apparmor

I want to setup a Samba file server in an LXC container. I found that it works perfectly fine when I use a privileged container. However, I am unsure if it is a good idea to use a privileged container. I could sleep well better if I used a unprivileged container, but using the exactly same...

I would like to beef up my Proxmox server's security a bit. Just wondering if there are any AppArmor profiles out there for Proxmox or need to know if it's just not recommended to enable AppArmor on the Proxmox server at all?

Hi zusammen, kurz zum Hintergrund: ich bin durch Bitwarden zum Proxmox gekommen. Wollte keepass durch etwas modernes ersetzen, aber bei mir zuhause gehostet. Hatte bisher nur mit Linux nur am Rande zu tun, geschäftlich und privat. Durch diverse Tutorials & Co lief der Proxmox recht fix und...

Hi there! I am running Proxmox 6.4-13 and from the information that I gathered I seem to have an issue with apparmor after doing an update & dist-upgrade for my container. There is a thread from 2017 that talked about a similar issue and the solution was to downgrade the kernel. I posted in...

Hi I have been using the openSUSE 15.3 container template for a while now and it has been working great, but after upgrade to 7.2x the apparmor do not work in the containers, old as new ones, it seems to work in the Ubuntu 20.04 container i also have running. i tried to create a new container...

I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a...

Hey there, I work at a small startup where we're currently trying to evaluate whether Proxmox might be able to allow us to run an LXC for each of our data scientists to use and RDP into. Unfortunately, during our testing we're running into some issues that are making this quite difficult. This...

Hello. Please help, containers won't start. Error related to AppArmor . :~# pct start 103 --debug run_apparmor_parser: 915 Failed to run apparmor_parser on "/var/lib/lxc/103/apparmor/lxc-103_<-var-lib-lxc>": Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4...

I'm trying to install the Certbot snap inside a Proxmox container but having issues. Reading the forum threads, I've added the following features to the container: 'nesting=1,fuse=1' But unfortunately, this doesn't help. The relevant error messages are: Unpacking squashfs-tools...

Hi to all, I am trying to install snapd inside lxc of ubuntu 22.04. This was previously ubuntu 21.10 and everything worked fine, but after the upgrade it does not work. I get this error: root@ubuntu-gui:~# apt install snapd Reading package lists... Done Building dependency tree... Done...

I have a problem which might be normal behavior or not, I'm looking for confirmation. Every time I start a privileged container or restart apparmor inside I get the following message in the host's syslog: Apr 12 17:49:12 pm kernel: [154462.321869] audit: type=1400 audit(1649778552.937:390)...

Recently performed an upgrade from 5.4 to 6 and everything seemed alright, then did one from 6 to 7 and now containers are failing to load. ➜ ~ lxc-start -n 100 -lDEBUG --logfile 100_fail.log lxc-start 100 20211227045635.919 ERROR apparmor - lsm/apparmor.c:run_apparmor_parser:915 - Failed...

I am trying to install and cant seem to get it to work. I have enabled FUSE and Nested, Unprivileged = no . I keep getting this apparmor error: root@wekan:~# snap install wekan error: cannot perform the following tasks: - Setup snap "core" (11420) security profiles (cannot setup profiles for...

Hi guys! I'm pretty new to Proxmox, but I feel like I've been doing pretty fine. However, I've run into this really weird issue where I cannot use APT to install some packages in my LXC container. I also had some issues earlier with Docker, but I fixed those by turning on nesting. However, now...

Hi I'm using proxmox to host multiple LXC's and VM's, in order to get good gaming performance on my windows VM I am using cset and taskset to pin the windows cores to the last 8c/16t of my cpu. I have run into an issue with cset and lxc containers where if I define a slice for the windows VM...

I was running an unprivileged LXC and converted it to a privileged one (backed it up and then restored with it set to privileged) and now I have issues with Apparmor. My main problem is starting a Docker container ~/pihole$ docker-compose up Creating network "pihole_default" with the default...

Hi. I've read the numerous threads regarding apparmor flooding syslog with messages related to actions not allowed to be performed inside containers but can't figure still how to reduce os investigate and only seem to find the solution of ignoring with conf on syslog. In this case is a new PVE6...

How is apparmor profile "generated" created? How can we add additional rules to this profile? Or is there another way how to create profile with everything default generated profeile has but with added rules? We need to deny some operations inside LXC containers.

Oct 11 11:10:29 pve-lap systemd[1]: Started PVE LXC Container: 118. Oct 11 11:10:29 pve-lap pvedaemon[20472]: <root@pam> end task UPID:pve-lap:00000877:10AC5DF9:5DA04703:vzstart:118:root@pam: OK Oct 11 11:10:30 pve-lap audit[2417]: AVC apparmor="DENIED" operation="mount" info="failed flags...

Hello everyone, I have a ubuntu lxc - container with ubuntu 18.04 and installed snapd, but with problems. In my lxc config I have the following lines added: features: nesting=1,fuse=1,mount=nfs lxc.cap.drop: I can start the snapd container with rocketchat server but in syslog I have the...