Docker/Apparmor on PBS does not work

[flori]

Hi all,

I've just installed a fresh proxmox backup server. To add two little internal services I also installed docker and wanted to spin the containers up. This actually did not work.
After digging into the details I recognized that Apparmor in combination with the PVE kernel is causing my problems. So using an original debian kernel works without any problems. I'm aware that this is maybe not the recommended setup but I'm interested if anyone maybe stumpled over the same/similar issues and has an solution (beside disabling the apparmor profiles for the docker containers )

Thanks!

 

[yenoromm]

Hey!

I am encountering the same problem. Did you ever find a solution outside of disabling AppArmor, changing the docker-default profile or changing the kernel?

audit: type=1400 audit(1658799096.780:5555): apparmor="DENIED" operation="create" profile="docker-default" pid=940144 comm="AdGuardHome" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"

 

[flori]

Sadly I have not found a feasable solution for this bug.

 

[yenoromm]

I transitioned to podman on this host in the end to get around this. Substitute docker in your commands with podman (once installed) and it has been working seamlessly.

 

[ph0x]

Docker is garbage* anyway, so better move to podman while you still can.


*Exaggerating on purpose, but the ever growing /var/lib/docker is just a no no.

 

[yenoromm]

Docker is garbage* anyway, so better move to podman while you still can.


*Exaggerating on purpose, but the ever growing /var/lib/docker is just a no no.

But the maturity of docker-compose compared to podman-compose is leaps and bounds ahead.

 

[ph0x]

I happily work with a less mature tool if that means it doesn't consume all available hdd space after some time.