All of my upgraded hosts are throwing this error.
No guests. No LXC containers. No nothing there. Just an empty, upgraded host. Throwing errors.
[353827.192186] audit: type=1400 audit(1780020537.902:27110): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/usr/sbin/ntpd" pid=3618 comm="ntpd" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
The advice I've seen so far has been fairly light on actual advice.
Mostly it consisted of "go read this", pointing to a page that points to a page, none of which has a full path to resolution.
Even Fiona chimed in and was no help. Sadly. And she usually does try.
Fiona's advice referred to this.
https://pve.proxmox.com/wiki/Roadmap#9.0-known-issues
AppArmor 4
Proxmox VE 9 ships with AppArmor version 4.1. Since this version is relatively new, you might see regressions in packages that are not part of the core Proxmox VE distribution, for example, the CUPS printing daemon.
Most issues with older profiles can be resolved by configuring AppArmor to use the 3.0 ABI by adding the abi <abi/3.0>, rule to the relevant profile. For more details, see the AppArmor Wiki.
There is also a known issue with nested containerization (e.g., Docker inside an LXC container). This issue is tracked as bug #6538.
Well, either that doesn't work, or I need better directions on how to make it work.
This appears to be a global issue in my environment. If you've upgraded any hosts, maybe you'll see it too?
Try this.
dmesg | grep apparmor
No guests. No LXC containers. No nothing there. Just an empty, upgraded host. Throwing errors.
[353827.192186] audit: type=1400 audit(1780020537.902:27110): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/usr/sbin/ntpd" pid=3618 comm="ntpd" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
The advice I've seen so far has been fairly light on actual advice.
Mostly it consisted of "go read this", pointing to a page that points to a page, none of which has a full path to resolution.
Even Fiona chimed in and was no help. Sadly. And she usually does try.
Fiona's advice referred to this.
https://pve.proxmox.com/wiki/Roadmap#9.0-known-issues
AppArmor 4
Proxmox VE 9 ships with AppArmor version 4.1. Since this version is relatively new, you might see regressions in packages that are not part of the core Proxmox VE distribution, for example, the CUPS printing daemon.
Most issues with older profiles can be resolved by configuring AppArmor to use the 3.0 ABI by adding the abi <abi/3.0>, rule to the relevant profile. For more details, see the AppArmor Wiki.
There is also a known issue with nested containerization (e.g., Docker inside an LXC container). This issue is tracked as bug #6538.
Well, either that doesn't work, or I need better directions on how to make it work.
This appears to be a global issue in my environment. If you've upgraded any hosts, maybe you'll see it too?
Try this.
dmesg | grep apparmor
