I'm having an issue with Proxmox 7.2 (and also on previous versions); when I create a fresh, privileged Ubuntu container, I cannot get apparmor to load. I've tried with nesting on and off as well. I don't believe I've done anything funky with the hosts at all; but they have all been around for a while if that is relevant at all (I believe they began life as 5.4 or 5.7, somewhere around there, and have been through the 5to6 and 6to7 upgrade processes).
Code:
Aug 15 22:46:48 testubuntu apparmor.systemd[80]: Restarting AppArmor
Aug 15 22:46:48 testubuntu apparmor.systemd[80]: Reloading AppArmor profiles
Aug 15 22:46:47 testubuntu systemd[1]: Starting Load AppArmor profiles...
Aug 15 22:46:49 testubuntu apparmor.systemd[95]: /sbin/apparmor_parser: Unable to replace "lsb_release". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[96]: /sbin/apparmor_parser: Unable to replace "kmod". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[96]: /sbin/apparmor_parser: Unable to replace "nvidia_modprobe". Permission denied; attempted to load a profile while confin>
Aug 15 22:46:49 testubuntu apparmor.systemd[98]: /sbin/apparmor_parser: Unable to replace "/usr/bin/man". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[99]: /sbin/apparmor_parser: Unable to replace "tcpdump". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[100]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 15 22:46:49 testubuntu apparmor.systemd[97]: /sbin/apparmor_parser: Unable to replace "/usr/lib/NetworkManager/nm-dhcp-client.action". Permission denied; attempted >
Aug 15 22:46:49 testubuntu apparmor.systemd[131]: /sbin/apparmor_parser: Unable to replace "kmod". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[131]: /sbin/apparmor_parser: Unable to replace "nvidia_modprobe". Permission denied; attempted to load a profile while confi>
Aug 15 22:46:49 testubuntu apparmor.systemd[130]: /sbin/apparmor_parser: Unable to replace "lsb_release". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:49 testubuntu apparmor.systemd[135]: /sbin/apparmor_parser: Unable to replace "/usr/bin/man". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:50 testubuntu apparmor.systemd[133]: /sbin/apparmor_parser: Unable to replace "/usr/lib/NetworkManager/nm-dhcp-client.action". Permission denied; attempted>
Aug 15 22:46:50 testubuntu apparmor.systemd[139]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 15 22:46:50 testubuntu apparmor.systemd[137]: /sbin/apparmor_parser: Unable to replace "tcpdump". Permission denied; attempted to load a profile while confined?
Aug 15 22:46:50 testubuntu apparmor.systemd[80]: Error: At least one profile failed to load
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Failed with result 'exit-code'.
Aug 15 22:46:50 testubuntu systemd[1]: Failed to start Load AppArmor profiles.
Aug 15 22:46:50 testubuntu systemd[1]: apparmor.service: Consumed 1.943s CPU time.
Code:
proxmox-ve: 7.2-1 (running kernel: 5.15.39-3-pve)
pve-manager: 7.2-7 (running version: 7.2-7/d0dd0e85)
pve-kernel-5.15: 7.2-8
pve-kernel-helper: 7.2-8
pve-kernel-5.13: 7.1-9
pve-kernel-5.4: 6.4-11
pve-kernel-5.3: 6.1-6
pve-kernel-5.15.39-3-pve: 5.15.39-3
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.4.157-1-pve: 5.4.157-1
pve-kernel-5.4.128-1-pve: 5.4.128-2
pve-kernel-5.4.106-1-pve: 5.4.106-1
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-5.4.44-2-pve: 5.4.44-2
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-4.15: 5.4-12
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.3.13-1-pve: 5.3.13-1
pve-kernel-4.13: 5.2-2
pve-kernel-4.15.18-24-pve: 4.15.18-52
pve-kernel-4.15.18-11-pve: 4.15.18-34
pve-kernel-4.15.18-10-pve: 4.15.18-32
pve-kernel-4.15.18-9-pve: 4.15.18-30
pve-kernel-4.15.18-8-pve: 4.15.18-28
pve-kernel-4.15.18-2-pve: 4.15.18-21
pve-kernel-4.15.17-3-pve: 4.15.17-14
pve-kernel-4.15.17-1-pve: 4.15.17-9
pve-kernel-4.13.16-4-pve: 4.13.16-51
pve-kernel-4.13.16-3-pve: 4.13.16-50
pve-kernel-4.13.16-2-pve: 4.13.16-48
pve-kernel-4.13.16-1-pve: 4.13.16-46
pve-kernel-4.13.13-4-pve: 4.13.13-35
pve-kernel-4.4.98-3-pve: 4.4.98-103
pve-kernel-4.4.76-1-pve: 4.4.76-94
pve-kernel-4.4.35-1-pve: 4.4.35-77
ceph: 15.2.16-pve1
ceph-fuse: 15.2.16-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve1
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-4
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-2
libpve-guest-common-perl: 4.1-2
libpve-http-server-perl: 4.1-3
libpve-storage-perl: 7.2-7
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.5-1
proxmox-backup-file-restore: 2.2.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.5.1
pve-cluster: 7.2-2
pve-container: 4.2-2
pve-docs: 7.2-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.5-1
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 6.2.0-11
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.5-pve1