I'm adding an apparmor task because of this claim in the runc GH issue[1]: """ This is caused by a design flaw in AppArmor when running runc (or Docker/Podman/containerd) inside a nested container that has an AppArmor profile applied (the very short explanation is that AppArmor incorrectly thinks that when runc accesses /proc/sys/... that it is accessing /sys/... and it rejects the access attempt because it violates the configured AppArmor policy). """
1. https://github.com/opencontainers/runc/issues/4968 ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131008 Title: runcopen sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: To manage notifications about this bug go to: https://bugs.launchpad.net/lxd/+bug/2131008/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
