docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded

Question

I install docker-ce 19.03.3, on ubuntu 19.04 following the installation procedure described on the official website. The installation worked well. But when I wanted to test by creating a container,

I have this error:

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded

running /usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default911109442

failed with output:

'AppArmor parser error for /var/lib/docker/tmp/docker-default911109442 in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'

`

Answer 1

I’m consistently running into this as well: Debian bullseye offers apparmour but I don’t want it so I don’t have it installed, but something (Docker?) loads the kernel module, which defaults to enabled, and Docker does not properly check that the apparmour tools are present when wanting to use it.

Adding the --security-opt apparmor=unconfined makes it not try:

$ docker run -it alpine:latest
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output: 
error: exec: "apparmor_parser": executable file not found in $PATH.
$ docker run --security-opt apparmor=unconfined -it alpine:latest
/ # …

Answer 2

Maybe you don't have AppArmor installed.

Try to do this:

apt install apparmor -y

Then restart the container.

Answer 3

Installing the apparmor-utils package solved it for me 🎉

https://docs.docker.com/engine/release-notes/23.0/#known-issues

Answer 4

Running Ubuntu 20.04 LTS, just ran a 'apt update' then 'apt dist-upgrade', got a similar error starting docker. Normally I remove apparmor, as was the case here. I had to re-install apparmor then remove it before docker containers would start.

Answer 5

I installed a new version of Linux Mint 20 Ulyana on a partition of a new drive (with my home directory synced to a different partition), and found Apparmor would not start, and docker would not run with any containers, not even hello_word. The errors all mentioned apparmor. I found that many of the files in

/etc/apparmor.d/

had text to line 7, but showed binary symbols for line 7. I found that the config could be recreated by running:

$ sudo dpkg-reconfigure apparmor

after which the config files in

/etc/apparmor.d/

were all text. Then apparmor would start with

$ /etc/init.d/apparmor restart

Then my docker containers ran again.

Answer 6

You have your answer in this docker issue: https://github.com/moby/moby/issues/20554

You just have to create this file: /etc/apparmor.d/tunables/proc

And put this line inside:

@{PROC}=/proc/