Public bug reported: Environment: k8s 1.30.2, containerd 1.7.12 (package in ubuntu repo)
When I do a k8s deployment update, the old pods stay in 'Terminating' status. The /var/log/syslog has the following messages: 2024-07-05T15:52:07.892132+08:00 km kernel: audit: type=1400 audit(1720165927.890:2191): apparmor="DENIED" operation="signal" class="signal" profile="cri-containerd.apparmor.d" pid=134029 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="runc" Workaround: currently I disable the apparmor.service and reboot the system. Info from github: https://github.com/moby/moby/pull/47749/files#diff-4a7aa58be335398fb04f9f1634143e158146b57c6256a2d605f9eb3c3c53d840 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: alsa-base (not installed) ProcVersionSignature: Ubuntu 6.8.0-36.36-generic 6.8.4 Uname: Linux 6.8.0-36-generic x86_64 ApportVersion: 2.28.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass Date: Mon Jul 8 09:26:20 2024 InstallationDate: Installed on 2024-07-03 (5 days ago) InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423) SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072452 Title: AppArmor denies crun sending signals to containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2072452/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
