Apparmor profile not blocking various things

General
1

Hello,

I’m digging into AppArmor at the moment and tried the nginx example of the docs. So basically I create a /etc/apparmor.d/docker-nginx profile, load it in complain mode with sudo apparmor_parser -r -W -C /etc/apparmor.d/docker-nginx and afterwards start a docker nginx container, that uses this profile:

sudo docker run --security-opt "apparmor=docker-nginx" -p 80:80 -d --name apparmor-nginx nginx

Using aa-status I can see that the profile is loaded, the docker process is running with it in complain mode.
Everything works as expected - browsing to http://127.0.0.1:80 on the host brings me to the nginx site.

So I tried adjusting the profile and just removed the following line:

capability net_bind_service,

Which should return in the container not being able to bind to Port 80 (or any Port below 1024).
To be sure, that I have a clean start, I first took the container down:

sudo docker stop apparmor-nginx && sudo docker rm apparmor-nginx

I made a simple aa-teardown followed by a reload of the profile: sudo apparmor_parser -r -W -C /etc/apparmor.d/docker-nginx

Afterwards, starting the container again resulted in a working container with no complaints in my audit log (and aa-logprof doesn’t show any complaints). I could browse to http://127.0.0.1:80 without problems.
Setting the profile to enforce mode:

sudo aa-enforce /etc/apparmor.d/docker-nginx

and bringing the container down and up again, doesn’t change the situation.
I also tried to deny network access and deleted the following lines of the original profile:

  network inet tcp,
  network inet udp,
  network inet icmp,

which by itself should result in a block of all network access. To be sure I did a:

  deny network,

Nevertheless the container starts as usual and I can even do a curl docker.com in the container and just see some “curl access” apparmor warning (in complain mode). If I allow these I can simply do a curl - despite the denied network access.

Can anybody tell me, what’s going on here and why AppArmor doesn’t confine the container as it should?
I’m on Arch Linux - if this matters.
Thanks
Peter