Skip to content

Incorrect detection of lack of Apparmor installed #44970

New issue
New issue
Closed
#45043
#44982
Closed
Incorrect detection of lack of Apparmor installed#44970
#45043
#44982
Assignees
neersighted
Labels
area/security/apparmorkind/regressionpriority/P2Normal priority: default priority applied.status/confirmedversion/23.0
Milestone
23.0.2
@XANi

Description

@XANi
XANi
opened on Feb 10, 2023

Description

Package 23.0.1-1~debian.11~bullseye on fresh install gives:

AppArmor enabled on system but the docker-default profile could not be loaded:

the app armor is not installed nor enabled

The bug happened after we installed 23 on new node, previous ones on 20 didn't had the problem

Reproduce

Install docker on fresh debian install

Expected behavior

No response

docker version

Client: Docker Engine - Community
 Version:           23.0.0
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        e92dd87
 Built:             Wed Feb  1 17:43:17 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:46:54 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.16
  GitCommit:        31aa4358a36870b21a992d3ad2bef29e1d693bec
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 53
  Running: 4
  Paused: 0
  Stopped: 49
 Images: 7
 Server Version: 23.0.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 31aa4358a36870b21a992d3ad2bef29e1d693bec
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.10.0-21-amd64
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 29.39GiB
 Name: d1-fw-kube20
 ID: 91ef61ab-0b63-4f4b-9f6c-6cfb41903247
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response

Metadata

Metadata

Assignees

Labels

area/security/apparmorkind/regressionpriority/P2Normal priority: default priority applied.status/confirmedversion/23.0

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions