Public bug reported: This is a summary of my 2 posts: 1. https://forum.snapcraft.io/t/call-for-testing-of-the-docker-snap/7710/31?u=huygens 2. https://forum.snapcraft.io/t/call-for-testing-of-the-docker-snap/7710/32?u=huygens
In brief, I want to activate User Namespace for Docker. Currently using Docker provided as Snap package, it is not possible to use the `userns- remap` option with the default value. AppArmor denies the permission to create a new user. I went the manual way, creating the user and appropriate UID/GID mapping. But still AppArmor denies reading access to /etc/subuid and /etc/subgid. So the problem is: User Namespace does not work out of the box. Solution: I have edited this file `/var/lib/snapd/apparmor/profiles/snap.docker.dockerd` and added the `subuid` and `subgid` to the authorised list of file with read-only permission. After making sure the changes were activated, I got the result (snippet from `sudo docker info` command): Security Options: apparmor seccomp Profile: default userns And running `sudo docker run hello-world` did work as well. Could you make the change permanent? ** Affects: docker (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822004 Title: User Namespace fails with Docker Snap - AppArmor profile too restrictive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker/+bug/1822004/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs