Ubuntu LXC - Can't start AppArmor

4am

Active Member
Oct 24, 2016
7
1
43
42
Rhode Island, USA
I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a while if that is relevant at all (I believe they began life as 5.4 or 5.7, somewhere around there, and have been through the 5to6 and 6to7 upgrade processes).

Code:
Aug 15 22:46:48 testubuntu apparmor.systemd[80]: Restarting AppArmor
Aug 15 22:46:48 testubuntu apparmor.systemd[80]: Reloading AppArmor profiles
Aug 15 22:46:47 testubuntu systemd[1]: Starting Load AppArmor profiles...
Aug 15 22:46:49 testubuntu apparmor.systemd[95]: /sbin/apparmor_parser: Unable to replace "lsb_release".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[96]: /sbin/apparmor_parser: Unable to replace "kmod".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[96]: /sbin/apparmor_parser: Unable to replace "nvidia_modprobe".  Permission denied; attempted to load a profile while confin>
Aug 15 22:46:49 testubuntu apparmor.systemd[98]: /sbin/apparmor_parser: Unable to replace "/usr/bin/man".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[99]: /sbin/apparmor_parser: Unable to replace "tcpdump".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[100]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 15 22:46:49 testubuntu apparmor.systemd[97]: /sbin/apparmor_parser: Unable to replace "/usr/lib/NetworkManager/nm-dhcp-client.action".  Permission denied; attempted >
Aug 15 22:46:49 testubuntu apparmor.systemd[131]: /sbin/apparmor_parser: Unable to replace "kmod".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[131]: /sbin/apparmor_parser: Unable to replace "nvidia_modprobe".  Permission denied; attempted to load a profile while confi>
Aug 15 22:46:49 testubuntu apparmor.systemd[130]: /sbin/apparmor_parser: Unable to replace "lsb_release".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[135]: /sbin/apparmor_parser: Unable to replace "/usr/bin/man".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:50 testubuntu apparmor.systemd[133]: /sbin/apparmor_parser: Unable to replace "/usr/lib/NetworkManager/nm-dhcp-client.action".  Permission denied; attempted>
Aug 15 22:46:50 testubuntu apparmor.systemd[139]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 15 22:46:50 testubuntu apparmor.systemd[137]: /sbin/apparmor_parser: Unable to replace "tcpdump".  Permission denied; attempted to load a profile while confined?
Aug 15 22:46:50 testubuntu apparmor.systemd[80]: Error: At least one profile failed to load
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Failed with result 'exit-code'.
Aug 15 22:46:50 testubuntu systemd[1]: Failed to start Load AppArmor profiles.
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Consumed 1.943s CPU time.

Code:
proxmox-ve: 7.2-1 (running kernel: 5.15.39-3-pve)
pve-manager: 7.2-7 (running version: 7.2-7/d0dd0e85)
pve-kernel-5.15: 7.2-8
pve-kernel-helper: 7.2-8
pve-kernel-5.13: 7.1-9
pve-kernel-5.4: 6.4-11
pve-kernel-5.3: 6.1-6
pve-kernel-5.15.39-3-pve: 5.15.39-3
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.4.157-1-pve: 5.4.157-1
pve-kernel-5.4.128-1-pve: 5.4.128-2
pve-kernel-5.4.106-1-pve: 5.4.106-1
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-5.4.44-2-pve: 5.4.44-2
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-4.15: 5.4-12
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.3.13-1-pve: 5.3.13-1
pve-kernel-4.13: 5.2-2
pve-kernel-4.15.18-24-pve: 4.15.18-52
pve-kernel-4.15.18-11-pve: 4.15.18-34
pve-kernel-4.15.18-10-pve: 4.15.18-32
pve-kernel-4.15.18-9-pve: 4.15.18-30
pve-kernel-4.15.18-8-pve: 4.15.18-28
pve-kernel-4.15.18-2-pve: 4.15.18-21
pve-kernel-4.15.17-3-pve: 4.15.17-14
pve-kernel-4.15.17-1-pve: 4.15.17-9
pve-kernel-4.13.16-4-pve: 4.13.16-51
pve-kernel-4.13.16-3-pve: 4.13.16-50
pve-kernel-4.13.16-2-pve: 4.13.16-48
pve-kernel-4.13.16-1-pve: 4.13.16-46
pve-kernel-4.13.13-4-pve: 4.13.13-35
pve-kernel-4.4.98-3-pve: 4.4.98-103
pve-kernel-4.4.76-1-pve: 4.4.76-94
pve-kernel-4.4.35-1-pve: 4.4.35-77
ceph: 15.2.16-pve1
ceph-fuse: 15.2.16-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve1
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-4
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-2
libpve-guest-common-perl: 4.1-2
libpve-http-server-perl: 4.1-3
libpve-storage-perl: 7.2-7
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.5-1
proxmox-backup-file-restore: 2.2.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.5.1
pve-cluster: 7.2-2
pve-container: 4.2-2
pve-docs: 7.2-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.5-1
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 6.2.0-11
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.5-pve1
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!