I am trying to apply the following simple AppArmor profile:
#include <tunables/global>
profile docker-profile flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#network,
#capability,
#file,
#umount,
#ptrace,
#mount,
pivot_root,
}
When I run docker run -it --rm --security-opt apparmor=docker-profile alpine I get the following error:
docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"process_linux.go:359: container init caused \\"apparmor failed to apply profile: no such file or directory\\"\"\n".
I tried to reinstall it (based on suggestions here):
rm -rf /etc/apparmor*
apt install apparmor --reinstall
service apparmor restart
service docker restart
It didn't help, I am still getting the same error.
Any suggestion what can be the reason and how to solve it ?
I needed to register the profile by running apparmor_parser -r -W docker.profile.
More information can be found here:
https://docs.docker.com/engine/security/apparmor/