Kyroo0
Reputation: 59
apparmor has been DENIED (edoiting profile)
I am trying to mount device inside docker/kubernetes pod.
I used device plugin to mount, and I am now making profiles for AppArmor this is my code trying to mount
mkdir -p /home/worker/test
cd /home/worker
dd if=/dev/zero of=./test.img bs=10M count=1
mkfs.ext4 test.img
mount -o loop,ro test.img /home/worker/test
audit: type=1400 audit(1658991438.143:123): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="mount" name="/home/worker/test/" pid=3709906 comm="mount" fstype="ext4" srcname="/dev/loop3" flags="ro"
So I added some options to profile, but it still doesn't works
mount fstype=ext3 -> /home/worker/**,
mount fstype=ext4 -> /home/worker/**,
mount options in (r,ro,loop) ,
I think I added all options except "src name" section. Will there be more recommended option?
Upvotes: 0
Views: 455
Answers (0)
Related Questions
- docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded
- Can't apply AppArmor profile on container: "no such file or directory"
- Docker container cannot start due to apparmor, why?
- GKE AppArmor profile is unconfined eventhough the node has it defined and working
- Docker entrypoint permission denied
- kubectl exec "error: unable to upgrade connection: Unauthorized"
- can't get container to take apparmor profile in k8s
- Get apparmor working on docker container
- Docker failing to load apparmor profile upon ubuntu host boot
- polkit-gnome-authentication-agent-1 fail to start in docker without privileged flag