use and RDP into. Unfortunately, during our testing we're running into some issues that are making this quite difficult. This...
  9. W

    Failed to initialize container

    Hello. Please help, containers won't start. Error related to AppArmor . :~# pct start 103 --debug run_apparmor_parser: 915 Failed to run apparmor_parser on "/var/lib/lxc/103/apparmor/lxc-103_<-var-lib-lxc>": Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4...
  10. N

    [SOLVED] Snapd, Certbot inside a Proxmox container

    I'm trying to install the Certbot snap inside a Proxmox container but having issues. Reading the forum threads, I've added the following features to the container: 'nesting=1,fuse=1' But unfortunately, this doesn't help. The relevant error messages are: Unpacking squashfs-tools...
  11. D

    unable to install snapd inside lxc ubuntu 22.04

    Hi to all, I am trying to install snapd inside lxc of ubuntu 22.04. This was previously ubuntu 21.10 and everything worked fine, but after the upgrade it does not work. I get this error: root@ubuntu-gui:~# apt install snapd Reading package lists... Done Building dependency tree... Done...
  12. T

    Apparmor in privileged container

    I have a problem which might be normal behavior or not, I'm looking for confirmation. Every time I start a privileged container or restart apparmor inside I get the following message in the host's syslog: Apr 12 17:49:12 pm kernel: [154462.321869] audit: type=1400 audit(1649778552.937:390)...
  13. X

    [SOLVED] Container fails to start after upgrade from 6 to 7

    Recently performed an upgrade from 5.4 to 6 and everything seemed alright, then did one from 6 to 7 and now containers are failing to load. ➜ ~ lxc-start -n 100 -lDEBUG --logfile 100_fail.log lxc-start 100 20211227045635.919 ERROR apparmor - lsm/apparmor.c:run_apparmor_parser:915 - Failed...
  14. P

    Has anyone gotten Wekan to work inside an LXC?

    I am trying to install and cant seem to get it to work. I have enabled FUSE and Nested, Unprivileged = no . I keep getting this apparmor error: root@wekan:~# snap install wekan error: cannot perform the following tasks: - Setup snap "core" (11420) security profiles (cannot setup profiles for...
  15. B

    Weird permission issues with APT in a priviledged LXC container?

    Hi guys! I'm pretty new to Proxmox, but I feel like I've been doing pretty fine. However, I've run into this really weird issue where I cannot use APT to install some packages in my LXC container. I also had some issues earlier with Docker, but I fixed those by turning on nesting. However, now...
  16. B

    LXC and cset/cpuset quirk - all apparmor processes unconfined

    Hi I'm using proxmox to host multiple LXC's and VM's, in order to get good gaming performance on my windows VM I am using cset and taskset to pin the windows cores to the last 8c/16t of my cpu. I have run into an issue with cset and lxc containers where if I define a slice for the windows VM...
  17. M

    Apparmor permission issues after switching from unprivileged to privileged LXC

    I was running an unprivileged LXC and converted it to a privileged one (backed it up and then restored with it set to privileged) and now I have issues with Apparmor. My main problem is starting a Docker container ~/pihole$ docker-compose up Creating network "pihole_default" with the default...
  18. L

    Another apparmor="DENIED" flooded syslog

    Hi. I've read the numerous threads regarding apparmor flooding syslog with messages related to actions not allowed to be performed inside containers but can't figure still how to reduce os investigate and only seem to find the solution of ignoring with conf on syslog. In this case is a new PVE6...
  19. M

    How to update default AppArmor profile for containers

    How is apparmor profile "generated" created? How can we add additional rules to this profile? Or is there another way how to create profile with everything default generated profeile has but with added rules? We need to deny some operations inside LXC containers.
  20. I

    [SOLVED] Privileged LXC container can't get IP (AppArmor)

    Oct 11 11:10:29 pve-lap systemd[1]: Started PVE LXC Container: 118. Oct 11 11:10:29 pve-lap pvedaemon[20472]: <root@pam> end task UPID:pve-lap:00000877:10AC5DF9:5DA04703:vzstart:118:root@pam: OK Oct 11 11:10:30 pve-lap audit[2417]: AVC apparmor="DENIED" operation="mount" info="failed flags...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!