Proxmox PVE9 Upgrade - Apparmor Denied Messages

C

croak3569

New Member
Jul 7, 2024
11
2
3
Hi I upgraded proxmox and everything seems to be working ok; however am constantly seeing this in the syslog.

Would anyone have an idea about this or whether this is a concern.


Aug 10 00:00:01 pve kernel: audit: type=1400 audit(1754798401.538:4061): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34868 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:02 pve kernel: audit: type=1400 audit(1754798402.541:4062): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34880 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:03 pve kernel: audit: type=1400 audit(1754798403.545:4063): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34927 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:04 pve kernel: audit: type=1400 audit(1754798404.548:4064): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34930 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:05 pve kernel: audit: type=1400 audit(1754798405.552:4065): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34936 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:06 pve kernel: audit: type=1400 audit(1754798406.556:4066): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34939 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:07 pve kernel: audit: type=1400 audit(1754798407.559:4067): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34943 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:08 pve kernel: audit: type=1400 audit(1754798408.563:4068): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34945 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:09 pve kernel: audit: type=1400 audit(1754798409.567:4069): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34950 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:10 pve kernel: audit: type=1400 audit(1754798410.571:4070): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34952 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:11 pve kernel: audit: type=1400 audit(1754798411.574:4071): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=34954 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:12 pve kernel: audit: type=1400 audit(1754798412.578:4072): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35034 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:13 pve kernel: audit: type=1400 audit(1754798413.582:4073): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35062 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:14 pve kernel: audit: type=1400 audit(1754798414.585:4074): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35064 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:15 pve kernel: audit: type=1400 audit(1754798415.588:4075): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35066 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:16 pve kernel: audit: type=1400 audit(1754798416.592:4076): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35068 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:17 pve kernel: audit: type=1400 audit(1754798417.595:4077): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35072 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:18 pve kernel: audit: type=1400 audit(1754798418.598:4078): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35074 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
Aug 10 00:00:19 pve kernel: audit: type=1400 audit(1754798419.601:4079): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="docker-default" pid=35076 comm="s6-ipcserver-so" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
 
Just upgraded from 8.1.x to 9.1.2 and noticed such messages here in system log, too:
Dec 07 19:50:22 elbe kernel: audit: type=1400 audit(1765133422.362:535): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-107_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=2105 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Dec 07 19:50:22 elbe kernel: audit: type=1400 audit(1765133422.381:536): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-107_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=2105 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Dec 07 19:50:22 elbe kernel: audit: type=1400 audit(1765133422.381:537): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxc-107_<-var-lib-lxc>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=2105 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=100000 ouid=100000
Dec 07 19:51:27 elbe pveproxy[1616]: worker exit
Dec 07 19:51:27 elbe pveproxy[1613]: worker 1616 finished
Dec 07 19:51:27 elbe pveproxy[1613]: starting 1 worker(s)
Dec 07 19:51:27 elbe pveproxy[1613]: worker 30422 started
Click to expand...

However, I've already rebooted (after upgrade) and still continously get those messages. Any hint how to stop spamming my logs?

FWIW, I do see those messages only for the LXC where docker is running in. I've already read several discussions about those messages, but most of the time they were talking about running Docker on the Proxmox host itself and not inside a container.
 
Last edited:
You must log in or register to reply here.
Top Bottom