Docker Community Forums

Share and learn in the Docker community.

Apparmor failed to apply profile: no such file or directory


(Elibrit1) #1

Hello,

I have 2 openSUSE Leap 42.2 servers. on one of them any image fails to run, on the other one all works fine.
I saw in the problematic machine other apparmor profiles that are enforced, so I disabled them (ln -s under /etc/apparmor.d/disable/), but still the same.
Both have the same installation.

linux-74:~ # docker run hello-world
Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
b04784fba78d: Pull complete
Digest: sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f
Status: Downloaded newer image for hello-world:latest
container_linux.go:247: starting container process caused "process_linux.go:357: container init caused “apparmor failed to apply profile: no such file or directory”"
docker: Error response from daemon: invalid header field value “oci runtime error: container_linux.go:247: starting container process caused “process_linux.go:357: container init caused \“apparmor failed to apply profile: no such file or directory\””\n”.

I tried to enable debug, but it outputs (on both servers) the following:

linux-74:~ # dockerd -D 2> /home/eli/docker74.log
linux-74:~ # cat /home/eli/docker124.log
time=“2017-07-16T10:44:50.201678874+03:00” level=debug msg="docker group found. gid: 472"
time=“2017-07-16T10:44:50.201784747+03:00” level=debug msg="Listener created for HTTP on unix (/var/run/docker.sock)"
time=“2017-07-16T10:44:50.201957523+03:00” level=fatal msg=“Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specificed the correct address. Got error: exec: “docker-containerd”: executable file not found in $PATH”

Please advise.
Thanks,
Eli

linux-74:~ # zypper se | grep docker
i+ | docker | The Linux container runtime | package
| docker | The Linux container runtime | srcpackage
i | docker-bash-completion | Bash Completion for docker | package
| docker-compose | Define and run complex applications using Docker | package
| docker-compose | Define and run complex applications using Docker | srcpackage
| docker-distribution-registry | Registry server for Docker | package
| docker-test | Test package for docker | package
i | docker-zsh-completion | Zsh Completion for docker | package
| openSUSE-2016-1291 | Recommended update for docker-compose | patch
| openSUSE-2016-1319 | Recommended update for python-docker-py | patch
i+ | openSUSE-2016-1400 | Security update for containerd, docker, runc | patch
| openSUSE-2016-1480 | Optional update for rubygem-docker-api | patch
i+ | openSUSE-2017-181 | Security update for containerd, docker, runc | patch
i+ | openSUSE-2017-321 | Recommended update for docker | patch
i+ | openSUSE-2017-808 | Recommended update for docker | patch
| python-docker-py | Docker API Client | package
| python-docker-py | Docker API Client | srcpackage
| python-docker-py-test | Unit tests | package
| python-docker-pycreds | Python bindings for the docker credentials store API | package
| python-dockerpty | Docker API Client | package
| python3-docker-py | Docker API Client | package
| python3-docker-py-test | Unit tests | package
| ruby2.1-rubygem-docker-api | A simple REST client for the Docker Remote API | package
| ruby2.1-rubygem-docker-api-doc | RDoc documentation for docker-api | package
| ruby2.1-rubygem-docker-api-testsuite | Test suite for docker-api | package
| rubygem-docker-api | A simple REST client for the Docker Remote API | srcpackage
| yast2-docker | YaST2 - GUI for docker management | package
| zypper-docker | Easy patch and update solution for Docker images | package
linux-74:~ #

linux-74:~ # docker info
Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 1
Server Version: 1.12.6
Storage Driver: devicemapper
Pool Name: docker-8:6-788530-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: ext4
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 309.6 MB
Data Space Total: 107.4 GB
Data Space Available: 11.27 GB
Metadata Space Used: 925.7 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.147 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use --storage-opt dm.thinpooldev to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.03.01 (2015-05-15)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host bridge null overlay
Swarm: inactive
Runtimes: oci runc
Default Runtime: runc
Security Options: apparmor
Kernel Version: 4.4.74-18.20-default
Operating System: openSUSE Leap 42.2
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 15.68 GiB
Name: linux-74
ID: KHKB:JYSN:SMNP:S4UJ:BAK3:QWS7:JUBI:377J:KFEZ:WUXH:CFFE:6HMO
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://10.200.201.74:8080/
Https Proxy: http://10.200.201.74:8080/
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
WARNING: No kernel memory limit support
Insecure Registries:
127.0.0.0/8


(Sdrafahl) #2

I have the same issue.