Can't run docker containers after upgrade to v6. AppArmor missing"

I am seeing the same issues as well this morning.

root@openmediavault:~# dpkg -l | grep -E "docker|apparmor"
ii  docker-ce                          5:23.0.0-1~debian.11~bullseye amd64        Docker: the open-source application container engine
ii  docker-ce-cli                      5:23.0.0-1~debian.11~bullseye amd64        Docker CLI: the open-source application container engine
ii  docker-compose-plugin              2.15.1-1~debian.11~bullseye   amd64        Docker Compose (V2) plugin for the Docker CLI.
ii  libapparmor1:amd64                 2.13.6-10                     amd64        changehat AppArmor libraryroot@openmediavault:~#

I am pretty sure I remember Home Assistant requiring it so it may have been installed when I was running it in their supervised mode. But I have moved it to a new machine so it's no longer needed.

this is what I see when I go to remove it, is it safe to proceed?

root@openmediavault:~# apt remove libapparmor1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  acl beep bind9-host bind9-libs bsdmainutils btrfs-progs chrony collectd collectd-core cpufrequtils
  cron-apt dctrl-tools distro-info-data dmeventd f2fs-tools folder2ram fontconfig fontconfig-config
  fonts-dejavu-core gdisk hdparm jfsutils jq libaio1 libarchive-zip-perl libavahi-client3
  libavahi-common-data libavahi-common3 libavahi-core7 libcairo2 libcpufreq0 libcups2 libdaemon0
  libdatrie1 libdbi1 libdbus-1-3 libdeflate0 libdevmapper-event1.02.1 libfontconfig1 libfstrm0 libgd3
  libgeoip1 libglib2.0-0 libgraphite2-3 libharfbuzz0b libhiredis0.14 libinih1 libjbig0 libjpeg62-turbo
  libjq1 libjs-jquery libjs-sphinxdoc libjs-underscore libldb2 liblmdb0 liblvm2cmd2.03 liblzo2-2
  libmagic-mgc libmagic1 libmaxminddb0 libmemcached11 libnetplan0 libnginx-mod-http-geoip
  libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
  libnginx-mod-stream-geoip libnl-3-200 libnl-genl-3-200 libnl-route-3-200 libnorm1 libnspr4
  libnss-myhostname libnss3 libntfs-3g883 libnutscan1 libonig5 libossp-uuid16 libpango-1.0-0
  libpangocairo-1.0-0 libpangoft2-1.0-0 libpcsclite1 libpgm-5.3-0 libpixman-1-0 libprotobuf-c1
  libpython3.9 librrd8 libsodium23 libtalloc2 libtdb1 libtevent0 libthai-data libthai0 libtiff5
  libupsclient4 liburing1 libusb-0.1-4 libuv1 libwbclient0 libwebp6 libx11-6 libx11-data libxau6
  libxcb-render0 libxcb-shm0 libxcb1 libxdmcp6 libxext6 libxml2 libxpm4 libxrender1 libxslt1.1 libyaml-0-2
  libzmq5 linux-image-5.19.0-0.deb11.2-amd64 lsb-release lsof lvm2 mergerfs monit ncal nginx nginx-common
  nginx-core ntfs-3g nut nut-client nut-server patch php-bcmath php-cgi php-common php-mbstring php-pam
  php-xml php-yaml php7.4-bcmath php7.4-cgi php7.4-cli php7.4-common php7.4-json php7.4-mbstring
  php7.4-opcache php7.4-readline php7.4-xml python-apt-common python3-apt python3-cached-property
  python3-certifi python3-chardet python3-click python3-colorama python3-dateutil python3-dbus
  python3-dialog python3-distro python3-dnspython python3-idna python3-jinja2 python3-ldb python3-lxml
  python3-markupsafe python3-msgpack python3-natsort python3-netifaces python3-pkg-resources python3-polib
  python3-psutil python3-pycryptodome python3-pyudev python3-requests python3-samba python3-six
  python3-systemd python3-talloc python3-tdb python3-urllib3 python3-yaml python3-zmq quota quotatool
  rrdcached rrdtool rsync salt-common salt-minion samba samba-common samba-common-bin samba-libs
  samba-vfs-modules sdparm smartmontools sshpass tdb-tools uuid wpasupplicant wsdd xfsprogs xmlstarlet
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  initscripts insserv startpar sysv-rc
Suggested packages:
  bootchart2
The following packages will be REMOVED:
  avahi-daemon dbus init libapparmor1 libnss-mdns libnss-systemd netplan.io openmediavault
  openmediavault-cputemp openmediavault-diskstats openmediavault-flashmemory openmediavault-mergerfs
  openmediavault-nut openmediavault-omvextrasorg openmediavault-sharerootfs openmediavault-symlinks
  php-fpm php7.4-fpm systemd systemd-sysv
The following NEW packages will be installed:
  initscripts insserv startpar sysv-rc
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
  init systemd-sysv (due to init)
0 upgraded, 4 newly installed, 20 to remove and 0 not upgraded.
Need to get 186 kB of archives.
After this operation, 39.9 MB disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
 ?]

Ok

Here is docker info and it shows it in there.

root@openmediavault:~# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  v2.15.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 45
  Running: 0
  Paused: 0
  Stopped: 45
 Images: 91
 Server Version: 23.0.0                                                                                      Storage Driver: overlay2
  Backing Filesystem: extfs                                                                                   Supports d_type: true
  Using metacopy: false                                                                                       Native Overlay Diff: true
  userxattr: false                                                                                           Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 31aa4358a36870b21a992d3ad2bef29e1d693bec
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.0.0-0.deb11.6-amd64
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 23.46GiB
 Name: openmediavault
 ID: ONVL:OYRM:EHSM:BXBZ:UTJT:32ZP:7QWU:TODK:EFQY:WZYG:YUBZ:5WEF
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

root@openmediavault:~#

And the output of

root@openmediavault:~# apt-get purge apparmor apparmor-utils auditd

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Package 'apparmor' is not installed, so not removed

Package 'apparmor-utils' is not installed, so not removed

Package 'auditd' is not installed, so not removed

The following package was automatically installed and is no longer required:

  linux-image-5.19.0-0.deb11.2-amd64

Use 'apt autoremove' to remove it.

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Zitat von ParadingLunatic

I appear to be having this exact same issue suddenly after an update of docker this morning.

Apparmor isn't installed, docker is detecting it. The only apparmor package is the libapparmor package.

I would like to avoid installing apparmor.

I initially installed docker via omv-extras>docker.

I'm running kernel 5.15 on OMV 6

Alles anzeigen

Same here: Docker packages updated via OMV GUI as normal, though afterwards containers didn't restart. Reboot didn't help. Logs indicate same Apparmor error.

Apart from clicking the normal update, nothing else has been changed on a system running / working for many months.

Also haven't (knowningly) installed AppArmor.

= whatever the issue, based on my experience and those of a few others in the past hour or so, seems to have been triggered by the updated Docker package(s).

TIA.

same problem here on 2 different OMV NAS

Zitat von ryecoaaron

docker installed via omv-extras doesn't install it. If your system is trying install it, it is a dependency of something else.

aaron@omv6dev:~$ dpkg -l | grep -E "docker|apparmor"

ii docker-ce 5:20.10.23~3-0~debian-bullseye amd64 Docker: the open-source application container engine

ii docker-ce-cli 5:20.10.23~3-0~debian-bullseye amd64 Docker CLI: the open-source application container engine

ii docker-compose-plugin 2.15.1-1~debian.11~bullseye amd64 Docker Compose (V2) plugin for the Docker CLI.

ii libapparmor1:amd64 2.13.6-10 amd64 changehat AppArmor library

ii python3-docker 4.1.0-1.2 all Python 3 wrapper to access docker.io's control socket

I would like to see the output of omv-extras installing docker and if it does install apparmor, the output of trying to uninstall apparmor.

Alles anzeigen

root@nas:~# dpkg -l | grep -E "docker|apparmor"

ii docker-ce 5:23.0.0-1~debian.11~bullseye amd64 Docker: the open-source application container engine

ii docker-ce-cli 5:23.0.0-1~debian.11~bullseye amd64 Docker CLI: the open-source application container engine

ii docker-compose 1.25.0-1 all Punctual, lightweight development environments using Docker

ii docker-ctop 0.7.7 amd64 Top-like interface for container metrics

ii libapparmor1:amd64 2.13.6-10 amd64 changehat AppArmor library

ii python3-docker 4.1.0-1.2 all Python 3 wrapper to access docker.io's control socket

ii python3-dockerpty 0.4.1-2 all Pseudo-tty handler for docker Python client (Python 3.x)

I'm really not sure what it was working, and after the update, I'm having apparmor issues.

Having the same apparmor problem with docker after updating in the OMV gui

I just ran into this same issue with apparmor after upgrade from 6.1 to 6.2 abt 2 hours before writing this post. I came to omv forum and found this post with no real answer so I started looking in a different direction.

For those who are interested the solution below work for me I found the default template and the info about the profile on the website below.

How to disable apparmor to docker-default profile on Ubuntu/Debian?

AppArmor (“Application Armor”) is a Linux kernel security module that allows the system administrator to restrict programs’ capabilities with per-program…

lucascavalare.github.io

Upgrade to omv 6.2.0-1 Shaitan | 64 bit on Linux 6.0.0-0.deb11.6-amd64

omvextras and docker compose 5:23.0.0-1~debian.11~bullseye

Created this configuration file in /etc/apparmor.d/docker-default

1. Go to the "So How I Delal with That" section of lucas website from the link above

2. Copy and past to the config file you created

3. then i installed apparm "sudo apt-get install apparmor-utils"

4. re-installed portainer through omvextras plugin

5. I am now able to see all containers, restart them and they all work, reboot OMV and check again and all was still working with the default_docker profile.

HOPE if works for you as well

I just did the following steps and it fixed it:

sudo apt install apparmor -y
sudo service apparmor restart
sudo service docker restart

Zitat von Quick_Parsley_6482

I just did the following steps and it fixed it:

Code

sudo apt install apparmor -y
sudo service apparmor restart
sudo service docker restart

that helped, thanks. after system reboot containers also starts

Zitat von Quick_Parsley_6482

I just did the following steps and it fixed it:

Code

sudo apt install apparmor -y
sudo service apparmor restart
sudo service docker restart

Thanks. I followed these steps and was able to run portainer after a reboot.

Zitat von Quick_Parsley_6482

I just did the following steps and it fixed it:

Code

sudo apt install apparmor -y
sudo service apparmor restart
sudo service docker restart

Just one question, maybe ryecoaaron can answer: I read a lot about not installing apparmor package is not recommended with a OMV install. I see a lot of users installed it and they are happy that their docker containers work again - and they don't complain about further issues (at least I could not find it). Is there any good reason to avoid installing apparmor if it does the job? Securitywise for example? Is it more likely to break the docker install done via OMV?