Hi

I see that apparmor is missing in the ubuntu/debian docker image though it seemed to be enabled in the kernel by default (Security - AppArmor | Ubuntu). Probably this is the case with other linux distributions also.

The options
apparmor=1 security=apparmor
seems necessary in the grub command to enable it in the kernel. Are there any docker options to enable it in the container ?

Even when I mounted the securityfs under /sys/kernel/security, the apparmor module is missing under /sys/kernel/security

mount -t securityfs securityfs /sys/kernel/security

Are there any options to be presented to the docker run to have the apparmor enabled in the kernel in the container image ?

Without this option the apparmor userspace can’t be activated.