Hello, As explained in the gitlab Issue, the runC profile shipped by Ubuntu is unconfined to allow the usage of unprivileged userns, and it should stay like this (until we have a strongly confining profile).
Can you confirm me that you indeed use a stock profile (i.e. expecting unconfined) If you want to load a profile without changing its mode, I please use `apparmor_parser -r` and not `aa-enforce`. I created a MR to make aa-enforce/aa-complain refuse changing the mode of an unconfined profile unless --force is specified. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142545 Title: AppArmor runc profile restriction on Ubuntu 24.04 (Noble) due to ABI 4.0/5.0 mismatch in Anthos on VMware images To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/2142545/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
