docker not working since omv-upgrade

Zitat von KM0201

I don't think that's a wise approach. It's like refusing to get your oil changed because you're worried about a check engine line.

The fix for this is literally less than 10sec.

should not have to apply manual fixes after an update

Zitat von Draky50110

No change

Error on Firefox : PR_END_OF_FILE_ERROR when accessing qbittorrent WebUI.

The grub fix just changes an apparmour boot option and the docker reinstall is just so docker is configured for that option.

When I did the patch on my system, I did notice that some containers were still not running right so I had to re-create them. If you are using portainer, the easiest way is to just hit the re-create button on the setting page for each container. You will not loose anything, the container will just get rebuilt.

For anyone following, if you can keep your finger off the update button it looks like a fix on the docker side is in the works:

Daemon does not start without apparmor · Issue #44900 · moby/moby

Description Running on Debian 11 Bullseye, and using deb https://download.docker.com/linux/debian bullseye stable in sources.list.d. After upgrade from version…

github.com

Zitat

FYI, this was discussed in today's maintainer call and a revert to the apparmor startup logic is being fast-tracked for a 23.0.1 release: #44902 (comment)

Zitat von prplhaz4

For anyone following, if you can keep your finger off the update button it looks like a fix on the docker side is in the works:

https://github.com/moby/moby/i…0#issuecomment-1420032331

That’s good to hear.

For those of us that installed the grub patch, it should be easy to reverse by just removing the apparmor flag file that ryecoaaron ’s instructions created and then updating grub again. Those that installed apparmor and apparmor-utils should be able to just uninstall them.

I have applied the grub fix, and I still get the apparmor error when starting the docker containers.

I have tried multiple times, and tried uninstalling and re-installing docker.

Zitat

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output:

error: exec: "apparmor_parser": executable file not found in $PATH

EDIT:

docker info still shows apparmor under Security Options as well.

Zitat von wbilger

I have applied the grub fix, and I still get the apparmor error when starting the docker containers.

I have tried multiple times, and tried uninstalling and re-installing docker.

EDIT:

docker info still shows apparmor under Security Options as well.

ryecoaaron can correct me if I’m wrong, but this is the way I understand it.

If you install from the OMV iso, apparmor is not installed, so his grub fix is just disabling a boot flag the docker is looking at and thinking apparmor is installed, but since it’s not docker has a problem.

If you used a Debian minimal net install and the omv install script, apparmor is installed by Debian, but apparmor-utils is not, and it is apparmor-utils that, once installed, corrects the issue.

You need to apply the correct fix based on how you installed.

You can correct me, but since you are seeing apparmor as installed, you probably installed via the Debian net install and omv script, and as such you should probably undo the grub patch and install apparmor-utils

Zitat von BernH

ryecoaaron can correct me if I’m wrong, but this is the way I understand it.

If you install from the OMV iso, apparmor is not installed, so his grub fix is just disabling a boot flag the docker is looking at and thinking apparmor is installed, but since it’s not docker has a problem.

If you used a Debian minimal net install and the omv install script, apparmor is installed by Debian, but apparmor-utils is not, and it is apparmor-utils that, once installed, corrects the issue.

You need to apply the correct fix based on how you installed.

You can correct me, but since you are seeing apparmor as installed, you probably installed via the Debian net install and omv script, and as such you should probably undo the grub patch and install apparmor-utils

Alles anzeigen

I installed OMV 5 from ISO, and did a manual upgrade to 6.
I also remember having issues (don't remember what it was) and had to re-run the omv script, so not sure if that is the same thing.

EDIT:

apparmor is not installed if that means anything.

docker info

Zitat

Server Version: 20.10.23

Security Options:

apparmor

dpkg -l | grep apparmor

Zitat

ii libapparmor1:amd64 2.13.6-10 amd64 changehat AppArmor library

I originally installed OMV 5 and upgraded to OMV 6 when it was released. Seems to me the old docker (v20) also thought I had apparmor installed. Guess we will see if switching logic from 23 to 20 in the new PR will "fix" this. I have held off from updating because of this shenanigans.

Zitat von wbilger

I installed OMV 5 from ISO, and did a manual upgrade to 6.
I also remember having issues (don't remember what it was) and had to re-run the omv script, so not sure if that is the same thing.

EDIT:

apparmor is not installed if that means anything.

Zitat von BernH

ryecoaaron can correct me if I’m wrong, but this is the way I understand it.

If you install from the OMV iso, apparmor is not installed, so his grub fix is just disabling a boot flag the docker is looking at and thinking apparmor is installed, but since it’s not docker has a problem.

If you used a Debian minimal net install and the omv install script, apparmor is installed by Debian, but apparmor-utils is not, and it is apparmor-utils that, once installed, corrects the issue.

You need to apply the correct fix based on how you installed.

You can correct me, but since you are seeing apparmor as installed, you probably installed via the Debian net install and omv script, and as such you should probably undo the grub patch and install apparmor-utils

Alles anzeigen

If I check "cat /proc/cmdline" it shows the follwoing, so the grub workaround does not seem to be working for me, any idea why?

Zitat

cat /proc/cmdline

BOOT_IMAGE=/boot/vmlinuz-5.10.0-0.bpo.15-amd64 root=UUID=418335aa-4d5a-495e-82f0-99c7d8040645 ro quiet

Zitat von ryecoaaron

Are you on OMV 5? While it should work for that version, I didn't test.

No. I originally installed 5 from iso, I upgraded to 6 manually.

I suspect the manual upgrade from OMV5, which if I recall correctly call for a do-release-upgrade may have actually installed apparmor, so the other fix may be the one that is needed.

Personally, I have never really trusted the upgrade paths and have always installed fresh for major versions.

Zitat von ryecoaaron

omv-release-upgrade from 4 to 5 to 6 on one of my machines didn't install apparmor.

Post the output of the following:

dpkg -l | grep -E "grub|apparmor|linux-image"

cat /etc/default/grub

cat /etc/default/grub.d/apparmor.cfg

sudo update-grub

Alles anzeigen

dpkg -l | grep -E "grub|apparmor|linux-image"

ii  grub-common                         2.06-3~deb11u5                 amd64        GRand Unified Bootloader (common files)
ii  grub-legacy                         0.97-77                        amd64        GRand Unified Bootloader (Legacy version)
rc  grub-pc                             2.06-3~deb10u3                 amd64        GRand Unified Bootloader, version 2 (PC/BIOS version)
ii  grub-pc-bin                         2.06-3~deb11u5                 amd64        GRand Unified Bootloader, version 2 (PC/BIOS modules)
rc  grub2-common                        2.06-3~deb10u3                 amd64        GRand Unified Bootloader (common files for version 2)
ii  libapparmor1:amd64                  2.13.6-10                      amd64        changehat AppArmor library
ii  linux-image-5.10.0-0.bpo.15-amd64   5.10.120-1~bpo10+1             amd64        Linux 5.10 for 64-bit PCs (signed)
rc  linux-image-5.10.0-0.deb10.16-amd64 5.10.127-2~bpo10+1             amd64        Linux 5.10 for 64-bit PCs (signed)

cat /etc/default/grub

# If you change this file, run 'update-grub' afterwards to update

# /boot/grub/grub.cfg.

# For full documentation of the options in this file, see:

#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=4
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX=""

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"
GRUB_DISABLE_SUBMENU=y

cat /etc/default/grub.d/apparmor.cfg

GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"

sudo update-grub

Searching for GRUB installation directory ... found: /boot/grub
WARNING: tempfile is deprecated; consider using mktemp instead.
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
WARNING: tempfile is deprecated; consider using mktemp instead.
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-5.10.0-0.bpo.15-amd64
Found kernel: /boot/vmlinuz-5.10.0-0.bpo.5-amd64
Updating /boot/grub/menu.lst ... done