Skip to content

Instantly share code, notes, and snippets.

@tankala

tankala/appArmorDockerProfileCorrpution.md

Created May 23, 2021 11:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tankala/200e9286fde580acdfb38c3f0a737bf2 to your computer and use it in GitHub Desktop.
Save tankala/200e9286fde580acdfb38c3f0a737bf2 to your computer and use it in GitHub Desktop.
Download ZIP
AppArmor docker profile corrpuption problem
Raw
appArmorDockerProfileCorrpution.md

Due to a file corruption or some reason I started getting below error

AppArmor enabled on system but the docker-default profile could not be loaded: strconv.Atoi: parsing "found": invalid syntax

I followed below steps to fix this problem. Please take backup of AppArmor profiles if you created any before running below commands

sudo rm -rf /etc/apparmor*
sudo apt remove --assume-yes --purge apparmor
sudo apt install apparmor
@padaVVan
Copy link

padaVVan commented Aug 9, 2022

Thanks. Its works for me

@ashok-kc
Copy link

ashok-kc commented Aug 9, 2022

Cool. Thank you for acknowledging

@baremarco
Copy link

Muchas gracias, tambien me sirvio

@mahendra150
Copy link

yes is working.

@keksgauner
Copy link

keksgauner commented Feb 14, 2023
edited

Thx it worked

I will write what I had to do
When I did docker-compose up -d as before I got the error

Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: unable to apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/apparmor/exec: no such file or directory: unknown

I thought I would have to update docker to get to docker compose. kinda did it like this (idk if this right)

apt-get remove docker docker-engine docker.io containerd runc
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

But after that I came to this error

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: strconv.Atoi: parsing "found": invalid syntax

I have tried to reinstall appamor
(I have done both decide for yourself what is right)

sudo rm -rf /etc/apparmor*
sudo apt install apparmor --reinstall
sudo service apparmor restart
sudo service docker restart

sudo rm -rf /etc/apparmor*
sudo apt remove --assume-yes --purge apparmor
sudo apt install apparmor

Last came this error

Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output:
error: exec: "apparmor_parser": executable file not found in $PATH

And in the end that helped

 apt install apparmor-utils

And in the end it works again with docker compose up -d

@xaochuk
Copy link

xaochuk commented Feb 16, 2023

Thank you so much, only this helps me.

@jaquelineabreu
Copy link

Obrigada!!!!

@asc0910
Copy link

asc0910 commented Feb 20, 2023

Thanks it worked for me

@ppanon2022
Copy link

The thing is that the files in /etc/apparmor.d come from more than just the apparmor package. There are profile files from packages like isc-dhcp-client, ntp, rsyslog, snapd, tcpdump, and liblxc-common. So what you're doing is wiping out all the MAC security for dhcp-client, ntp, rsyslog, snapd, etc. and weakening O/S security as a result.

@ppanon2022
Copy link

I think https://docs.docker.com/engine/security/apparmor/ provides some indication of the issues with using apparmor and docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment