Hi all,
I'm using a HP EliteDesk G2 SFF desktop with Proxmox VE as the host for my home-lab for a few years. It's running a few LXC containers for my Home Automation.
The desktop is connected to a monitor which is also connected to my corporate work-laptop. I've configured Proxmox to output the Proxmox console/terminal and i'm able to login via the connected keyboard/monitor.
Every now and then i want to do some tinkering for which i had created a privileged LXC container running Ubuntu Gnome. By adding binding configuration to the configuration file, i've been able to get a desktop environment working. I'm aware that this is not for which containers and Proxmox is intended, but for me this a simplistic solution. I can do my tinkering without polluting the Proxmox-host with applications and configuration.
Recently i wanted to create a new desktop container, but found that using the more recent Ubuntu container templates (v22.10) gave warnings/errors about apparmor. The errors remained even after adding `apparmor: unconfined` to the configuration. The errors are related to `snapd`. During the Ubuntu Desktop setup (via tasksel), the errors start when installing Firefox (which is a "Snap").
Examples of errors:
```
Debian:
kernel: [76340.751202] audit: type=1400 audit(1671958268.625:586): apparmor="DENIED" operation="mount" info="fai led perms check" error=-13 profile="lxc-116_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=1644968 comm="(d-logind)" srcname="/" flags="rw, rbind"
...
Ubuntu:
kernel: [74512.568883] audit: type=1400 audit(1671956440.467:198): apparmor="STATUS" operation="profile_replace" info="not policy admin" error=-13 label="lxc-122_</var/lib/lxc>//&:lxc-122_<-var-lib-lxc>:unconfined" pid=865612 comm="apparmor_par ser"
```
I also tried to install a desktop container based on Alpine, which went without a hitch. Unfortunatly VSCode doesn't install/run on Alpine, which i need for my tinkering.
I did notice this thread, but it looks kinda low-level. Would this resolve my issue also?
https://forum.proxmox.com/threads/snapd-certbot-inside-a-proxmox-container.112358/#post-486659
Can anybody give me some insight on how to resolve the AppArmor-issues?
I'm using a HP EliteDesk G2 SFF desktop with Proxmox VE as the host for my home-lab for a few years. It's running a few LXC containers for my Home Automation.
The desktop is connected to a monitor which is also connected to my corporate work-laptop. I've configured Proxmox to output the Proxmox console/terminal and i'm able to login via the connected keyboard/monitor.
Every now and then i want to do some tinkering for which i had created a privileged LXC container running Ubuntu Gnome. By adding binding configuration to the configuration file, i've been able to get a desktop environment working. I'm aware that this is not for which containers and Proxmox is intended, but for me this a simplistic solution. I can do my tinkering without polluting the Proxmox-host with applications and configuration.
Recently i wanted to create a new desktop container, but found that using the more recent Ubuntu container templates (v22.10) gave warnings/errors about apparmor. The errors remained even after adding `apparmor: unconfined` to the configuration. The errors are related to `snapd`. During the Ubuntu Desktop setup (via tasksel), the errors start when installing Firefox (which is a "Snap").
Examples of errors:
```
Debian:
kernel: [76340.751202] audit: type=1400 audit(1671958268.625:586): apparmor="DENIED" operation="mount" info="fai led perms check" error=-13 profile="lxc-116_</var/lib/lxc>" name="/run/systemd/unit-root/" pid=1644968 comm="(d-logind)" srcname="/" flags="rw, rbind"
...
Ubuntu:
kernel: [74512.568883] audit: type=1400 audit(1671956440.467:198): apparmor="STATUS" operation="profile_replace" info="not policy admin" error=-13 label="lxc-122_</var/lib/lxc>//&:lxc-122_<-var-lib-lxc>:unconfined" pid=865612 comm="apparmor_par ser"
```
I also tried to install a desktop container based on Alpine, which went without a hitch. Unfortunatly VSCode doesn't install/run on Alpine, which i need for my tinkering.
I did notice this thread, but it looks kinda low-level. Would this resolve my issue also?
https://forum.proxmox.com/threads/snapd-certbot-inside-a-proxmox-container.112358/#post-486659
Can anybody give me some insight on how to resolve the AppArmor-issues?
Last edited: