Bug Report: lxc.apparmor.profile: unconfined not applied in unprivileged containers (lxc-pve 6.0.0-2)

T

t2md

New Member
Dec 10, 2025
1
0
1
Bug Report: lxc.apparmor.profile: unconfined not applied in unprivileged containers (lxc-pve 6.0.0-2)

================================================================================
SUMMARY
================================================================================

After upgrading from lxc-pve 6.0.0-1 to 6.0.0-2, the lxc.apparmor.profile: unconfined setting in LXC container configuration is no longer being applied to unprivileged containers. The container continues to use the default /usr/bin/lxc-start (enforce) profile instead of unconfined, preventing Docker from accessing /sys/kernel/security/apparmor/profiles.

================================================================================
ENVIRONMENT
================================================================================

- Proxmox VE Version: (check with pveversion)
- LXC Package: lxc-pve 6.0.0-2 (upgraded from 6.0.0-1)
- Kernel: proxmox-kernel-6.8:amd64 6.8.12-17 (upgraded from 6.8.12-16)
- Container Type: Unprivileged LXC container
- Container OS: Ubuntu (inside container)

================================================================================
STEPS TO REPRODUCE
================================================================================

1. Create or configure an unprivileged LXC container with:
lxc.apparmor.profile: unconfined
lxc.cap.drop:

2. Start the container: pct start <container-id>

3. Check the actual AppArmor profile being used:
cat /proc/$(pgrep -f "lxc-start.*<container-id>")/attr/current

4. Expected: Should show unconfined

5. Actual: Shows /usr/bin/lxc-start (enforce)

================================================================================
EXPECTED BEHAVIOR
================================================================================

The lxc.apparmor.profile: unconfined setting should be applied, allowing the container to run with an unconfined AppArmor profile, enabling access to /sys/kernel/security/apparmor/profiles and other restricted paths.

================================================================================
ACTUAL BEHAVIOR
================================================================================

The container ignores the lxc.apparmor.profile: unconfined setting and continues to use the default /usr/bin/lxc-start (enforce) profile. This prevents:

- Reading /sys/kernel/security/apparmor/profiles from inside the container
- Docker from checking AppArmor profiles, causing errors: "Could not check if docker-default AppArmor profile was loaded: open /sys/kernel/security/apparmor/profiles: permission denied"

================================================================================
CONFIGURATION
================================================================================

Container config (/etc/pve/lxc/103.conf):

arch: amd64
cores: 2
features: nesting=1
hostname: server
memory: 3072
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:FC:1A:EF,ip=dhcp,ip6=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: local:103/vm-103-disk-0.raw,size=32G
swap: 0
unprivileged: 1
lxc.apparmor.profile: unconfined
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file,required
lxc.cap.drop:

Verification that Proxmox reads the config:

root@pve:~# pct config 103 | grep -i apparmor
lxc.apparmor.profile: unconfined

But the actual profile applied:

root@pve:~# cat /proc/$(pgrep -f "lxc-start.*103")/attr/current
/usr/bin/lxc-start (enforce)

================================================================================
IMPACT
================================================================================

- Docker containers cannot start inside unprivileged LXC containers that require AppArmor profile checks
- Workarounds that previously worked (using lxc.apparmor.profile: unconfined) no longer function
- Users must either make containers privileged (security reduction) or downgrade LXC package

================================================================================
WORKAROUND
================================================================================

Temporary workaround: Make the container privileged by changing unprivileged: 1 to unprivileged: 0, but this reduces security isolation.

================================================================================
ADDITIONAL INFORMATION
================================================================================

- This worked correctly in lxc-pve 6.0.0-1
- The issue appeared after upgrading to lxc-pve 6.0.0-2 on 2025-12-09
- AppArmor service was reloaded on the host around the same time (2025-12-09 18:48:16)
- Restarting AppArmor service and the LXC container does not resolve the issue
- The changelog for lxc-pve 6.0.0-2 mentions changes to /proc and /sys restrictions when nesting is enabled, which may be related

================================================================================
RELATED
================================================================================

- Changelog entry for lxc-pve 6.0.0-2: "fix #7006: do not restrict /proc or /sys if nesting is enabled anyway"
- This may be related to how AppArmor profiles are applied when nesting is enabled
 
the processes inside the container are still unconfined as expected, whereas without that config line they are confined by the container profile:

without unconfined (PID 1/systemd of the container):
Code: 
$ cat /proc/135279/attr/current
lxc-3336_</var/lib/lxc>//&:lxc-3336_<-var-lib-lxc>:unconfined (enforce)

with unconfined:
Code: 
$ cat /proc/141188/attr/current
unconfined
 
  • Like
Reactions: Johannes S
You must log in or register to reply here.
Top Bottom