I'll copy the workaround I mentioned in #2039294 here: As a temporary workaround, put the file I have attached to /etc/apparmor.d/docker-default and load it with "apparmor_parser -Kr /etc/apparmor.d/docker-default". It will make dockerd skip loading its builtin profile as docker-default. It will also stick across reboots. The only difference between the builtin profile and the attached one are the following rules:
# runc may send signals to container processes signal (receive) peer=runc, Add similar line for crun if you're using crun. ** Attachment added: "docker-default" https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/2063099/+attachment/5770044/+files/docker-default -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063099 Title: Stopping container signal blocked by AppArmor on Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/2063099/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
