The debdiff I've put together for oracular updates the patch to be a bit more general and cover all the signals I've seen so far in testing. (As well as dropping the other patch that has been incorporated upstream).
# Allow certain signals from OCI runtimes (podman, runc and crun) signal (receive) set=(int, quit, kill, term) peer={/usr/bin/,/usr/sbin/,}runc, signal (receive) set=(int, quit, kill, term) peer={/usr/bin/,/usr/sbin/,}crun, signal (receive) set=(int, quit, kill, term) peer={/usr/bin/,/usr/sbin/,}podman, Upstream have said they have no apparmor experience, so I suspect they will take a PR. See https://github.com/containers/common/issues/1898 ** Bug watch added: github.com/containers/common/issues #1898 https://github.com/containers/common/issues/1898 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2040483 Title: AppArmor denies crun sending signals to containers (stop, kill) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-github-containers-common/+bug/2040483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs